Fedora Weekly News #163

Pascal Calarco pcalarco at nd.edu
Mon Feb 16 16:33:08 UTC 2009

Fedora Weekly News Issue 163

Welcome to Fedora Weekly News Issue 163 for the week ending February 
15th, 2009.


This week's issue provides some detail on the upcoming Fedora Activity 
Day (FAD) at Southern California Linux Expo (SCaLE), many posts from the 
Fedora Planet blogosphere, and selected wonderful event reports from 
FOSDEM. We welcome a brand new Quality Assurance beat this issue, with 
coverage of the latest test day focusing on iSCSI for Fedora 11, summary 
of the latest QA weekly meeting, and discussion of the process for 
critical-release bugs. In Development news, discussion of FLOSS 
multimedia codec support in Fedora, preview looks at F11 release notes, 
and the availability of CrossReport, a tool to evaluate the ease with 
which applications can be ported to Windows using the MinGW libraries. 
 From the Translation team, updates and details on the infrastructure 
roadmap for translation, and migration of Damned Lies to the new 
Django-based interface. Infrastructure reports availability of WordPress 
multi-user for Fedora sub-projects, and planning for cgit as a 
replacement for gitweb on hosted2. Artwork has updates on the continuing 
evolution of Fedora 11 artwork. The Security Week beat examines recent 
discussion on Slashdot regarding 'how to argue the security of open 
source software,' and this issue wraps up with a summary of the security 
advisories for Fedora 9 and 10 over this past week. Enjoy!

If you are interested in contributing to Fedora Weekly News, please see 
our 'join' page[1]. We welcome reader feedback: fedora-news-list at redhat.com

FWN Editorial Team: Pascal Calarco, Oisin Feeley, Huzaifa Sidhpurwala

[1] http://fedoraproject.org/wiki/NewsProject/Join

-- Announcements --

In this section, we cover announcements from the Fedora Project.




Contributing Writer: Max Spevack

--- Slow News Week ---

It was a quiet week on the announcements front, with nothing more than a 
few outage notifications being sent to the primary Fedora announcements 
mailing lists.

Your correspondent promises to make an announcement this week, so that 
this space may be used to its full potential in next week's issue.

--- Upcoming Events ---

2009-02-20: Fedora Activity Day @ SCaLE[1]

2009-02-20 - 2009-02-22: Southern California Linux Expo (SCaLE)[2]

Also, people are encouraged to register for Fedora or JBoss.org related 
speaking slots at LinuxTag 2009.[3]

    1. http://fedoraproject.org/wiki/Fedora_Activity_Day_at_SCaLE_7x
    2. http://fedoraproject.org/wiki/SCaLE_7x_Event
    3. http://fedoraproject.org/wiki/FUDCon_Berlin_and_LinuxTag_2009_talks

-- Planet Fedora --

In this section, we cover the highlights of Planet Fedora - an 
aggregation of blogs from Fedora contributors worldwide.


Contributing Writer: Adam Batkin

--- Activism Alert ---

Oron Peled wrote[1] about a proposed new IETF standard for "Transport 
Layer Security (TLS) Authorization Extensions" which may be 
patent-encumbered before it is even approved.

Paul W. Frields appealed[2] for prior art against a patent that covers a 
user interface that has multiple workspaces (filed 1987-03-25).

--- General ---

Dave Jones announced[3] some changes to the Fedora kernel packaging "to 
drop the regular 686 kernels. As of Fedora 11, the only 32-bit kernels 
built are '586' and '686-PAE' (and their -debug variants)."

Lennart Poettering described[4] some of the new changes in the latest 
PulseAudio 0.9.15 release, including Flat Volumes, On-the-fly 
Reconfiguration of Devices (aka "S/PDIF Support"), Native support for 
24bit samples and support for Airport Express.

David Nalley wrote[5] about the Fedora Ambassadors giving away free XO 
laptops! To qualify, either "Package and maintain a sugar-* package for 
2 releases or more" or "Build a Sugar activity that helps meet the 'holy 
list of 4th grade maths[6]'".

Andrew Overholt announced[7] the release of the Linux Tools project for 
Eclipse. The release has lots of features from profiling and tracing 
with SystemTap to autoconf and RPM spec file editor (with autocomplete) 

Jef Spaleta expressed[8] mild excitement at Canonical's "Renewed focus 
on suspend resume". In a later post, he wrote[9] about comparing Linux 
(and even OSX) user experiences with respect to functionality 
regressions after an update.

Seth Vidal mused[10] on the fact that a poster on Planet Gnome[11] had 
said that "Fedora is held to a higher standard" than certain other 

Harish Pillay reacted[12] to an IDC report claiming "Proprietary 
software products are much better documented than open source because of 
the volunteer nature of open source software development".

    2. http://marilyn.frields.org:8080/~paul/wordpress/?p=1490
    3. http://www.codemonkey.org.uk/2009/02/09/fedora-kernel-packaging/
    4. http://0pointer.de/blog/projects/oh-nine-fifteen.html
    5. http://www.nalley.sc/david/?p=196
    6. http://sugarlabs.org/go/User:Gdk/4th_Grade_Maths
    7. http://overholt.ca/wp/?p=117
    8. http://jspaleta.livejournal.com/34551.html
    9. http://jspaleta.livejournal.com/34592.html
   11. http://planet.gnome.org/
   12. http://harishpillay.livejournal.com/139904.html

--- How-To ---

Devan Goodwin explained[1] how to perform bandwidth-limited secure 
encrypted backups using duplicity and Amazon's S3 Storage Service.

Mohd Izhar Firdaus Ismail described[2] how to enable "Disk snapshot 
backup in Linux".

Lennart Poettering requested[3] that D-Bus interfaces be properly 
versioned, and described some best-practices including the hows and whys.

    2. http://blog.kagesenshi.org/2009/02/disk-snapshot-backup-in-linux.html
    3. http://0pointer.de/blog/projects/versioning-dbus.html

--- Events ---

Once again: So many people have written about attending FOSDEM that it 
would take an entire issue of FWN post all of the links. Instead an 
arbitrarily selection will be randomly chosen.







And on a slightly different note, Arindam Ghosh wrote[1] about (and 
posted photos of) Mikti'09[2].

    1. http://arindamghosh.wordpress.com/2009/02/10/mukti09-event-report/
    2. http://mukti09.in/

-- Ambassadors --

In this section, we cover Fedora Ambassadors Project.


Contributing Writer: Larry Cafiero

--- FAD SCaLE coming up 2009-02-20 ---

The Fedora Activity Day[1] at the Southern California Linux Expo 
(SCaLE)[2] will be from 9am - 6pm on 2009-02-20 at the Westin Airport 
Los Angeles, in Los Angeles, California.

There will be breaks and such, but the FAD will be treated much like a 
sprint. We're here to get something accomplished -- specifically font 
packaging and documentation -- so come on by and help us out for an hour 
or all day. We'd love to have you there!

Also, if you can make SCaLE from the Southern California area, stop by 
the Fedora booth.

SCaLE takes place on this weekend at the Westin Airport Los Angeles. For 
more information, visit the Southern California Linux Expo site[3].

    1. http://fedoraproject.org/wiki/Fedora_Activity_Day_at_SCaLE_7x
    2. http://scale7x.socallinuxexpo.org/
    3. http://scale7x.socallinuxexpo.org

--- Got Ambassador News? ---

Any Ambassador news tips from around the Fedora community can be 
submitted to me by e-mailing lcafiero-AT-fedoraproject-DOT-org and I'd 
be glad to put it in this weekly report.

-- QualityAssurance --

In this section, we cover the activities of the QA team[1].

Contributing Writer: Adam Williamson

    1. http://fedoraproject.org/wiki/QA

--- Test Days ---

This week's regular test day[1] was on iSCSI[2]. Martin Sivak and Hans 
de Goede represented the developers, and testing was lead by Marian 
Ganisin with assistance from Chris Williams, Mike Anderson, Michael 
Christie and James Laska. Test cases worked on during the test day can 
be seen on the page. Please record any additional test ideas or 
considerations at Exploratory Testing iSCSI. Consult the quick start 
guide[3] for creating a software-based iscsi target for use with testing.

Next week's test day[4] will be on the 20 Second Startup[5] feature 
planned for Fedora 11. It will be held on 2009-02-19 in the #fedora-qa 
channel on Freenode IRC. Please drop by if you would like to help test 
and improve boot speed for Fedora 11.

    1. http://fedoraproject.org/wiki/QA/Test_Days/2009-02-12
    2. http://fedoraproject.org/wiki/Anaconda/Features/iSCSI
    3. http://fedoraproject.org/wiki/Scsi-target-utils_Quickstart_Guide
    4. http://fedoraproject.org/wiki/QA/Test_Days/2009-02-19
    5. http://fedoraproject.org/wiki/Features/20SecondStartup

--- Weekly meetings ---

The QA group weekly meeting[1] was held on 2009-02-11. The full log is 
available[2]. Will Woods gave a status report on the progress of the 
autoqa[3] project, which is working on creating automated test scripts 
to run whenever certain events happen. He also reported on progress with 
the Nitrate[4] project, which is for collecting test cases and test 
plans and compiling results from running them. Jóhann Guðmundsson asked 
if it will be possible to pull existing test cases from the current 
Wiki-based system into Nitrate when it is released, and Will Woods said 
this is likely to be possible.

The Bugzappers group weekly meeting[5] was held on February 10th. The 
group agreed that the current list of most-important components should 
be updated, and Edward Kirk will do this. Edward Kirk, Brennan Ashton 
and Adam Williamson (links) agreed that simple goals should be set for 
the group, but did not reach final agreement on what these should be. 
Adam Williamson suggested that Bug Days be revived and made weekly, and 
this idea was supported by Edward Kirk and Brennan Ashton.

The next QA weekly meeting will be held on 2009-02-18 at 1600 UTC in 
#fedora-qa, and the next Bugzappers weekly meeting on 2009-02-17 at 1700 
UTC in #fedora-bugzappers.

    1. http://fedoraproject.org/wiki/QA/Meetings
    2. http://wwoods.fedorapeople.org/fedora-qa/fedora-qa-20090211.log.html
    3. http://git.fedorahosted.org/git/?p=autoqa.git;a=summary
    4. http://fedorahosted.org/nitrate
    5. http://fedoraproject.org/wiki/BugZappers/Meetings

--- Wiki re-organization ---

Work continued on the ongoing project to rewrite and re-organize the 
main pages in the QA team's Wiki space[1]. Adam Williamson, Jóhann 
Guðmundsson, Christopher Beland and Leam Hall all contributed ideas, 
suggestions and drafts.[2][3]

    1. http://fedoraproject.org/wiki/QA

--- Release-critical bug process ---

Adam Williamson initiated a discussion[1] regarding the process for 
handling release-critical bugs. Matej Cepl, James Laska, Jesse Keating, 
and John Poelstra contributed opinions. In the end it was agreed that 
the basic shape of the current process is a good one but the groups 
involved - BugZappers, release engineering, and developers - should 
communicate and collaborate more in deciding on release-critical bugs.


--- Xorg/Mesa/DRI testing ---

François Cami, together with others, proposed a project[1] to conduct 
organized testing of X.org and DRI functionality with a range of common 
hardware for Fedora 11. He highlighted four important areas he felt were 
needed for this: an opt-in system to record what hardware is owned by 
what testers (possibly utilizing Smolt), a system for producing test 
plans, a system for recording the results of tests, and regularly 
scheduled test sessions. Jóhann Guðmundsson supported the idea[2] and 
suggested that, while some of the features would require help from the 
infrastructure group, the QA group could at least immediately start 
writing test cases. James Laska pointed out that extensive information 
is needed to diagnose and fix X issues remotely. François will work with 
the X maintainers to define exactly what information needs to be provided.


-- Developments --

In this section the people, personalities and debates on the 
@fedora-devel mailing list are summarized.

Contributing Writer: Oisin Feeley

--- FLOSS Multimedia Codec Support ---

Inspired by previous discussions on whether Fedora should distribute 
FLOSS content[1] Martin Sourada tried[2] to start a discussion about the 
poor support of FLOSS multimedia. Martin noted: "Out of the combinations 
of two FLOSS containers (matroska and ogg) and two FLOSS video codecs 
(dirac and theora) I know only one (ogg + theora) actually works in 
xine-lib (used by KDE4) which is pathetic." He asked for help in 
documenting the situation on a wiki page[3].

When Bastien Nocera suggested that the most important thing was to file 
bugs Martin responded[4] that this was what he was doing after first 
performing tests.

An information packed sub-thread started[5] by Gregory Maxwell expanded 
the scope of the tests and started a discussion with Dominik 
Mierzejewski about the problem of ffmpeg providing sub-optimal 
implementations of unencumbered codecs. It seems that for reasons of 
efficiency ffmpeg re-invents the wheel from scratch instead of using and 
improving upstream implementations. Kevin Kofler also rose[6] to the 
implied challenge that GStreamer was preferable to xine-lib.

    3. http://fedoraproject.org/wiki/User:Mso/Open_Multimedia

--- Multiple Packages from One Source ? ---

A question about how to handle the situation where a single source could 
be compiled with alternate databases was posted[1] by Steven Moix. The 
motion video motion detector software can be compiled to use either 
MySQL or Postgres. Steven explained that the problem was that "[...]you 
can't divide it into sub-packages, at the end it generates one big 
binary file [...]" and wondered should he just choose the database he 
preferred or propose two packages.

Manuel Wolfshant expressed[2] what appeared to be the common wisdome: 
"personally I would compile twice, once enabling mysql and another time 
pgsql, and create 2 packages. each package would install a 
"motion-dbname" binary, and a symlink would allow access via the well 
known name "motion". Using alternatives would allow a switch between the 

Although it was admitted that David Woodhouse's suggestion[3] to make 
the program use loadable plugins was the ideal Tom Lane thought[4] that 
was "[...] a bit above and beyond what a packager should do. If he's 
also an upstream developer, then he should undertake that addition with 
his developer hat on; but it's *well* beyond the size of patch that a 
Fedora package should be carrying."

The ability to specify alternate requires (similar to those used in the 
.deb package format[5]) was discussed[6] by Richard W.M. Jones and Tom 
Lane and dismissed as impractical in this case anyway due to variations 
in SQL.

    5. http://www.debian.org/doc/debian-policy/ch-relationships.html

--- Take a Peek at the Fedora 11 Release Notes ---

Fresh from his work on the RHEL-5.3 Release Notes Ryan Lerch apprised[1] 
the list of the latest changes to the Fedora 11 Release Notes. Ryan 
sought early feedback and changes to documentation beats in order to 
give the community an early preview of the release notes.

Initial feedback from Thorsten Leemhuis and Kevin Kofler and others 
indicated that the use of fixed-width instead of liquid layout was 
disliked by some people and loved[2] by others.

Ryan also provided[3] an rpm of this Release Notes mockup.


--- Heads Up: Noarch Subpackages Landing Soon ---

Florian Festi warned[1] that the ability to produce noarch subpackages 
will soon be available in Fedora. This brings the benefit of being able 
to share these packages among different architectures thus reducing disk 
space and mirror bandwidth.

Although rpm-4.6 supports noarch fully there are still some fixes to 
make to koji before the Fedora buildsystem can cope with noarch 
subpackages. Florian suggested that those who wanted to could experiment 
in mock with rpmdiff to compare the results across different 
architectures. He assured readers that there were no plans to force 
packagers to use this feature and invited anyone interested in 
developing the use of noarch in future release to a discussion.

Florian later warned[2] that one potential negative outcome of using 
such sub-packages would be a proliferation of packages and consequent 
bloating of metadata which might affect yum.

VilleSkyttä suggested[3] that it would be wise to make sure that use of 
BuildRequire: rpm-build >= 4.6.0 was enforced in order to ensure that 
earlier versions of rpmbuild did not produce noarch versions of the main 
package and other potential subpackages. Florian's response 
recognized[4] the problem but deprecated the use of BuildRequires to 
such an extent. One possible alternative which he proposed was to "[have 
Panu Matilainen backport a check that will make noarch packages (both 
regular and noarch) fail to build if they contain binaries [and ensure 
that this] additional check will be in place before koji will be 
updated[.]" This latter proposal stimulated a good deal of interest from 
Ralf Corsepius and Richard W.M. Jones as they were both concerned with 
cross-architecture issue. The definition of a "binary" seemed to be one 
unclear point.

In a later thread Florian updated[5] a list of packages which could be 
easily turned into noarch subpackages.


--- Mass Rebuild Coming Soon ---

Jesse Keating drew attention to "[...] a perfect storm brewing for 
Fedora 11" due to the need to rebuild with GCC-4.4 (see FWN#161[1], the 
use of i586 as the default supported architecture (see FWN#162[2] and 
the support of stronger hashes (last paragraph of FWN#107[3]).

Apparently the time-constraints led to a desire to start the rebuild as 
soon as possible without giving maintainers an explicit window in which 
to do their own builds. Jesse preferred to give maintainers an ability 
to opt-out and sought suggestions on how this could be achieved.

Jesse suggested that interested parties should either reply to the 
thread and/or participate in the 2009-02-16 IRC meeting in 
#fedora-meeting at 1800UTC.

    3. http://fedoraproject.org/wiki/FWN/Issue107#Crypto_Consolidation

--- New Tool Measures Ease of Cross-compiling to Windows ---

Richard W.M. Jones announced[1] the availability of CrossReport, a tool 
to evaluate the ease with which applications can be ported to Windows 
using the MinGW libraries.

After some issue with platform dependency were reported by Michael 
Cronenworth were sorted[2] out it seemed[3] the tool is ready for use.


-- Translation --

This section covers the news surrounding the Fedora Translation (L10n) 


Contributing Writer: Runa Bhattacharjee

--- Additions to talk.fedoraproject.org ---

Rafael Gomes has volunteered to update content on 
talk.fedoraproject.org[1] and would be creating the .pot file to make it 
available for translators. Additionally, Lucas Do Amaral has volunteered 
to add content regarding ekiga configuration[2] that would ensure error 
free display of the translated content, as had been earlier reported by 
Richard van der Luit [3].


--- Further discussion on the Infrastructure Roadmap ---

In continuation to the earlier discussion, Dimitris Glezos mentions that 
the important issue currently is the inconsistent uptime of the system 
due to the lack of administration resources [1]. He also mentions that 
adding Publican support to the Transifex instance would be possible with 
support from the Fedora Publican group. Additionally, he mentions that 
Transifex v0.5 to be released in March, would have support for 
Statistics based display as a start to the future goal of supporting all 
the features of Damned Lies. It is to be noted that FLP uses Damned Lies 
and Transifex for its Translation infrastructure.

Domingo Becker added a wishlist[2] for the current system, that includes 
reservation of files for translation, timeout and notification system to 
the co-ordinator. In a separate thread, Francesco Tombolini voiced his 
opinion about the lack of the file locking feature and the downtime in 
the statistics page [3].


--- Migration of Damned Lies ---

Asgeir Frimannsson had announced[1] the imminent migration of the old 
Damned Lies instance to the new Django-based Damned Lies instance. 
Damned Lies is used by http://translate.fedoraproject.org for generating 
the translation statistics.
--- New Members in FLP

Daniel Yousefi (Persian) [2], Ahmad Razzaghi (Persian) [3], Daniele 
Catanesi (Italian) [4], Mads Bille Lundby (Danish) [5], and Zoltan 
Sumegi (Hungarian) [6] joined the Fedora Localization Project last week.


-- Infrastructure --

This section contains the discussion happening on the 


Contributing Writer: Huzaifa Sidhpurwala

--- Calendaring system ---

Discussion on this topic continues from last week. Adam Williamson said 
[1] that there are a couple of calendaring plugins which will allow for 
"days" will be allocated.

Clint Savage mentioned that the point is that it should support caldev 
or something better[2]


--- wordpress-mu install ---

Mike McGrath asked who wanted to finalize our wordpress-mu install[1] 
Mike further said that it has got built and there is a ticket for it[2]

    2. http://fedorahosted.org/fedora-infrastructure/ticket/342

--- cgit to replace gitweb? ---

Seth Vidal said[1]that he has setup cgit as a replacement for gitweb on 
hosted2 and it is available at hosted2.fedoraproject.org/cgit/ He said 
that he would like to replace gitweb as a web based git repo browser but 
that would mean that the urls from gitweb will not work any more. He 
said that he would like to get some feedback on this.

Bill Nottingham suggested[2] that we may be able to able to do a rewrite 


--- Artwork

In this section, we cover the Fedora Artwork Project.


Contributing Writer: Nicu Buculei

--- Evolving Fedora 11 Artwork ---

The development of the Fedora 11 artwork evolved on @fedora-art. Máirí­n 
Duffy posted[1] a new wallpaper mockup[2]: "It's more really an attempt 
at a nice backdrop, and maybe we can layer some of the trees and 
buildings we were talking about on top[.]"

Charles Brej investigated[3] boot animations: "On the plymouth front, I 
am likely to be a bit busier at work this release than the F10 one, so I 
would really appreciate some of ideas as to what people would like 
during the system boot. The possibilities are pretty much limitless but 
it would be a good thing to conserve the CPU and keep the number and 
size of images included in the initrd to a minimum".


-- Security Week --

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: Josh Bressers

--- Is Open Source Software Secure? ---

This week there was a story posted to Slashdot titled How To Argue That 
Open Source Software Is Secure?[1]. Quoting the post:

... saying that they were warned that they are dangerously insecure 
because they run open source
operating systems or software, because 'anyone can read the code and 
hack you with ease.'

This issue seems to keep coming up from time to time. This argument is 
of course silly and one of those "Prove it ... you can't? So it's true!" 
There is no way to prove that a piece of closed source software is more 
or less secure than a given piece of Open Source Software. If you can't 
see the source, you can't be certain that the vendor did or didn't fix 
issues. You need to unconditionally trust your vendor. If the source 
code is wide open for anyone to see, it keeps the vendor honest. You 
can't sweep issues under a transparent rug. You can try, and maybe hide 
a few piles of dust, but the really scary piles of dirt will stick out 
like sore thumbs.

The issue at hand isn't is application A more secure than application B, 
but do you trust vendor A more than vendor B?

    1. http://it.slashdot.org/article.pl?sid=09/02/11/007216

-- Security Advisories --

In this section, we cover Security Advisories from fedora-package-announce.


Contributing Writer: David Nalley

--- Fedora 10 Security Advisories ---

     * xine-lib- - 
     * squid-3.0.STABLE13-1.fc10 - 
     * squidGuard-1.2.1-2.fc10 - 
     * python-fedora-0.3.9-1.fc10 - 
     * asterisk- - 
     * moodle-1.9.4-1.fc10 - 
     * fail2ban-0.8.3-18.fc10 - 

--- Fedora 9 Security Advisories ---

     * squidGuard-1.2.1-2.fc9 - 
     * python-fedora-0.3.9-1.fc9 - 
     * squid-3.0.STABLE13-1.fc9 - 
     * lighttpd-1.4.20-6.fc9 - 
     * xine-lib- - 
     * moodle-1.9.4-1.fc9 - 
     * asterisk- - 
     * dahdi-tools-2.0.0-1.fc9 - 
     * libresample-0.1.3-9.fc9 - 
     * dnsmasq-2.45-1.fc9 - 
     * fail2ban-0.8.3-18.fc9 - 

---- end FWN #163 ----

More information about the news mailing list