Fedora Weekly News Issue 105
Welcome to Fedora Weekly News Issue 105 for the week of October 8th. http://fedoraproject.org/wiki/FWN/Issue105
In Announcements, we have "The Fedora Fonts SIG is open"
To join or give us your feedback, please visit http://fedoraproject.org/wiki/NewsProject/Join.
In this section, we cover announcements from Fedora Project.
Contributing Writer: ThomasChung
The Fedora Fonts SIG is open
NicolasMailhot announces in fedora-announce-list ,
"Last month's consultation showed there was enough possible contributors and needed work to justify creating a Fedora Fonts Special Interest Group. To get the ball rolling I've started seeding a Fonts SIG space in the Fedora wiki ."
In this section, we cover a highlight of Planet Fedora - an aggregation of blogs from world wide Fedora contributors.
Contributing Writers: ThomasChung
Ontario Linux Fest
AndrewOverholt points out in his blog ,
"Yesterday was the first Ontario Linux Fest out by the airport. I had met one of the organizers at the Red Hat Summit in 2006 and he contacted me a while ago asking if I’d do a talk on Eclipse. I accepted and after that things really got rolling; we ended up having both Eclipse and Fedora booths in the .org pavillion."
In this section, we cover Fedora Marketing Project.
Contributing Writer: ThomasChung
Interested in a Fedora Marketing Meeting?
RahulSundaram reports in fedora-marketing-list
"Now that we have some good amount of interest in marketing Fedora, it might be a good time to start those meetings again, plan, schedule and DO important things. I was hoping we could do one coming Oct 13 Saturday whatever time that is preferable to folks and see what pans out. The agenda would be come up with a proper marketing plan ahead of the Fedora 8 release. Let me know who is interested and what time would be appropriate for you."
Fedora Interview 4
JonathanRoberts reports in fedora-marketing-list ,
"Over the past few releases, Fedora has gained a reputation amongst the various distributions for having some of the best artwork out there. This time around, responsibility has been handed over entirely to the community Art Team, and they've done themselves proud! Read on to find an interview with MairinDuffy. Fedora Art team lead and previews of some of the key elements belonging to the infinity theme."
In this section, we cover the problems/solutions, people/personalities, and ups/downs of the endless discussions on Fedora Developments.
Contributing Writer: OisinFeeley
Killing Kittens With Yum-updatesd
A short, to the point, email from MikeCohler requested information about how well yumupdatesd worked and whether it would be in Fedora 8. JamesAntill responded with the information that the Fedora 8 package of the same name was completely different one and should have fixed many problems. He suggested installing it on Fedora 7 machines by using yum install yum-updatesd --enablerepo=development.
The point about many improvements was echoed by LukeMacken, who emphasized the improved memory usage. AlecHabig added that the old cron-based method was available as yum-cron which led JeremyKatz to discuss the performance problems caused by anacron on systems which are not always on. VilleSkyttä was interested in whether yum-cron was capable of operating in a "download and notify only" mode and it seemed after intervention from SethVidal that this may be possible.
Three questions were posed by ArthurPemberton: 1)does yum-updatesd block yum and pirut; 2) does the GUI work in KDE; 3) is there a silent download, interactive-install mode? JeremyKatz replied that with regard to the first it was not possible to guarantee correct behavior if multiple transactions occurred simultaneously. Problems with yum-updatesd being deadlocked due to threading had also been sorted out. The latter two were answered affirmatively.
Arthur clarified that what he had meant was to ask whether it was possible to have Yum work in a read-only mode to check for updates and not block other applications. RichardHughes replied that this was indeed possible with the latest PackageKit, while JeremyKatz explained that with the current tools it was not possible because the repodata is changed in place and it could be made inconsistent.
Adding to Jeremy's response to the three questions JoseMatos confirmed that yum-updatesd worked for him and that puplet worked fine in KDE. Further discussion with Arthur and LubomirKundrak revealed different levels of tolerance for the mutual blocking that each application establishes. Attempts to suggest alternatives by Lubomir and Arthur[14a] were dissected by SethVidal, with the sticking point always being that the rpmdb needs to be kept in a consistent state, which essentially means blocking anything else from accessing or changing it until transactions are completed.
TimLauridsen could not see the advantage of gaining a few seconds at the expense of consistency, and JefSpaleta suggested a way of killing time (and a kitten) while Yum does its work.
Merging Totem And Totem-xine?
A proposal from StewartAdam to allow users of the Totem video player to choose either the GStreamer or Xine backends sought advice on whether to use the alternatives system or to have the two engines conflict.
A vote was cast in favor of alternatives by HansdeGoede as it would allow the mozilla plugin to switch betweent the two. ToshioKuratomi suggested that one should be picked as the default and a shell-script and environment variables used to choose which should run. BastienNocera also liked this idea and mocked-up a sample script which would allow changing the backend for all applications simultaneously (instead of allowing each application to choose which backend to run). He later mentioned that BillNottingham had suggested that GConf could be used for this purpose.
Although Bastien stated that he did not intend users to see the feature at all Stewart wondered whether a simple example dialogue box would be useful. In response to JesseKeating he further expanded the text which would could be presented to the user. This opened up the problem of trying to explain to a hypothetical non-technical user what choices are being presented to them, as pointed out by PeterGordon(who also corrected Stewart on the availability of DVD-menu support with Fedora's Xine) and Bastien .
SAMBA: The GPLv3 License Dance Begins
A little while ago the Samba Team announced that all future releases would occur under the (L)GPLv3 license. SimoSorce explained on October 3rd that this would affect versions 3.2.0 onwards and hence Fedora 9, but not Fedora 8. Not much was said about this until six days later when a minor flamefest broke out.
The majority of the ensuing discussion covered two topics. The first, raised by VilleSkyttä (and which apparently stimulated the other topic) was that KDE would be seriously affected because kdebase and kdebase4 were using GPLv2 only. The second was whether this widely pre-signalled move was something which the Samba Team should reconsider because of the negative effect it would have other projects.
It appeared that KDE is affected because of its use of libsmbclient which is linked with the kio_smb process as identified by KevinKofler and also that both Nautilus and Konqueror use libsmbclient. VilleSkyttä noted that gnome-vfs uses libsmbclient as a module  but the licensing is better (LGPLv2, LGPL+, GPL+). AlexanderLarsson argued that as the smb module runs in a daemon the module's license does not affect other applications linking to gnome-vfs. Further discussion with SimoSorce suggested that the gnome-vfs situation is actually improved vis-a-vis GPLv3 because it details the use of a generic "Standard Interface". BillNottingham was still worried, but HansdeGoede pointed out that the daemon license was LGPLv2 which is GPLv3 compatible. In response to a query from JefSpaleta it was suggested[10a] by SimoSorce that Evolution may also be affected by this problem.
RexDieter confirmed that because of KDE's use of Qt they needed to wait while Trolltech decided what to do about becoming compatible with GPLv3. He suggested that SMB support would have to be dropped temporarily. DanielBerrange suggested that a compat-libsmbclient could be kept so that KDE3 (which is GPLv2 only), and other potential software, could link against it while GPLv3 compatible software could link against the new, relicensed GPLv3 libsmbclient.so. An alternative is to keep the old GPLv2 libsmbclient.so in a private lib directory inside the KDE package. LaurentRineau begged for the retention of SMB functionality and also thought that not changing the soname could make Daniel's scheme unworkable. However SimoSorce stated very clearly that the soname would not be changing.
ChrisAdams thought that the soname should change for any incompatible change and while JefSpaleta agreed because it would help the Fedora Project contributors to avoid licensing violations. Jef was careful to recognize the right of Samba to choose whatever license they saw fit. BillNottingham and "Dragoran" also seemed to advocate that Samba, as the upstream, should change the soname but SimoSorce disagreed , pointing out that binary compatibility would be broken thus complicating upgrades. Simo laid out what he saw as the likely paths towards resolving the problem and the inutility of changing the soname.
AndrewBartlett suggested that a depsolver examining License tags would help but ToshioKuratomi thought this was a separate issue and restated the problem and its possible solutions, namely: 1) a soname bump; 2) a static library or private directory for a GPLv2 version; 3) a rename of the soname. Andrew responded that the maintenance of a potential compatibility package produced by option #1 was likely to be a problem. He added that it was disturbing that these problems were only being raised at this late stage. RahulSundaram responded that presumably those affected by the licensing had the motivation to maintain the package and admonished Andrew to the effect that Samba did not exist in a vacuum and it would take months to transition for both GNOME and KDE. SimoSorce wasn't impressed with the suggestion that Samba had acted in a cavalier manner and made a strong case for the current problem being due to the conscious choice of GPLv2 only by projects who now are not moving quickly enough to fix the problem.
Rahul introduced another more optimistic scenario which suggested that some projects are willing to change and just need a bit more time. The introduction of a compatibility package would, he argued, ease their transition period. AndrewBartlett characterized this as "sweeping the issue under the carpet" and suggested that given the long lead-up to this problem any supposedly temporary measure would turn into a long maintenance period instead of "[the issue being] magically resolved later". Rahul wanted to know what was supposed to happen if Andrew were correct and NicolasMailhot argued that because Samba users really, really needed the very latest versions (due to deliberately introduced Microsoft incompatibilities) there was a strong incentive for dependent projects to get their act together. He likened the situation to out-of-tree drivers. ChrisAdams replied to Simo that the MySQL client library provided a precedent for dealing with the problem in the way which Rahul had suggested.
Frustration was expressed several times throughout the debate with the Samba Team. MatthiasClasen opined "samba just ignores the problems that it causes for its dependencies" and RalfCorsepius extended the discussion to include what he saw as reasons for not choosing GPLv3 and the "fundamentalism" of the FSF. In turn he was asked by SimoSorce not to troll and AlanCox cast doubt on his worries about a German legal interpretation of the "GPLv2 or any later" licenses. NicolasMailhot simply responded several times that any project was free to choose any license for their own work, but when using others' work you had to abide by their license. This point was later conceded by Ralf.
The wider problem for the Fedora project was outlined by JefSpaleta, namely that all KDE package maintenance might have to stop in the lead up to Fedora 9. Andrew replied that building the optional libsmbclient parts of the KDE4 packages could just be eschewed and Jeff decided to refer this option to the KDE maintainers.
AndyGreen suggested that perhaps the gstreamer plugins situation provided a model for a way around the impasse. NicuBuculei disagreed pointing out that gstreamer concerned patents, not licenses, and attempting to defer combination of the problematic software to the end-user would result in a willful violation of the GPL. KevinKofler saw a similarity to the distribution of proprietary Nvidia kmods linked against the kernel by third-party repositories. AndyGreen agreed and detailed how it would work, and asserted that it "does not violate any terms or intention of the terms and is nice and clean." This did not appeal to DavidNielsen who explained the possible dangers inherent in not doing the work to keep Fedora in possession of a current samba which tracks upstream closely.
HansdeGoede weighed in to suggest that this was all very reminiscent of the old issues with QT licensing which had led to the need for GNOME He suggested that concerned parties should apply pressure on Trolltech instead of on the Samba Team. OlivierGalibert helped rake over the cooling, but still warm, embers of distant GNOME vs. KDE flamefests and AlanCox responded with a mild defence of the genesis of GNOME.
DavidNielsen's thoughtful response to the problem attributed the blame squarly to Trolltech and mentioned several undesirable scenarios ranging from the Fedora Project maintaining a GPLv2-only fork of Samba to KDE users missing out on the latest Samba features. ToshioKuratomi responded that while largely in agreement with the possible solutions he would prefer to see the actual KDE maintainers make any decisions on the topic as they would be the ones responsible for the work. Toshio introduced the amusing extra option of porting kio_smb to gnome-vfs.
OpenSceneGraph ExcludeArch Stimulates Koji Notification Level Request
An upset ChristopherStone complained that package maintainers dependent on OpenSceneGraph had not been informed by its maintainer (RalfCorsepius) when he used an ExcludeArch: ppc64. Christopher asked whether there was a requirement when using ExcludeArch to file a blocking bug. (See FWN#104 , FWN#103 , FWN#90 for earlier discussions.)
 "ExcludeArch Packaging Bug Resolved For 'gnome-python2-extras'" http://fedoraproject.org/wiki/FWN/Issue104#head-3b9b839930664f057d317b6fb9e00aa37e5a7242
 "Fedora Secondary Architectures Proposal" http://fedoraproject.org/wiki/FWN/Issue90#head-271f52b8e5603cd40d00d7c44ec8632cae42b1aa
MichaelSchwendt replied with evidence that Ralf had indeed followed the mandated procedure of placing the bug number in the spec file as a comment next to the ExcludeArch line. Ralf wondered what all the fuss was about anyway because OSG had never been supported on Fedora 7 ppc64, and Fedora Core 6 had never had any ppc64 support at all. Chris replied that Ralf should not worry about it and he had merely been surprised when his builds failed. JesseKeating added the correction that there had been a mass rebuild by release engineering for ppc64 and apologized for not communicating this.
While admitting that he had missed the notification Christopher reiterated that there should be a better way of doing this. He suggested that there should be some way for a maintainer to email notifications to each package maintainer who BuildRequires their devel package. ToddZulinger replied that there were a very limited number of people with the knowledge of the infrastructure tools (bodhi, koji, etc) and spare time. He suggested that Christopher could add a notification in Koji so that he would be alerted each time a package he depended on was changed. Christopher liked the idea of a checkbox in Bodhi to do this and wondered if it was just a matter of a simple SQL query. ToshiKuratomi replied that the PackageDB does not currently track the information but that Koji might and it was confirmed by JesseKeating that some of the information is in Koji but that it is ambiguous.
Christopher decided that the current notification system held the most promise and filed an RFE for levels of notification.
NTFS Resize During Install?
NealBecker reminded the list that the ability to resize NTFS partitions during install would be nice. He wondered if there were any chance this functionality could be included in anaconda. PaulWouters wondered whether there was a patent issue and Tom responded that there was none of which he was aware.
ThorstenLeemhuis asked Tom why the in-kernel NTFS support was still disabled and later supplied evidence that the kmod was downloaded by significant numbers of people from a third-party repository. A slightly tense exchange developed when Tom replied with a list of reasons to prefer using the FUSE-based NTFS-3G including assertions about a lack of maintenance of the NTFS kmod upstream. These allegations were vigorously disputed by Thorsten and ChristopherBrown . It seemed from later links posted that the hiring of one of the original ntfsmount developers by Apple and the subsequent substantial delays of promised code releases are one of the issues. ChristopherBrown posted evidence which he claimed showed that the kmod had superior performance to NTFS-3G, but JefSpaleta challenged this claiming instead that the data was for WinXP's native NTFS performance.
RahulSundaram said that the third-party repo (the name LIVNA was coyly avoided) should stop providing the kmod because it mislead people into believing that Fedora does not have native NTFS support. Thorsten bridled at the suggestion and satirically suggested removing more choice by dropping KDE.
JeremyKatz asked whether Neal was volunteering to help, because while he recognized the value of the idea it was a large task which needed volunteer assistance. He drew attention to the presence of gparted on the Fedora 7 (and up) LiveCDs which can resize ntfs partitions. Neal declined to volunteer and asked whether there was somewhere useful for ideas to be recorded instead of lost on the list. Rahul responded with links to how to file an RFE and write a feature proposal.
The primary developer behind NTFS-3G (SzabolcsSzakacsits) responded to ChristopherBrown detailing why it might be fair to call the kernel NTFS driver "old, crufted, and poorly maintained". Szabolcs cited the responsiveness of the FUSE kmod maintainer (MiklosSzeredi of Novell) as one of the reasons why it could be seen as better maintained. Christopher asked for some evidence that enterprises were running the NTFS-3G (e.g. NTFS over FUSE) code and also downplayed an instance of a patch to fix serious corruption which had apparently languished for some time. In closing he argued (similarly to Thorsten) that Fedora should ship both solutions (but with mount.ntfs renamed to mount.ntfs-3g to remove confusion). Szaka responded in detail with information on the "partial fork" of libntfs and ntfsmount, now followed by the utilities being forked and suggesting that FUSE is becoming more important.
A list of packages which are still using gethostby* functions instead of getaddrinfo was posted by UlrichDrepper. His list totted up the number of programs with this problem per package. Samba came out far in the lead, followed by sendmail. PádraigBrady suggested that Ulrich's own explanation of the problem would be useful reading. In a nutshell the old gethostby* functions are marked as obsolete by POSIX 1003.1-2001 and have problems especially on machines with more than one interface.
AndrewBartlett responded for the Samba Team with praise of DavidHolder's work to fix Samba in this regard, but that there were situations where IPv4 had to be used for the CIFS protocol. Ulrich thought that the message still had not penetrated that getaddrinfo should be used for both IPv4 and IPv6. SimoSorce also answered that Samba-3.2.0 (likely to land in Fedora 9) should be better about this issue.
An addition to the list was made by DanielBerrange when he noted that as QEMU was there then Xen could be added too. He identified it as a hard problem, but essential and one which he would tackle in order to get QEMU's VNC server fully IPv6 to complete the work on the rest of the stack.
RichiPlana seemed eager to help out with making patches to Fedora packages and then submitting them to their upstream maintainers. He worried that the diversity of platforms would mean that messy preprocessor directives would be needed. Ulrich suggested autoconf, and argued that because use of gethostby* functions was so obviously wrong that Fedora should carry these patches until their upstreams inevitably accept them. KevinKofler agreed with Ulrich and pointed out that XP-era winsock even supports getaddrinfo().
Some disagreement was expressed when ChrisAdams disputed that the RFC on Ulrich's livejournal page was relevant and also characterized the situation described there as "contrived". His statement that he had not seen any deprecation or obsoletion of gethostby* functions was responded to very shortly by Ulrich.
Deeper queries by SimoSorce concerning the breaking of IPv4 DNS round robin assignment by glibc's getaddrinfo() seemed to reveal a potential problem and led ChrisAdams to wonder whether Ulrich had read RFC 3484 as it was irrelevant IPv4.
GDM User Creation
The prolific RichiPlana made another suggestion to improve the Fedora user experience. This time he envisioned the ability to create user accounts at the GDM greeter.
DouglasMcClendon was keen on the idea and added that it would be nice if the entry of an unknown username would create a new account and later prompt for an administrative password to confirm whether this was allowed. MatthiasClasen posted a link to a prototype for this type of guest account creation. Richi liked the sound of Douglas's suggestions and alluded to what was to become a major stumbling block in the discussion: the assumption that revealing the validity of account names is not a security lapse.
The security issue was tackled by SimoSorce who added that as GDM could be reached using XDMCP the proposal could expose the existence of valid user names over the network. SteveGrubb agreed and added that it would complicate the construction of a proper audit trail by hiding the real UID of the account creator. MattMiller objected that GDM could behave differently locally or via XDMCP but agreed with Douglas and Steve that the feature should be easy to de-activate due to its undesirability in many security settings.
LubomirKundrak was unconvinced that leaking username existence was a threat. Although SteveGrubb provided an example of a timing-based attack on PAM thing were complicated when he specified that a tuple of (machinename, username, password) was necessary for a successful account breach. Lubomir clung to the point that the password was the only reasonable secret. AlanCox pointed to Cisco VPN attacks as another example and also separately highlighted how the the search space for the attack increases dramatically when using two items to be guessed. NicolasMailhot and SimoSorce thought that finding usernames via other vectors was usually so easy as to invalidate this point.
CDs, DVDs Or Netboot Oh My!
The list was asked by MikeMcGrath to choose which of the many possible install methods should be the default in the future. Mike presented the problem from the historical perspective of Fedora 7 introducing install methods (such as the LiveCD) which remove the ability to select packages and upgrade during installation.
It turned out that this wasn't strictly accurate, or at least was worded a bit confusingly. In an interesting and detailed email JohnPoelstra asked why a system installed from a LiveCD could not be upgraded. He also suggested that boxes without DVD burners and readers would also tend to have poor network connectivity and personally favored a network install from the rescuecd image. His post brought quite a few reactions. MikeMcGrath explained that the LiveCD install was a copy of an image (that is, there are no rpms installed) and anaconda differs in how it handles the LiveCD or a normal install. SethVidal corrected that it was perfectly possible to upgrade after this live image was booted. It just was not possible to upgrade from the live image.
This point was brought up again when AlanCox and LubomirKundrak expressed the need for a simple CD set (Alan citing loss of users to Ubuntu over this issue). RahulSundaram in response suggested the LiveCD and was asked about the upgrading issue to which he answered that running yum upgrade after installation worked for him. Rahul also linked to an interesting "preupgrade" proposal to simplify the live updating of a user's machine. JesseKeating and MikeMcGrath read the question a little differently and pointed out that even with full CD and DVD sets it wasn't always possible to upgrade all packages without network connectivity.
DougWarner expressed an interest in helping out with the upgrade situation, especially for "online" upgrades and MattMiller suggested that the first step would be to hunt through anaconda to collect the "crufty special-case upgrade code" into a "yum-upgradecruft" plugin, which could eventually be shared with anaconda.
AlanCox exclaimed "oh god, not this again!" and explained that many laptops came with good network connectivity, the ability to burn/read CDs but without the ability to burn/read DVDs. JohnCiesla built on this to argue that without a DVD drive it appeared that upgrading could only be done via Yum, but that this was not a supported path. This was roundly rebutted by many people anxious to quell this misconception. JesseKeating suggested the use of the rescue and boot isos with network or harddrive caches of the packages. KevinKoffler expanded on this in a particularly good post which explained how to use the harddrive and GRUB to upgrade. RahulSundaram pointed to the Fedora 7 FAQ and PaulFrields also mentioned the installation guide. Elsewhere Paul asked for people to take a look at the Fedora 8 installation guide and to contribute their corrections and additions.
A suggestion from ChrisAdams that the LiveCD package set might fit onto a single CD was dismissed as unlikely by BillNottingham, but DavidZeuthen was more optimistic, and compared the compressed RPM payloads to the compressed LiveCD contents.
DouglasMcClendon was very interested in the topic. He had previously done some work on . Douglas provided a link explaining how to use a large USB key for an install in response to BennyAmorsen's request.
The current situation of being able to do package selection after installing the LiveCD was discussed in depth in a longish thread. NicolasMailhot was deeply unimpressed with this option, comparing it unfavorably to Windows' irritating rebooting during installation. LubmoirKundrak wondered what was so wrong with that and noted some anecdoates about SuSE and Caldera having the ability to switch to running the installed system without a reboot. MattMiller agreed that he had done this on Fedora using kexec.
YUM Update Memory Issues
An attempt to update Fedora7-test2 (64 bit) to rawhide by PaulWouters was reported by him as failing due to memory issues. His 1GB RAM had 406MB used for a reasonably standard workload and Yum had completed all the presumably memory-using dependency checks before crashing. Paul wondered what was sucking up the approximately 300MB of RAM.
PeterArreman tried to help out by suggesting that maybe the problem was due to the nv driver while running dualhead and provided some handy tips about using xrestop to see X memory hogs. Unfortunately it wasn't this easy as Paul was running a single screen.
A thorough diagnosis was provided by JamesAntill who suggested that the problem was due to a lack of swap and originated in possible dead memory due to updated files. James also wondered why Paul considered a memory requirement of 300MB to update nearly 1GB of files was unreasonable. He attached a script to show where and how much dead memory Paul had.
JohnReiser explained that the implementation of Yum in Python led to some potential problems with freeing up memory and suggested some ways in which this might be solved.
In response to SeanDarcy it was further explained by James that applications needed to be restarted so that old shared libraries left by prelink could be cleaned from memory. This stimulated MattMiller to ask for some figures on the benefits of prelink on modern hardware, to which James outlined some things to think about and suggested that users updating frequently without rebooting the machine were most likely to suffer this memory rot.
CurtisDoty was inspired to add a patch to the script to reveal which processes were responsible for the deleted libs.
In this section, we cover discussion in Fedora Fonts.
Contributing Writer: MichaelLarabel
New Fedora Fonts Initiative
With the poor but improving state of fonts in Linux, the fedora-fonts-list has been established as a special interest group for Fedora, EPEL, and the OLPC. It will not be strictly fonts, but also text rendering/layouting will be discussed. Among the objectives for this new group is to find the best fonts for internalizational and localization reasons, packaging new fonts and new font tools, FLOSS font evangelism, font creation and design, identifying font or text problems, and choosing the Fedora font defaults. If you are interested, be sure to sign up for the fedora-fonts-list mailing list .
This section, we cover the news surrounding the Fedora Translation (L10n) Project.
Contributing Writer: JasonMatthewTaylor
Online Translation Tools
This week more discussion was had, the group consensus was to try and start using Pootle and work with the Pootle team to extend it as needed. If you are interested in helping with the project feel free to drop them a line.
Release Notes for F8 Final
PaulFrields let it be known that the release notes have been completed and are ready for the translators to begin working on them. As with the F7 release any translation 90% complete with be included and the team is also doing a zero-day update so last minute changes can be added.
In this section, we cover the Fedora Infrastructure Project.
Contributing Writer: JasonMatthewTaylor
publictest DNS Entries
MikeMcGrath sent a note to the list this week mentioning that Jima added DNS entries for publictest(1-9).fedoraproject.org and requested that those with reference to publictest(1-9).fedora.redhat.com begin transitioning to the new DNS.
This week saw some discussion about routes to take for additional storage as the Fedora Project has grown and packages among other things are taking additional space. Koji (the buid system) currently uses some netapps for storage via NFS which is fairly expensive, MikeMcGrath was looking for some additional ideas from the community so if you have ideas feel free to voice them.
MikeMcGrath posted here about memory upgrades to multiple servers this week (14-Oct-07) and listed the effected servers/services among them is releng1. If you use the any of the servers stay tuned for outage information!
In this section, we highlight the security stories from the week in Fedora.
Contributing Writer: JoshBressers
OpenSSL Security Advisory
A very scary OpenSSL flaw went public last week:
On the surface this looks like a horrible flaw, which it is. The redeeming factor is that very little uses DTLS in OpenSSL. After an audit of Red Hat Enterprise Linux, we determined that nothing is shipped that actually uses DTLS.
Air Force to get ‘cyber sidearms’
This is a rather odd idea the US Air Force seems to be planning to use. It seems the idea is that if a user thinks their computer has been compromised, they can somehow alert someone who can verify this. I'm going to guess this isn't going to work. It can probably be suggested that most of the machines in the 50 million computers that are part of the Storm Botnet do not have users that know they're a part of the network. No doubt some portion of Air Force personnel will be able to tell if their computer is hacked, but most probably can't.
Advisories and Updates
In this section, we cover Security Advisories and Package Updates from fedora-package-announce.
Contributing Writer: ThomasChung
Fedora 7 Security Advisories
- ruby-184.108.40.206-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00097.html
- util-linux-2.13-0.54.1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html
- wesnoth-1.2.7-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00194.html
- hplip-1.7.4a-6.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00200.html
Fedora Core 6 Security Advisories
- elinks-0.11.3-1.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.html
- xen-3.0.3-12.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html
- kernel-220.127.116.11-61.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html
- kdebase-3.5.7-1.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html
- kdelibs-3.5.7-1.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00085.html
- ruby-18.104.22.168-1.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00087.html
Events and Meetings
In this section, we cover event reports and meeting summaries from various projects.
Contributing Writer: ThomasChung
Fedora Board Meeting Minutes 2007-MM-DD
- No Report
Fedora Ambassadors Meeting 2007-MM-DD
- No Report
Fedora Documentation Steering Committee 2007-10-14
Fedora Engineering Steering Committee Meeting 2007-MM-DD
- No Report
Fedora Extra Packages for Enterprise Linux Meeting 2007-10-10
Fedora Infrastructure Meeting (Log) 2007-10-10
Fedora Localization Meeting 2007-MM-DD
- No Report
Fedora Marketing Meeting 2007-10-13
Fedora Packaging Committee Meeting 2007-MM-DD
- No Report
Fedora Release Engineering Meeting 2007-MM-DD
- No Report