Fedora Weekly News Issue 156
Welcome to Fedora Weekly News Issue 156 for the week ending December 14th, 2008.
This week's issue features an exciting discount for Fedora community members in Australia and New Zealand on Red Hat certification training and exams. Coverage of Fedora Planet includes event reports from a FOSS event in India and a Parisian Fedora install fest, along with a nifty XO Exchange Registry. Another flamewar eruption is covered on the Developments beat, along with updates on the D-Bus in Fedora and discussion on making 'updates-testing' more useful. Fedora websites are now available in Russian and Bulgarian, as reported in this issue's Translations beat. The Artwork beat reports on the Fedora Art Team's re-envisioning discussion as well as using the Fedora branding in the OLPC Sugar interface. The security advisory beat updates us on Fedora 9 and 10 updates, along with reminders of Fedora 8 end of life, January 7, 2009. In virtualization news, details of the latest libvert in RHEL and CentOS 5.2. All this and more in this week's FWN!
FWN is considering changing the format in response to some reader suggestions. The Developments section this week attempts to be considerably shorter and places URLs below each section instead of interspersing them after each paragraph. We welcome reader feedback on the subject: firstname.lastname@example.org.
If you are interested in contributing to Fedora Weekly News, please see our 'join' page.
In this section, we cover announcements from the Fedora Project.
Contributing Writer: Max Spevack
Red Hat Certification offer
STOP THE PRESSES.....50% Discount on Red Hat Certification Exams
When the going gets tough - the tough get certified! Maximise your chance of career success in 2009 with Red Hat training and certification
Special End of Year Offer for Fedora community members in Australia and New Zealand.
50% discount of all Red Hat Exams taken in Australia and New Zealand by February 28th, 2009
Get your certification today! Act now... simply visit
for a complete list of Red Hat exams available until 28th February, 2009 and write "Fedora Community Special" in the Promo code box. Make sure you use your Fedora email id when registering to qualify for the 50% discount.
If you have a mate who would benefit from a Red Hat certification, make sure you pass on the good news!
- Terms and Conditions*
This offer begins December 15, 2008 and ends on February 28, 2009. Offer void if participant cancels, no shows, or requests a refund. Offer is subject to availability. Exams, reschedules and any retakes must be completed by February 28, 2009. Participants must register for the promotion at http://www.apac.redhat.com/training/register.php3 and enter “Fedora Community Special” in the Special Offers section, using their Fedora email id to register. Offer may not be used for exams in which you are already enrolled, cancellations and re-bookings. This offer is not valid in conjunction with any other promotions or special pricing. Participant is responsible for assessing his/her suitability for enrolling in the appropriate exam. Government employees and contractors may not be eligible to receive this offer and the participant acknowledges that his/her employer is aware of and consents to the receipt of the offer, and that the receipt of the offer does not violate the organisation’s policies and regulations. Void where prohibited by law. Offer is available to residents of Australia and New Zealand only. Red Hat reserves the right to withdraw or extend this offer at anytime.
Paul Frields wrote about the update problem affecting D-Bus. "Recently, an update of D-Bus software package in Fedora 10 caused the substantial breakage of some applications, including PackageKit."
The announcement includes instructions that explain how a user can update the system manually using yum on the command-line, and return to business-as-usual.
If you are unable to perform a normal system update using PackageKit and need help, please read the full announcement.
In this section, we cover the highlights of Planet Fedora - an aggregation of blogs from Fedora contributors worldwide.
Contributing Writer: Adam Batkin
Dave Jones answers some frequently asked questions and common misconceptions regarding Virtual Memory in Linux
Tom Tromey concluded[2,3,4] his excellent series on scripting and extending GDB with Python, including some PyGTK widgetry inside GDB.
Michael DeHaan contemplates the complexity of software projects and how to encourage new people to get involved and contribute. "Projects that have a lot of complex interrelationships and need a lot of experience with the codebase (that is acquired over a long period of time) are less apt to attract casual contributions"
Jesse Keating announced a new Fedora Hosted project, Offtrac: "Offtrac is my attempt at creating a python library for interacting with trac via xmlrpc." The project can already perform a number of tasks including querying, retrieving and creating tickets and milestones.
Kulbir Saini presented some ideas for hacking a Linux install to make it boot faster.
Luis Villa offered a followup regarding some comments that he had made criticizing OpenOffice.org's user interface and praising Office 2007.
Máirín Duffy put together an impressive Lightscribe label template for Fedora.
Greg DeKoenigsberg introduced the XO Exchange Registry that "connects people who have XOs and don't need them with people who need XOs and don't have them."
Tom Callaway ranted (don't worry, those are his own words) about FOSS licensing. He notes that there are no clear standards for what defines a "Free" distribution, as there are often cases where truly difficult questions arise, but adds "This is why for Fedora, the goal of being 100% Free isn't something that we're losing sleep over. Sure, we'd like to be 100% Free, and we're working towards that every day, but actually being 100% Free is HARD, especially if you want more than 700 MB of packages."
John Poelstra discussed the "Benefits of Detailed Schedules" after last week's approval of the Fedora 11 schedule.
Till Maas announced "some webpages that cache bugzilla queries of package review requests". So if anyone out there would like to jump in and help review some packages, please do so! (there were 719 packages in the NEW state when Till's post went up and already 725 by the time this sentence was written).
Luke Macken decided to share a small python program that determines "the amount of time Fedora updates spend in testing within bodhi". Click in to see the results.
Matthew Garrett apparently spent a bit of time traveling, and during that time analyzed a number of showers, as a metaphor for UI design in software.
Luke Macken committed a Python API for interacting with the Fedora Wiki and shows off some of its statistical gathering abilities.
Folks are still posting[17,18,19] photos and writeups of their experience at FOSS.IN. It really sounds like an amazing time was had by all.
Thomas Canniot wrote about a successful Fedora Install Fest in Paris
In this section the people, personalities and debates on the @fedora-devel mailing list are summarized.
Contributing Writer: Oisin Feeley
Fedora 11: OSS and PulseAudio Conflict Resolved by CUSE ?
A thread from November led Warren Togami to suggest a plan to use CUSE as part of a strategy to deprecate the near obsolete Open Sound System (OSS) which wreaks havoc with
PulseAudio enabled boxes. The plan included a fallback to
OSS for users who really wanted it.
Bastien Nocera was skeptical that
CUSE would be ready in time for
Fedora 11 and suggested instead that a list of applications using OSS be created so that they could be fixed.
 Character Devices in User space: http://lwn.net/Articles/308445/
Rawhide Report 2008-12-08
When the latest Rawhide Report logged one maintainers use of
cvs-import.sh Dominik Mierzejewski criticised the use of the script for updating. Richard Jones asked: "[I]s this stuff really documented anywhere? I have tended to learn it by osmosis, deduction and reading the horribly complicated rules in Makefile.common."
A direct answer was provided by Patrice Dumas with links to the relevant portions of the wiki.
The D-Bus Problem
Ian Amess asked for the current status of a problem caused by a substantial update of the
D-Bus package. The update had resulted in the incapacitation of many packages. The most important of these was
PackageKit, the default graphical application for managing software.
Colin Walters decided that reverting the update was necessary and that changes to
D-Bus policy would be postponed.
PackageKit, and its
KDE clients were updated by Richard Hughes in an attempt to accommodate the changes. Richard testified that "[o]ver the last two days we've all been working really hard on fixing up all the projects after the DBus update. I know personally I'm closing a duplicate bugzilla every 30 minutes." He noted that the delay between creating an update and pushing it to a mirror was a limiting factor in being able to implement these fixes.
A post to @fedora-announce by Paul Frields explained the series of steps which allowed users to re-enable normal system updates using PackageKit. As of 2008-12-15 this notice also appears at the top of all the Fedora Project wiki pages.
Fedora Com System ?
An exploration of possible ways to alert users to critical information was initiated by Arthur Pemberton. Most ideas seemed to center around some sort of
RSS feed enabled by default on the desktop.
YUM: Enable --skip-broken by Default ?
yum update to
yum --skip-broken update was suggested by Steven Moix as a way to prevent a lot of recurring support problems by eliminating dependency problems.
It was attempted to strike a balance between reporting these broken dependencies so that they can be fixed and guarding the list of packages on a user's system as private information.
A divergent sub-thread delved into the appropriate use of
Making `updates-testing' More Useful
The means to enable
PackageKit to prompt willing users to install testing updates was explored in a thread opened by Matthias Clasen: "Basically, PackageKit should know that these are testing updates, and should ask me 'There are ... package updates available that need testing. Do you want to test these now ?' For extra points, we could even show a 'report back' link somewhere that allows to send comments to bodhi."
Richard Hughes prototyped a solution but worried that it would be necessary to make changes to the users' repository configurations without their explicit consent.
A sub-thread discussed the problem of out-of-sync mirrors and the use of the
--skip-broken option with yum (see also this same FWN#156"YUM: Enable --skip-broken by Default?".)
Fedora Suckage ?
The tinder for this week's massive flamewar was laid by Robert Scheck in the form of a dryly ironic, multiple-topic rant. Robert attacked the use of "memory wasting" python daemons, lags in pushing updates compared to the
EPEL repositories, lack of information on the recent intrusion, poor German translation, the minimal requirements for
RPM-4.6 bugs, Red Hat employees blocking Merge Reviews,
PackageKit bugs, and the EU support organisation for Fedora!
Although there were several worthy attempts to make use of the above material for a true conflagration in general the opportunity was wasted and instead several rational, civil discussions of possible underlying causes and explanations took place. There were some worthy attempts to respond to all parts of this portmanteau complaint, but for the most part the discussion fractured naturally into several threads.
One such thread was concerned with the pushing of a
D-Bus update which broke many applications including
PackageKit. Kevin Kofler argued that "[...] we need to be more careful with certain types of security updates, and better let them get some QA even if it means the fix gets delayed." Michael Schwendt asserted the lack of active Quality Assurance as one of the contributing factors. KevinKofler explained that the package had been rushed out "Because it was deemed a security update, complete with a CVE ID[.]" See this FWN#156 "The D-Bus Problem" for more details.
Max Spevack took up the complaints about Fedora EMEA and more of that discussion continued on the more appropriate @fedora-ambassadors list.
No further information on the security intrusion was forthcoming from Paul Frields but he relayed that the matter was not being forgotten or hushed up and that he planned to meet with others to discuss communication procedures for any possible future intrusions.
Richard Hughes asked for specific bugs to be filed instead of general rants: "[...] I think you need to write much shorter, to the point emails. Ranting doesn't have much affect on anything, whilst filing bugs and getting involved upstream does." He also corrected Robert that many of the daemons which he complained about were written in C, not in Python.
Colin Walters issued a mea culpa: "Just to be clear, the direct push into stable is my fault; not Red Hat's or other DBus developers or anyone else's. I had originally listed it for updates-testing, but then changed the update to security and in a moment of total stupidity also changed the listing for stable."
The idea of "repeatable updates" was raised again by Les Mikesell and critiqued for want of a practical implementation by James Antill. Jesse Keating made a suggestion: "Treat rawhide as your 'new code' land, leave the release trees as your 'testing and working' code. That is don't be so goddamn eager to push new packages and new upstream releases to every freaking branch in existence."
Behdad Esfahbod tackled the issue of Red Hat employees allegedly stalling on merge reviews. Behdad criticized the jumbling together of so many issues and repudiated any suggestion that as the maintainer of un-reviewed packages he "[...] must incorporate the merge reviews and close them, no thank you, I don't mind not maintaining anything in Fedora, and I certainly didn't block anyone from making progress in the merge reviews. When you say `The Red Hat people have to follow the Fedora packaging guidelines and rules same as the Fedora folks', does it mean that Fedora should feel free to decide what *I* work on, when it doesn't decide what `other Fedora folks' work on? That doesn't feel right."
The criticism of
LiveCD localization was handled by Jeroen van Meeuwen and he accepted that it would be useful if there were some manner in which the
Spin SIG could create spins and torrent seeds outside of Fedora release engineering. It seemed that the need to make absolutely certain that such torrents and spins are kept available for support purposes may make this difficult.
 EMEA is a non-profit organization with the mission to provide a focal-point and economic base for the European Fedora community. http://fedoraproject.org/wiki/Ambassadors/EMEA
 https://www.redhat.com/archives/fedora-ambassadors-list/2008- December/msg00092.html
Help Needed: Sift "rawhide" for .pc Files
Jesse Keating requested "[...] somebody to examine all the packages in rawhide that provide .pc [pkg-config] files and ensure proper placement of them based on the review guideline. This will likely require interaction with the packages maintainer(s) so the first step should probably be to produce a list of packages that ship .pc in a non -devel package and send the list (sorted by maintainer) to here so that we can discuss and pick off items."
Michael Schwendt helped to start the process by providing some lists of non-devel packages which included .pc files or had requires which pulled in packages which provided .pc files.
An itch scratched by Jesse Keating was to be able to interact with
Trac via the commandline to create milestones for the Fedora 11 release cycle. He implemented his own python library, named Offtrac, to interact with
XML-RPC and asked for help in firming up the API and extending his client. Later Jesse explained that the purpose was to "[...] make some aspects of using trac easier for folks, not just project owners but people who file tickets in track, like say for package tagging requests, or blocks, or... "
Updates QA and Karma
The updates system came in for some more questioning (see this FWN#156 "Making `updates-testing' More Useful") when Orion Poplawski showed that an
rpcbind update for
Fedora 9 may have been pushed to stable despite comments made by him indicating that it failed due to a dependency. Orion asked two questions: " Should update submitters be allowed to give positive karma to their updates? Seems like that they are too biased.  Is there any requirement that an update have positive karma before being pushed to stable?"
It appeared that ultimately monitoring of such pushes are down to package maintainers and depend upon the good judgment of those doing the updates. Michael Schwendt provided an overview of the situation.
This section covers the news surrounding the Fedora Translation (L10n) Project.
Contributing Writer: Runa Bhattacharjee
Modules Updated in translate.fedoraproject.org
5 modules have been updated in translate.fedoraproject.org due to a move in the backend repositories. These are system-config-(services|date|samba|users|nfs). NilsPhilippsen had earlier conveyed the proposed shift. These modules can now be updated via translate.fedoraprojet.org. DiegoZacarao also adds that the docs modules for these 5 modules would also be added soon for translation submission.
New languages for Fedora Websites
The Fedora website pages can now be seen in two more languages - Russian and Bulgarian. Additionally, RickyZhou also mentions that the language code needs to be added to the LINGUAS file and a ticket with Fedora Infrastructure can be filed to ensure the translations included in Fedora websites.
Fedora 10- Release Notes Updation Process
Any changes to the Fedora 10 Release Notes are to be submitted via translate.fedoraproject.org into the "f1-" branch. KarstenWade also mentions that an intimation to the fedora-docs mailing list would be helpful to ensure that the modifications are accounted for, for the next build.
Suggestions for Fedora Translation Process Improvements
RobertScheck initiated a general discussion about suggestions to various aspects of the Fedora process including translations. Thomas Spura suggested an an online translation tool that would help more translators to participate in the translation process. Lauri Nurmi reiterates the risks to quality of translations due to a splurge in the quantity of unmonitored translations.
New Members in FLP
In this section, we cover the Fedora Artwork Project.
Contributing Writer: Nicu Buculei
Reimagining the Fedora Art Team
Following a talk on the chat channel, Máirín Duffy proposed on @fedora-art a reimagining of the Art Team, as a better way to define the activities encompassed by its members "The Fedora Art Team's name and focus is more on artwork than UI design. Folks in Fedora who need help with UI design or potential contributors who want to help out with UI design might not necessarily link those kinds of tasks to an art team so they might be a bit lost. What if we renamed the art team to be the 'Fedora Design & Creative Team,' and the art team as it is now would be a subgroup of this new design team? Under a 'design' banner, it might be easier for developers seeking out UI design advice to know where to go, and for community UI designers to find a home / a place to get involved." The proposal was welcomed warmly, with only a minor technical concern from Ian Weller "Only thing I'm worried about is renaming all the references to the Art team that we control, but, eh, whatever."
An earlier project of the Art Team, reported back at the time in Fedora Weekly News, to create a secondary mark for Fedora derivatives came to fruition: OLPC has started to use it for Sugar and Paul Frields asked for a guidelines compliance check on @fedora-art and Máirín Duffy approved it. This is the first known use of the secondary trademark.
A Fedora Promo Video (Beta)
María Leandro posted on @fedora-art a video experiment she's working on "I'm working on some videos that can be used on events or some clips. This is the first beta (well... 2nd) and is an easy animation on blender with the 'infinite' and the 'four f's' messages. The idea came up because in LatinAmerica there's an event, FLISoL (installfest) and it was a good idea to have 'something' on the big screen when the Fedora-Team is giving some information, media and stickers" and followed quickly with an improved version. WARNING: the video is available in the "evil" Flash format.
In this section, we cover Security Advisories from fedora-package-announce.
Contributing Writer: David Nalley
Fedora 10 Security Advisories
- dbus-1.2.6-1.fc10 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00209.html
- squirrelmail-1.4.17-2.fc10 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00232.html
- clamav-0.94.2-1.fc10 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00308.html
- syslog-ng-2.0.10-1.fc10 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00397.html
- java-1.6.0-openjdk-18.104.22.168-7.b12.fc10 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00444.html
- awstats-6.8-3.fc10 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00495.html
- vinagre-2.24.2-1.fc10 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00503.html
- cups-1.3.9-4.fc10 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00562.html
- gallery2-2.3-1.fc10 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00781.html
- drupal-6.7-1.fc10 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00806.html
- roundcubemail-0.2-4.beta.fc10 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00817.html
- phpMyAdmin-3.1.1-1.fc10 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00830.html
Fedora 9 Security Advisories
- squirrelmail-1.4.17-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html
- syslog-ng-2.0.10-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00237.html
- java-1.6.0-openjdk-22.214.171.124-0.20.b09.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00384.html
- dbus-1.2.6-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html
- vinagre-0.5.2-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00473.html
- awstats-6.8-3.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00509.html
- cups-1.3.9-2.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00581.html
- phpMyAdmin-3.1.1-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00757.html
- drupal-6.7-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00767.html
- roundcubemail-0.2-4.beta.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00802.html
- gallery2-2.3-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html
Fedora 8 Security Advisories
- squirrelmail-1.4.17-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html
- syslog-ng-2.0.10-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00450.html
- awstats-6.8-3.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00480.html
- vinagre-0.4-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00485.html
- cups-1.3.9-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00595.html
- drupal-5.13-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.html
- roundcubemail-0.2-4.beta.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00783.html
- phpMyAdmin-3.1.1-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html
- gallery2-2.3-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html
This section contains the discussion happening on the libvir-list.
sVirt 0.20 Patch Request for Comments
James Morris announced "the release of v0.20 of sVirt, a project to add security labeling support to Linux-based virtualization. I'm hoping to be able to propose an initial version for upstream merge within the next few minor releases, tasks for which are being scoped out in the new TODO list."
"If the current release passes review, the next major task will be to add dynamic MCS labeling of domains and disk images for simple isolation."
Daniel P. Berrange said "this patch all looks pretty good to me from a the point of view of libvirt integration & XML config representation."
Latest libvirt on RHEL and CentOS 5.2
Marco Sinhoreli needed
oVirt on RHEL 5.2. Marco wondered what was necessary to update from the 0.3.x version available for RHEL.
Soon after, Daniel P. Berrange
"uploaded a set of patches which make
libvirt 0.5.1 work with
RHEL-5's version of
Xen. Basically we have to tweak a few version
assumptions to take account of fact that RHEL-5
Xen has a number of
feature backports like the new paravirt framebuffer and NUMA support."
"Of course running a newer libvirt on RHEL-5 is totally unsupported but
hopefully these will be usful to those who absolutely need this newer
libvirt and don't mind about lack of support."
oVirt Devel List
This section contains the discussion happening on the ovirt-devel list.
Building oVirt from Rawhide
Perry Myers posted instructions for building and
oVirt from rawhide.