Fedora Weekly News #158
pcalarco at nd.edu
Mon Jan 12 18:26:18 UTC 2009
Fedora Weekly News Issue 158
Welcome to Fedora Weekly News Issue 158 for the week ending January
In this first FWN issue of 2009, we bring you several announcements of
the outcomes of recent Fedora-related elections. Fedora 8 reaches its
end of life (time to upgrade!), and FUDCon 11 reports abound. Much news
coverage of the Fedora Planet, including Fedora 10 vs. OpenSuSE,
explanations on some of the recent security items now in the latest
(2.6.28) Linux Kernel, and Fedora and OLPC goodness. From the
development realm, useful coverage of the state of Intel graphics under
Fedora 10 and debates on disabling staging drivers. Release notes and
packaging guide areas need volunteers in the documentation project, and
the translation team welcomes new members and suggests new language
teams. In artwork, announcement of a new November/December issue of Echo
Monthly News, another great sister Fedora publication. Security
advisories for Fedora 9 and 10 are brought to light and the issue round
out with more virtualization coverage, including announcement of Xen
3.3.1 in Rawhide and a new Fedora virtualization list, "everything
concerning Fedora and virtualization, including Xen." Read on!
If you are interested in contributing to Fedora Weekly News, please see
our 'join' page. We welcome reader feedback: fedora-news-list at redhat.com
FWN Editorial Team: Pascal Calarco, Oisin Feeley, Huzaifa Sidhpurwala
-- Announcements --
In this section, we cover announcements from the Fedora Project.
Contributing Writer: Max Spevack
--- Election Results ---
Bill Nottingham and Matt Domsch were re-elected to the Fedora Board for
Josh Boyer, Dan Horák, Jarod Wilson, and Jon Stanley were elected to the
Fedora Engineering Steering Committee for two-release terms.
Max Spevack, Joerg Simon, Francesco Ugolini, Thomas Canniot, Rodrigo
Padula, David Nalley, and Susmit Shannigrahi were elected to the Fedora
Ambassadors Steering Committee for two-release terms.
Paul Frields announced that Dimitris Glezos has been appointed to fill
the final seat on the Fedora Board.
--- FUDCon Boston 2009 ---
Hopefully, you were able to attend to attend FUDCon Boston, January
9-11. If you weren't, keep reading below for coverage!
--- Fedora 8 End of Life --
The end-of-life for Fedora 8 is Wednesday, January 7. No further
updates will be issued, no new builds will be allowed in the build
system, and all open bugs against Fedora 8 will be closed WONTFIX.
-- Planet Fedora --
In this section, we cover the highlights of Planet Fedora - an
aggregation of blogs from Fedora contributors worldwide.
Contributing Writer: Adam Batkin
--- General ---
Michael DeHaan wrote an essay entitled Academics, Innovation,
Patents, And a Path Beyond? about FOSS, cross-organizational
collaboration and encouraging innovation.
Jef Spaleta had some ideas about "how to do more focused new
contributor recruitment and training in Fedora" and using the Mugshot
online service to gather statistics and create personalized
notifications (invitations) to its users.
Máirín Duffy created a list of questions (and provoked a healthy
discussion) that could be used to develop a set of guidelines for
notifications ("Chatty Applications").
Greg DeKoenigsberg wrote about some of the work going in to
synchronizing Fedora and OLPC efforts.
James Morris explained some of the security changes that have gone in
to the latest (2.6.28) Linux Kernel.
Karsten Wade asked "why aren’t you publishing on the Fedora wiki?"
and followed up with a set of thoughts to encourage documentation
After a few Fedora 10 frustrations, Scott Williams tried-out OpenSuSE
and found some good bits and some not-so-good bits.
The latest Red Hat Magazine included a video interview of Michael
DeHann discussing Cobbler "and how it simplifies network installations
for datacenters and other large-scale linux environments".
James Laska continued his tutorial on Creating a virtual test lab
(using tools such as Cobbler, Koan and SNAKE).
David Nalley thanked HP for providing Mini-notes (with Linux
preinstalled!) for Fedora Ambassadors.
Jef Spaleta wrote an open letter to Mark Shuttleworth questioning
the openness (or lack thereof) of Canonical's Launchpad.
--- FUDCon 11 ---
A small selection of FUDCon-related posts:
("Not in Boston? Listen Live, Watch Videos After!")
 Photos: http://mihmo.livejournal.com/67003.html
 More photos: http://mihmo.livejournal.com/67287.html
 Even more photos: http://mihmo.livejournal.com/67388.html
-- Developments --
In this section the people, personalities and debates on the
@fedora-devel mailing list are summarized.
Contributing Writer: Oisin Feeley
--- Default ssh-agent Dialog Pop-up ---
Confusion abounded when user "nodata" reported that running ssh-add
from the command-line popped up a gnome dialog requesting his private
SSH key. "nodata" disliked handing out his private key in such a manner.
The confusion resulted from the availability of at least two possible
ssh-agents and also a change in configuration between Fedora 9 and
Fedora 10 which presents the authentication dialog by default.
Ricky Zhou was among those who suggested (with a manpage quote) that the
SSH_ASKPASS environment variable determined whether the passphrase was
read from a terminal or by an X11 dialog. Separately Jesse Keating
and Nalin Dahyabhai explained that the dialog was presented by
gnome-keyring and not gnome-ssh-askpass.
"nodata" questioned whether the behavior had changed between Fedora 9
and Fedora 10 and expressed irritation that a "[...] GUI is popping up
when I am using a command line app." Jesse Keating responded: "You're
using a command line app from a graphical terminal. Also, cli apps
aren't the only use for ssh and ssh keys." This did not appeal to many
respondents including John Linville who questioned the benefit of
changing focus to a new window to type a passphrase. Callum Lerwick
rather tartly outlined some benefits including preventing key logging
Matthias Clasen suggested using
gconftool-2 -s -t bool /apps/gnome-keyring/daemon-components/ssh false
to turn off the behavior for those who dislike it and this led to
several requests to make this the default. Andrew Haley put the case
that "[t]he key argument against a pop-up dialog box that asks for the
passphrase is that we're training people to type secrets into pop-up
dialog boxes. Bad psychology, bad security."
][MatthiasClasen|Matthias Clasen]] and Tomas Mraz with Jerry Amundson
explored the use of SSH_ASKPASS as an alternate method to disable
the GUI dialog.
 Private keys are stored by ssh agents so that they may handle all
key related operations requested by clients. The passphrase to decrypt
the key thus need only be typed into the agent once instead of
--- Intel Graphics Installation Woes ---
"Mike" requested information on when a working xorg-x11-drv-i810
driver for Intel graphics chipsets had a chance of appearing. He was
disappointed that it was non-trivial to get two machines with 82945G and
82845G chipsets installed and had needed to fall back to using the vesa
driver instead of the intel one.
Others listed outstanding bugzilla entries for a wide range of Intel
chipsets. Dan Williams asked if using Option "EXANoComposite" "true"
as a workaround for problems with the i830 chipsets was succesfull and
received mixed reports. It seemed that he was making some progress with
resolving some of the issues.
MAYoung suggested that setting "NoAccel true" in xorg.conf might work
for some people but that "[...] intel graphics are highly flaky on
Robert Arendt laid the blame at the door of upstream merges of
GEM/DRM into the kernel and noted that other distributions were
suffering identical problems. "Mike" later confirmed this with a list
of bugzilla entries from upstream freedesktop.org: "It would be nice if
Intel would help to get this fixed, and there are indeed problems with
Suse, Ubuntu and Mandriva also with newer drivers and Intel graphics
chipsets of various flavors - this is really bad!"
--- KPackageKit Auto-update Bug ---
Michael B Allen reported that his system had performed an update
without his permission and asked how to completely disable such behavior.
It appeared that this was due to a bug in KPackageKit which has been
unfixable for over a month due in part to the complexity of the code.
--- Disabling Staging Drivers ? ---
Rahul Sundaram asked if enabling the many new drivers in the staging
tree would make sense in rawhide in order to support a wider range of
hardware such as the EeePC's ralink wireless chipset.
Opinion was roughly split between those who were completely against the
idea and those who suggested avoiding codifying a rigid policy. Matthew
Garrett believed that it would be "somewhat user-hostile" to, for
example enable the ralink drivers in rawhide but possibly remove them
for a general release. He argued that the ralink drivers were a
dead-end which would never merge upstream. On the other hand Dave
Jones preferred to take a case-by-case approach as long as "[...] we
have someone responsible for working on it, with the goal of getting it
out of staging, and dealing with bugs etc. Not unlike the same reasoning
for us adding various not-yet-upstream drivers to the Fedora kernel really."
While preferring to completely disable the staging drivers Thorsten
Leemhuis expressed the intention to provide RPM Fusion kmods in that
case. Dan Williams made a strong argument that "-staging" itself was
a bad idea as it gave "legitimacy to drivers of questionable quality"
and John Linville limned the tortured history of the at76 driver.
 "linux-staging" is a kernel tree whose purpose is to test drivers
and filesystems for later inclusion in mainline
--- git-* Commands Moved to /usr/libexec/git-core/ ---
Adam Tkac worried that scripts would break due to the latest git
branch in rawhide which had moved all the git-* binaries to
/usr/libexec/git-core in order to comply with upstream practice. The
issue was previously discussed (see FWN#141[2)] with the resolution that
updating to git-1.6.0 would be a flag day for this change. Adam
suggested that the new location could be added to the PATH environment
variable but this received no support.
Karel Zak advocated that such scripts should be fixed as the change
had been coming since 2006.
Bryn Reeves wondered if compatibility symlinks and a release note
would ease the transition over a couple of releases. Although the
symlinks were generally felt to be a non-effective strategy Todd
Zulinger was encouraged by Paul W. Frields to open a bugzilla entry
against the Release Notes to ensure that the documentation team take
care of highlighting the issue for Fedora 11.
--- Mandatory FHS Adherence ---
JasonTibbitts posted a summary and links to the 2009-01-06 FPC
meeting deliberations. Interest on @fedora-devel was mostly sparked by
the item which declared that the FPC would "Make adherence to the FHS a
MUST [.]" Jason encouraged reading of the full minutes in order to
understand this item.
Doug Ledford discussed the problem his MPI implementations
experienced with the FHS and Richard W. M. Jones expressed  concern
that the FHS was a moribund standard and adhering to it would block
projects such as MinGW without any method to evolve the standard. Toshio
Kuratomi responded in detail in both threads and pointed out that the
MinGW case had been addressed in the meeting and also that there were
problems with changing the FHS.
-- Documentation --
In this section, we cover the Fedora Documentation Project.
Contributing Writer: Jason Taylor
--- Docs Project and FUDCon ---
At FUDCon the Documentation Project tasks were discussed and some
headway was made. There is still work to be done and the information
contained here can be used to pickup where tasks were left off.
--- Documentation Team Ownership Deadline ---
The Docs Project has divided the published documentation into teams.
The teams consist of a Lead who manages the overall direction of the
document and writers who write and/or edit various pieces of the
published document. There are two publications that need a lead, the
release notes and the packaging guide. The packaging guide needs a
rewrite and the release notes will start the update/publication process
for F11. The deadline for claiming a publication is the week of 11-Jan-2009.
-- Translation --
This section covers the news surrounding the Fedora Translation (L10n)
Contributing Writer: Runa Bhattacharjee
--- cvsl10n Sponsorship and Listing of Sponsors ---
As a follow-up to the ongoing discussion about the "cvsl10n" sponsorship
procedure, NorikoMizumoto and IgorSoares have put together a page
with the name of the Administrators and Sponsors of the "cvsl10n" group.
IgorSoares suggested the formation of language groups to ease the
sponsorship and an aging policy for unattended requests.
RunaBhattacharjee suggested if a patch to the existing FAS interface as
possible, that would allow addition of the language name when a new
member sends a request to join the FLP. ChristianRose also suggested
a patch for damned-lies that would allow addition of the "sponsor"
information directly on the team's page.
--- New Administrators for cvsl10n ---
The FLSCo members were upgraded to "Administrators" of the "cvsl10n"
group by KarstenWade.
--- TQSG upgraded ---
NorikoMizumoto announced the availability of the updated .pot and .po
files of the Translation Quick Start Guide (TQSG). FLP members can also
join the TQSG project to help in its maintenance.
--- New Members in the FLP Project ---
ChristopheAlladoum (French), Luís Gomes (Portugeuse), Mieszko
Ślusarczyk (Polish), Mario Jalsovec (Croatian), Kris Thomsen
(Danish), David Kjær (Danish), Wes Freeman (Spanish) join
the FLP teams.
-- Artwork --
In this section, we cover the Fedora Artwork Project.
Contributing Writer: Nicu Buculei
--- Echo News and Development ---
After a month of absence, Martin Sourada announced on @fedora-art a
new issue of Echo Monthly News "We've just published latest Echo
Monthly News Issue. Due too lack of enough content, it is joint of
November's and December's happenings"
In other Echo related news, Martin announced a poll regarding the
future development of the theme "I've just posted a poll about Echo
Perspective on Fedora Forum to see our user base opinion and I'd like to
hear the opinions of the Art Team members as well"
-- Security Advisories --
In this section, we cover Security Advisories from fedora-package-announce.
Contributing Writer: David Nalley
--- Fedora 10 Security Advisories ---
* proftpd-1.3.1-8.fc10 -
* xterm-238-1.fc10 -
* samba-3.2.7-0.25.fc10 -
* zoneminder-1.23.3-2.fc10 -
* thunderbird-22.214.171.124-1.fc10 -
* p7zip-4.61-1.fc10 -
* avahi-0.6.22-12.fc10 -
* openssl-0.9.8g-12.fc10 -
--- Fedora 9 Security Advisories ---
* xterm-238-1.fc9 -
* proftpd-1.3.1-8.fc9 -
* thunderbird-126.96.36.199-1.fc9 -
* p7zip-4.61-1.fc9 -
* am-utils-6.1.5-8.1.fc9 -
* samba-3.2.7-0.23.fc9 -
* openssl-0.9.8g-9.12.fc9 -
--- Fedora 8 Security Advisories ---
Fedora 8 is now EOL
Per FESCo support for Fedora 8 was discontinued on January 7th 2009
-- Virtualization --
In this section, we cover discussion on the @et-mgmnt-tools-list,
@fedora-xen-list, @libvirt-list and @ovirt-devel-list of Fedora
Contributing Writer: Dale Bewley
--- Enterprise Management Tools List ---
This section contains the discussion happening on the et-mgmt-tools list
-- Help Perfect Cobbler SELinux Policy ---
Dominick Grift posted "instructions on how to install a bare SELinux
policy for image:Echo-package-16px.pngcobbler. Feedback in the form of
AVC denials would be appreciated so that we can perfect this bare policy."
Michael DeHaan asked "Would someone like to take a shot at refining
this policy some or at least running Cobbler with that for a while (in
permissive mode) to identify what else needs to be allowed?" and added
the policy to the cobbler wiki.
--- Fedora Virtualization List ---
This section contains the discussion happening on the fedora-virt list.
--- New Fedora Virtualization List ---
On @fedora-xen, Daniel Veillard announced the creation of the new
"As the initiator for [the fedora-xen] list, I must admit I made a
mistake 3 years ago, I should have picked a list name agnostic from the
hypervisor name. With the current state of Xen in Fedora recent releases
it really make sense to try to correct that mistake ... it's never too
late ! So http://www.redhat.com/mailman/listinfo/fedora-virt is born, I
don't want to mass-subscribe people, especially as I think the current
list should survive with its Xen centric focus. You can subscribe
directly to the new URL above.
The topic is everything concerning Fedora and virtualization including Xen.
I think the [fedora-xen] list would be a good place for people still
using Fedora <= 8 with Xen, but it's just a suggestion :-)"
And on @et-mgt-tools Richard W.M. Jones suggested "we should fold
et-mgmt-tools into fedora-virt too."
--- Fedora Xen List ---
This section contains the discussion happening on the fedora-xen list.
--- Xen 3.3.1 in Rawhide ---
Pasi Kärkkäinen pointed out the release of
image:Echo-package-16px.pngxen 3.3.1. A few days later it was made
available in Rawhide.
--- Manage Shutdowns of KVM Xenner Guests ---
Felix Schwarz used image:Echo-package-16px.pngkvm and
image:Echo-package-16px.pngxenner to migrate a Fedora 8 Xen dom0 host to
"So far this was easier than expected. :-) Of course there are some
smaller issues (Xenner does not work with SElinux, NetworkManager does
not support bridges) but now there is only one real issue left:
How can I automatically shut down all running VMs when my host machine
goes down? All VMs do poweroff if I press the 'shutdown' button in
virt-manager. So I guess it's just a matter of sending this signal to
all running VMs and waiting a bit."
--- Test Dom0 Kernel For Fedora 10 ---
Michael Young has "succeeded in getting a fedora based
image:Echo-package-16px.pngkernel to build with Dom0 patches added." ...
"If anyone wants to inspect it, the source rpm generated is at
It is completely untested beyond the fact that it compiles for me, so I
have no idea if a kernel built from it will actually boot."
See also Xen and Fedora wikis.
--- Libvirt List ---
This section contains the discussion happening on the libvir-list.
-- Interface Bandwidth Controls
Max Zhen described a goal of enabling
image:Echo-package-16px.pnglibvirt to configure bandwidth rate limits
for the network interface of virtual machines, and asked for comments on
--- RHEL 5 Support ---
Markus Armbruster posted a "patch series attempts to make
image:Echo-package-16px.pnglibvirt just work on RHEL-5. Right now it
doesn't, mostly because libvirt relies on version number checks in a
couple of places, and RHEL-5's version numbers aren't the whole truth
due to various backports of later stuff." Adding "I'm not proposing this
for immediate commit, as I'm still testing. But I'd appreciate review:
is this the right way to do it?"
--- Choice of Private Network Range ---
Peter Anvin was "kind of wondering why
image:Echo-package-16px.pnglibvirt defaults to 192.168.122.0/24".
Refering to RFCs 2544 and 3330. Peter suggested the following
* 192.0.2.0/24 - reserved as "test and example network"
* 198.18.0.0/15 - reserved as "benchmark test network"
--- Guest-Safe libvirtd Restarts ---
A restart of libvirtd will necessarily also restart KVM virtual machine
guests. Guido Günther sought to rectify this with a submission of
--- end FWN #158 ---
More information about the news