Five Things in Fedora This Week -- LAST WEEK edition (2014-04-15)

Mon Apr 21 13:46:16 UTC 2014

In all of the hubbub of Red Hat Summit, I forgot to post this to the
mailing lists. Well, better late than never, I guess. Here's last
week's Five Things in Fedora This Week, reposted from
http://fedoramagazine.org/five-things-in-fedora-this-week-2014-04-15/

Fedora is a big project, and it’s hard to follow it all. This series
highlights interesting happenings in five different areas every week.
It isn’t comprehensive news coverage — just quick summaries with links
to each. Here are the five things for April 15th, 2014:

Live from Red Hat Summit
------------------------

I'm posting this from the Fedora booth at Red Hat Summit in San
Francisco. The Summit is Red Hat's annual showcase conference, and of
course we have a good Fedora presence. Fedora Project Leader Robyn
Bergeron is on the scene; Ruth Suehle is setting up a demo on the big
TV behind us; and Tom Callaway has the Lulzbot up and making 3D prints.
If you're at Summit, come by and say hello, ask questions, tell us
answers, and so on. (Except, don't, because, remember, this was
actually last week.)

  * http://www.redhat.com/summit/
  * https://www.lulzbot.com/

Testing Rawhide
---------------

Rawhide is Fedora's continuously updated development tree. Long ago, it
came with the scary warning that it would "eat babies" and other
horrible things, but that's been *gone* from the official line for
about five years now. In fact, if you're up for a little adventure (and
have a second computer to get work done if it goes wrong), we'd love
you to help test.

Fedora QA Community Monkey¹ Adam Williamson recently revamped the
Rawhide wiki page to be more useful and clear, and launched an
initiative for quality assurance volunteers to do ongoing validation
testing so any problems are caught long before release. If this sounds
interesting, join the Fedora QA team and help out.

I run Rawhide on my main desktop system but not my travel laptop; that
way, I can always get some work done even when there's a problem. But,
really, it's been mostly painless. I recommend keeping active on the
mailing lists and checking the Rawhide Watch and This Week in Rawhide
blogs daily.

  * https://lwn.net/Articles/320669/
  * https://fedoraproject.org/wiki/Releases/Rawhide
  * https://lists.fedoraproject.org/pipermail/test/2014-April/120931.html
  * https://fedoraproject.org/wiki/QA
  * http://rawhidewatch.wordpress.com/
  * http://www.scrye.com/wordpress/nirik/category/rawhide/

(1. That's Adam's semi-official title.)

Fedora Heartbleed Followup
--------------------------

Last week's main excitement — not just in Fedora! — was the
"Heartbleed" vulnerability in OpenSSL, referred to by the
industry-standard Common Vulnerabilities and Exposures identifier
`CVE-2014-0160`. (If you missed the official Fedora updates, see Update
on CVE-2014-0160, aka “Heartbleed” and Fedora Infrastructure
information on Openssl vulnerability.)

I think our response to this went fairly well overall, but there's
always something to be learned from these incidents and things we could
do better. There are two specific areas where I think we could improve.
First, our normal process of releasing updates requires a lot of data
crunching. I think it'd be useful to have a separate "urgent updates"
repository that would enable us to get updates to users more quickly
once they are ready to go. Second, it would be nice to have a standard
process for getting packagers, a communications team, security experts,
quality assurance, release engineers, and other responders "on the
scene" quickly — a sort of "Fedora bat-signal." Both of these ideas
need some development, of course.

Another important thing we can do in advance is develop more test cases
for key software. These can be followed as part of making sure updates
are good to be pushed to users, rather than relying on ad hoc
assessments ("works for me!"). This is an area where anyone can
contribute — you don't have to be a coder or a package maintainer. Pick
a package that's interesting to you and take a look at the instructions
for creating a test case.

  * http://cve.mitre.org/
  * http://fedoramagazine.org/update-on-cve-2014-0160-aka-heartbleed/
  * http://wp.me/p3XX0v-nH
  * https://fedorahosted.org/rel-eng/ticket/5886
  * https://fedorahosted.org/fesco/ticket/1278
  *  http://fedoraproject.org/wiki/QA:SOP_test_case_creation

Fedocal — the Fedora Project calendar
-------------------------------------

A couple of weeks ago, I mentioned that the Fedora wiki is weighed down
by too many different uses. One of those uses is scheduling: wiki pages
and wiki tables are used as editable calendars. If you've ever tried to
update one of these, you know that it can be painful. But we have a
better tool: Fedocal.

Fedora hackers Pierre-Yves Chibon (a.k.a. pingou) and Ralph Bean
(threebean) recently added location support, which means that IRC-based
meetings can use that for scheduling. In general, if you're scheduling
something in Fedora, this is the tool to use. Let's avoid further wiki
abuse!

  * http://fedocal.readthedocs.org/en/latest/
  * https://apps.fedoraproject.org/calendar/
  * https://apps.fedoraproject.org/calendar/locations/
  * https://fedoraproject.org/wiki/Meeting_channel

Upcoming FUDCons
----------------

Although the North American and European events are replaced by Flock
to Fedora, our Fedora User and Developer Conferences are going strong
worldwide. Upcoming events include FUDCon Beijing 2014 and FUDCon
Managua 2014 in Nicaragua. 

Also, speaking of Flock, don't forget to vote on session proposals.

  * http://flocktofedora.org/
  * https://fedoraproject.org/wiki/FUDCon:Beijing_2014
  * https://fedoraproject.org/wiki/FUDCon:Managua_2014
  * https://admin.fedoraproject.org/voting

Thanks this week to Ankur Sinha for feeding me notes from Fedora
Ambassadors meetings!

-- 
Matthew Miller    --   Fedora Project    --    <mattdm at fedoraproject.org>
                                  "Tepid change for the somewhat better!"