Fedora Weekly News Issue 158
Welcome to Fedora Weekly News Issue 158 for the week ending January 11th, 2009.
WELCOME BLURB HERE
If you are interested in contributing to Fedora Weekly News, please see our 'join' page. We welcome reader feedback: firstname.lastname@example.org
In this section, we cover announcements from the Fedora Project.
Contributing Writer: Max Spevack
Bill Nottingham and Matt Domsch were re-elected to the Fedora Board for two-release terms.
Josh Boyer, Dan Horák, Jarod Wilson, and Jon Stanley were elected to the Fedora Engineering Steering Committee for two-release terms.
Max Spevack, Joerg Simon, Francesco Ugolini, Thomas Canniot, Rodrigo Padula, David Nalley, and Susmit Shannigrahi were elected to the Fedora Ambassadors Steering Committee for two-release terms.
Paul Frields announced that Dimitris Glezos has been appointed to fill the final seat on the Fedora Board.
FUDCon Boston 2009
Don't forget to attend FUDCon Boston, January 9-11.
Fedora 8 End of Life
The end-of-life for Fedora 8 is Wednesday, January 7. No further updates will be issued, no new builds will be allowed in the build system, and all open bugs against Fedora 8 will be closed WONTFIX.
In this section, we cover the highlights of Planet Fedora - an aggregation of blogs from Fedora contributors worldwide.
Contributing Writer: Adam Batkin
Michael DeHaan wrote an essay entitled Academics, Innovation, Patents, And a Path Beyond? about FOSS, cross-organizational collaboration and encouraging innovation.
Jef Spaleta had some ideas about "how to do more focused new contributor recruitment and training in Fedora" and using the
Mugshot online service to gather statistics and create personalized notifications (invitations) to its users.
Máirín Duffy created a list of questions (and provoked a healthy discussion) that could be used to develop a set of guidelines for notifications ("Chatty Applications").
Greg DeKoenigsberg wrote about some of the work going in to synchronizing Fedora and OLPC efforts.
James Morris explained some of the security changes that have gone in to the latest (2.6.28) Linux Kernel.
Karsten Wade asked "why aren’t you publishing on the Fedora wiki?" and followed up with a set of thoughts to encourage documentation contributions.
After a few Fedora 10 frustrations, Scott Williams tried-out OpenSuSE and found some good bits and some not-so-good bits.
The latest Red Hat Magazine included a video interview of Michael DeHann discussing Cobbler "and how it simplifies network installations for datacenters and other large-scale linux environments".
James Laska continued his tutorial on Creating a virtual test lab (using tools such as Cobbler, Koan and SNAKE).
David Nalley thanked HP for providing Mini-notes (with Linux preinstalled!) for Fedora Ambassadors.
Jef Spaleta wrote an open letter to Mark Shuttleworth questioning the openness (or lack thereof) of Canonical's Launchpad.
A small selection of FUDCon-related posts:
 http://sexysexypenguins.com/2009/01/10/fudcon-f11-not-in-boston-listen-live-watch-videos-after/ ("Not in Boston? Listen Live, Watch Videos After!")
 Photos: http://mihmo.livejournal.com/67003.html
 More photos: http://mihmo.livejournal.com/67287.html
 Even more photos: http://mihmo.livejournal.com/67388.html
In this section the people, personalities and debates on the @fedora-devel mailing list are summarized.
Contributing Writer: Oisin Feeley
Default ssh-agent Dialog Pop-up
Confusion abounded when user "nodata" reported that running
ssh-add from the command-line popped up a gnome dialog requesting his private SSH key. "nodata" disliked handing out his private key in such a manner. The confusion resulted from the availability of at least two possible
ssh-agents and also a change in configuration between
Fedora 9 and
Fedora 10 which presents the authentication dialog by default.
Ricky Zhou was among those who suggested (with a manpage quote) that the
SSH_ASKPASS environment variable determined whether the passphrase was read from a terminal or by an
X11 dialog. Separately Jesse Keating and Nalin Dahyabhi explained that the dialog was presented by
gnome-keyring and not
"nodata" questioned whether the behavior had changed between
Fedora 9 and
Fedora 10 and expressed irritation that a "[...] GUI is popping up when I am using a command line app." Jesse Keating responded: "You're using a command line app from a graphical terminal. Also, cli apps aren't the only use for ssh and ssh keys." This did not appeal to many respondents including John Linville who questioned the benefit of changing focus to a new window to type a passphrase. Callum Lerwick rather tartly outlined some benefits including preventing key logging attacks.
Matthias Clasen suggested using
gconftool-2 -s -t bool /apps/gnome-keyring/daemon-components/ssh false
to turn off the behavior for those who dislike it and this led to several requests to make this the default. Andrew Haley put the case that "[t]he key argument against a pop-up dialog box that asks for the passphrase is that we're training people to type secrets into pop-up dialog boxes. Bad psychology, bad security."
 Private keys are stored by ssh agents so that they may handle all key related operations requested by clients. The passphrase to decrypt the key thus need only be typed into the agent once instead of per-operation.
Intel Graphics Installation Woes
"Mike" requested information on when a working
xorg-x11-drv-i810 driver for Intel graphics chipsets had a chance of appearing. He was disappointed that it was non-trivial to get two machines with
82845G chipsets installed and had needed to fall back to using the
vesa driver instead of the intel one.
Others listed outstanding bugzilla entries for a wide range of Intel chipsets. Dan Williams asked if using
Option "EXANoComposite" "true" as a workaround for problems with the
i830 chipsets was succesfull and received mixed reports. It seemed that he was making some progress with resolving some of the issues.
MAYoung suggested that setting "NoAccel true" in
xorg.conf might work for some people but that "[...] intel graphics are highly flaky on Fedora 10."
Robert Arendt laid the blame at the door of upstream merges of
GEM/DRM into the kernel and noted that other distributions were suffering identical problems. "Mike" later confirmed this with a list of bugzilla entries from upstream
freedesktop.org: "It would be nice if Intel would help to get this fixed, and there are indeed problems with Suse, Ubuntu and Mandriva also with newer drivers and Intel graphics chipsets of various flavors - this is really bad!"
KPackageKit Auto-update Bug
Michael B Allen reported that his system had performed an update without his permission and asked how to completely disable such behavior.
It appeared that this was due to a bug in
KPackageKit which has been unfixable for over a month due in part to the complexity of the code.
Disabling Staging Drivers ?
Rahul Sundaram asked if enabling the many new drivers in the staging tree would make sense in
rawhide in order to support a wider range of hardware such as the
ralink wireless chipset.
Opinion was roughly split between those who were completely against the idea and those who suggested avoiding codifying a rigid policy. Matthew Garrett believed that it would be "somewhat user-hostile" to, for example enable the
ralink drivers in
rawhide but possibly remove them for a general release. He argued that the
ralink drivers were a dead-end which would never merge upstream. On the other hand Dave Jones preferred to take a case-by-case approach as long as "[...] we have someone responsible for working on it, with the goal of getting it out of staging, and dealing with bugs etc. Not unlike the same reasoning for us adding various not-yet-upstream drivers to the Fedora kernel really."
While preferring to completely disable the staging drivers Thorsten Leemhuis expressed the intention to provide
kmods in that case. Dan Williams made a strong argument that "-staging" itself was a bad idea as it gave "legitimacy to drivers of questionable quality" and John Linville limned the tortured history of the
 "linux-staging" is a kernel tree whose purpose is to test drivers and filesystems for later inclusion in mainline http://lkml.org/lkml/2008/6/10/329
git-* Commands Moved to /usr/libexec/git-core/
Adam Tkac worried that scripts would break due to the latest git branch in rawhide which had moved all the
git-* binaries to
/usr/libexec/git-core in order to comply with upstream practice. The issue was previously discussed (see FWN#141[2)] with the resolution that updating to
git-1.6.0 would be a flag day for this change. Adam suggested that the new location could be added to the
PATH environment variable but this received no support.
Karel Zak advocated that such scripts should be fixed as the change had been coming since 2006.
Bryn Reeves wondered if compatibility symlinks and a release note would ease the transition over a couple of releases. Although the symlinks were generally felt to be a non-effective strategy Todd Zulinger was encouraged by Paul W. Frields to open a bugzilla entry against the Release Notes to ensure that the documentation team take care of highlighting the issue for
Mandatory FHS Adherence
JasonTibbitts posted a summary and links to the 2009-01-06 FPC meeting deliberations. Interest on @fedora-devel was mostly sparked by the item which declared that the FPC would "Make adherence to the FHS a MUST [.]" Jason encouraged reading of the full minutes in order to understand this item.
Doug Ledford discussed the problem his MPI implementations experienced with the FHS and Richard W. M. Jones expressed  concern that the FHS was a moribund standard and adhering to it would block projects such as MinGW without any method to evolve the standard. Toshio Kuratomi responded in detail in both threads and pointed out that the MinGW case had been addressed in the meeting and also that there were problems with changing the FHS.
In this section, we cover the Fedora Documentation Project.
Contributing Writer: Jason Taylor
Docs Project and FUDCon
At FUDCon the Documentation Project tasks were discussed and some headway was made. There is still work to be done and the information contained here can be used to pickup where tasks were left off.
Documentation Team Ownership Deadline
The Docs Project has divided the published documentation into teams. The teams consist of a Lead who manages the overall direction of the document and writers who write and/or edit various pieces of the published document. There are two publications that need a lead, the release notes and the packaging guide. The packaging guide needs a rewrite and the release notes will start the update/publication process for F11. The deadline for claiming a publication is the week of 11-Jan-2009.
In this section, we cover the Fedora Artwork Project.
Contributing Writer: Nicu Buculei
Echo News and Development
After a month of absence, Martin Sourada announced on @fedora-art a new issue of Echo Monthly News "We've just published latest Echo Monthly News Issue. Due too lack of enough content, it is joint of November's and December's happenings"
In other Echo related news, Martin announced a poll regarding the future development of the theme "I've just posted a poll about Echo Perspective on Fedora Forum to see our user base opinion and I'd like to hear the opinions of the Art Team members as well"
In this section, we cover Security Advisories from fedora-package-announce.
Contributing Writer: David Nalley
Fedora 10 Security Advisories
- proftpd-1.3.1-8.fc10 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00106.html
- xterm-238-1.fc10 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00109.html
- samba-3.2.7-0.25.fc10 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00189.html
- zoneminder-1.23.3-2.fc10 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00204.html
- thunderbird-188.8.131.52-1.fc10 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00232.html
- p7zip-4.61-1.fc10 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00242.html
- avahi-0.6.22-12.fc10 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00267.html
- openssl-0.9.8g-12.fc10 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00374.html
Fedora 9 Security Advisories
- xterm-238-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00072.html
- proftpd-1.3.1-8.fc9 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html
- thunderbird-184.108.40.206-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00239.html
- p7zip-4.61-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00243.html
- am-utils-6.1.5-8.1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00273.html
- samba-3.2.7-0.23.fc9 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00309.html
- openssl-0.9.8g-9.12.fc9 - https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00369.html
Fedora 8 Security Advisories
In this section, we cover discussion on the @et-mgmnt-tools-list, @fedora-xen-list, @libvirt-list and @ovirt-devel-list of Fedora virtualization technologies.
Contributing Writer: Dale Bewley
Enterprise Management Tools List
This section contains the discussion happening on the et-mgmt-tools list
Help Perfect Cobbler SELinux Policy
Dominick Grift posted
"instructions on how to install a bare SELinux policy for
. Feedback in the form of AVC denials would be appreciated so that we can perfect this bare policy."
Michael DeHaan asked "Would someone like to take a shot at refining this policy some or at least running Cobbler with that for a while (in permissive mode) to identify what else needs to be allowed?" and added the policy to the cobbler wiki.
Fedora Virtualization List
This section contains the discussion happening on the fedora-virt list.
New Fedora Virtualization List
On @fedora-xen, Daniel Veillard announced the creation of the new @fedora-virt list.
"As the initiator for [the fedora-xen] list, I must admit I made a mistake 3 years ago, I should have picked a list name agnostic from the hypervisor name. With the current state of Xen in Fedora recent releases it really make sense to try to correct that mistake ... it's never too late ! So http://www.redhat.com/mailman/listinfo/fedora-virt is born, I don't want to mass-subscribe people, especially as I think the current list should survive with its Xen centric focus. You can subscribe directly to the new URL above.
The topic is everything concerning Fedora and virtualization including Xen.
I think the [fedora-xen] list would be a good place for people still using Fedora <= 8 with Xen, but it's just a suggestion :-)"
And on @et-mgt-tools Richard W.M. Jones suggested "we should fold et-mgmt-tools into fedora-virt too."
Fedora Xen List
This section contains the discussion happening on the fedora-xen list.
Xen 3.3.1 in Rawhide
Manage Shutdowns of KVM Xenner Guests
Felix Schwarz used
to migrate a Fedora 8 Xen dom0 host to Fedora 10.
"So far this was easier than expected. :-) Of course there are some smaller issues (Xenner does not work with SElinux, NetworkManager does not support bridges) but now there is only one real issue left:
How can I automatically shut down all running VMs when my host machine goes down? All VMs do poweroff if I press the 'shutdown' button in virt-manager. So I guess it's just a matter of sending this signal to all running VMs and waiting a bit."
Test Dom0 Kernel For Fedora 10
Michael Young has "succeeded in getting a fedora based
to build with Dom0 patches added." ... "If anyone wants to inspect it, the source rpm generated is at http://compsoc.dur.ac.uk/~may/xen/kernel-2.6.28-0.106.rc6.fc10.src.rpm It is completely untested beyond the fact that it compiles for me, so I have no idea if a kernel built from it will actually boot."
See also Xen and Fedora wikis.
This section contains the discussion happening on the libvir-list.
Interface Bandwidth Controls
Max Zhen described a goal of enabling
to configure bandwidth rate limits for the network interface of virtual machines, and asked for comments on implementation ideas.
RHEL 5 Support
Markus Armbruster posted a
"patch series attempts to make
just work on RHEL-5. Right
now it doesn't, mostly because
libvirt relies on version number checks
in a couple of places, and RHEL-5's version numbers aren't the whole
truth due to various backports of later stuff." Adding
"I'm not proposing this for immediate commit, as I'm still testing.
But I'd appreciate review: is this the right way to do it?"
Choice of Private Network Range
- 192.0.2.0/24 - reserved as "test and example network"
- 198.18.0.0/15 - reserved as "benchmark test network"
Guest-Safe libvirtd Restarts
A restart of
libvirtd will necessarily also restart
KVM virtual machine guests.
Guido Günther sought to rectify this with a submission of several patches.