Fedora Weekly News Issue 112
Welcome to Fedora Weekly News Issue 112 for the week of December 3rd. http://fedoraproject.org/wiki/FWN/Issue112
In Announcement, we have "FUDCon Raleigh 2008"
In Planet Fedora, we have "CentOS really does fill a gap", "Fedora 8 Re-Spin in the making", "FDSCo nominations underway", "Fedora update metrics", "FAmSCo nominations/elections"
To join or give us your feedback, please visit http://fedoraproject.org/wiki/NewsProject/Join.
In this section, we cover announcements from Fedora Project.
Contributing Writer: ThomasChung
FUDCon Raleigh 2008
MaxSpevack announces in fedora-announce-list ,
"The next FUDCon (Fedora User and Developer Conference) will be in Raleigh, NC from January 11-13, 2008. The event is 100% free to attend."
In this section, we cover a highlight of Planet Fedora - an aggregation of blogs from world wide Fedora contributors.
Contributing Writers: ThomasChung
CentOS really does fill a gap
PaulFrields points out in his blog ,
"To second what Jayson Rowe said, CentOS really does fill a gap. As a person who works on Fedora almost exclusively in his spare time, CentOS is the perfect way for me to experience performance equivalent to Red Hat Enterprise Linux — albeit without the support options — and take advantage of the very long horizon of platform durability. RHEL is the gold standard in Linux stability and performance, so there’s no better way for any hobbyist to run his own servers with zero financial impact than to use CentOS. CentOS is to the Internet homesteader what RHEL is to business."
Fedora 8 Re-Spin in the making
JeroenVanMeeuwen points out in his blog ,
"A Fedora 8 Re-Spin is in the making, and as often we have a couple of issues we want to resolve with this Re-Spin."
"Just so that it is clear; we do need you to let us know what it is you want resolved in a Re-Spin, or otherwise, possibly, we end up with a Re-Spin being released that still has the bugs or errors you wanted to see resolved."
FDSCo nominations underway
PaulFrields points out in his blog ,
"According to our schedule, the Fedora Documentation Steering Committee (FDSCo) nominations are open. We have three seats up for election this cycle. Vigorous work is underway for more documentation for Fedora 8/9, and we want to see strong community leadership driving the development of these docs."
Fedora update metrics
LukeMacken points out in his blog ,
"Using flot, a plotting library for jQuery, I threw together some shiny metrics for bodhi. It's pretty amazing to see how a Fedora release evolves over time, with almost as many enhancements as bugfixes. This could arguably be a bad thing, as our "stable" bits seem to change so much; but it definitely shows how much innovation is happening in Fedora."
SandroMathys points out in his blog ,
"Today I nominated myself for the FAmSCo (Fedora Ambassadors Steering Committee) elections taking place very soon. Actually, the nomination-period would be over already if there were enough volunteers, but not the period has been extended for one week as written in the election rules."
The Fedora Daily Package departed from its usual format this week to run a special "Focus Week" dealing with system recovery tasks. These five topics were included in "System Recovery Week".
Contributing Writer: ChrisTyler
System Recover Week
- Single-User Mode  - Using runlevel "s" to solve basic system problems.
- Rescue Mode and Reinstalling Grub  - Booting into rescue mode from optical disk, and reinstalling a damaged or overwritten Grub bootloader.
- Using LVM in Rescue Mode  - Finding, activating, and using Logical Volumes in rescue mode.
- Recovering RAID Devices  - Gaining access to damaged RAID arrays.
- Dealing with Disk Images  - Accessing data on disk image files created during rescue operations or from Xen/KVM virtual machines.
In this section, we cover Fedora Marketing Project.
Contributing Writer: ThomasChung
Interview with Brian Stevens with Red Hat
RahulSundaram reports in fedora-marketing-list ,
"So, Fedora 8, just made available in the last week, had 54,000 downloads and installs that we can even measure in the first four days, a vibrant development community around next generation technology whether that be KVM or appliances or spins or network manager improvements. So, Fedora is absolutely the place to watch the OS evolve."
Fedora 8 - More than a Linux Distribution
ThomasChung reports in fedora-marketing-list ,
"One of the most popular free-as-in-freedom Linux distribution, Fedora Linux, released its latest version, Fedora 8, earlier in November. In addition to being a fantastic release, Fedora's user and development community and a clear headed approach makes Fedora 8 much more than a Linux distribution."
Fedora Store meeting summary
MaxSpevack reports in fedora-marketing-list ,
"I do think that a Fedora Store session would be a useful thing to have for part of a day at the FUDCon Hackfest."
In this section, we cover the problems/solutions, people/personalities, and ups/downs of the endless discussions on Fedora Developments.
Contributing Writer: OisinFeeley
TeXLive In Rawhide
The availability of TeXLive in rawhide was announced by JindrichNovy on the 3rd Dec. This is excellent news for TeX users as the teTeX distribution had been unmaintained since mid-2006. As a result Fedora users now benefit from an actively maintained TeX distribution with more styles available.
Jindrich was kind enough to produce packages for Fedora 8 as well as for rawhide and MilosJakubicek posted that he had used Jindrich's test repository to install them onto Fedora 8 with no problems. Full details on how to use the repository were included on the wiki by Jindrich.
The magnitude of Jindrich's packaging feat was noted by JonathanUnderwood in a question about the obsoleting of teTeX and the details of how TeX sub-packages should be named and what they should require. PatriceDumas answered that package renaming and dependencies were separate issues and that the use of new virtual provides would allow switching TeX distributions more easily. In response to a request from Jindrich, Jonathan opened a bugzilla tracker entry which explains the issue very clearly.
A brief problem was experienced during the initial build of the packages as reported by JesseKeating. It seemed that the problem was due to the "Obsoletes:" and "Provides:" being incorrect and this was fixed by Jindrich. An educational thread about version-release comparisons was spun between TillMaas and MichaelSchwendt.
Sub-Packaging: Gentooification, Ubiquitous Fragmentation Or Choice?
After JoachimFrieben had a bugzilla report closed with "NOTABUG" when he reported that the "vtk-devel" package pulled in too many dependencies he posted a request for discussion of a standard policy to deal with splitting packages into smaller units. Joachim contrasted the manner in which "plplot" was sub-divided with the monolithic nature of "vtk-devel".
PatriceDumas expressed clear opposition to a standard policy, preferring to rely instead on packager knowledge. He also argued that from a user's perspective increased granularity imposed a need to become aware of, and to install, the subpackages. Patrice developed these points further in response to RichiPlana's expression of desire for such a guideline. Patrice's rather convincing argument was that a guideline could not cover all cases and he backed this up for the specific example under discussion, showing that that packaging of "vtk" itself had been fine-grained, but that "vtk-devel" had been more monolithic because of the expectation that a "-devel" package provides all that is needed to develop with that package. Later RexDieter expressed the idea that packaging splits should be performed with the objective of benefiting runtime and WarrenTogami drew a parallel with how "pidgin" had been handled: "PERL" and "Tcl" capability was split out of the runtime so that users without a need for these scripting extensions did not have to install all of PERL and Tcl, yet the "pidgin-devel" package did include these dependencies.
The advantages of sub-packages were proposed by LeszekMatok as a means to escape the "dependency hell" reputation which is often unfairly attached to Fedora and there was violent agreement expressed on this point by ChristopherStone in the context of Fedora being used as a base for other distributions. RexDieter wondered why this sub-packaging was an essential pre-requisite to improving Fedora as a base distribution. Christopher's demurral to provide further details prompted satire from JesseKeating and an excellent overview of the problem from YaakovNemoy. Yaakov suggested that too much choice was to be avoided and that perhaps such needs were best met by internal customization of Fedora. Christopher responded with anecdotal evidence that Gentoo was indeed becoming preferred to Fedora precisely for these reasons.
Joachim was unconvinced by these arguments and posted  evidence that "vtk-devel" was not actually a self-sufficient package and disputed the distinction between developers and users which had been drawn as part of the rationale for allowing a certain amount of user-unfriendly bloat.
TomCallaway echoed Patrice's argument that software worked on different models and that it was difficult to force it all into the same packaging strictures. He added the suggestion that if there were sufficient interest and concern on the point then a SIG could be formed to suggest sub-packaging improvements where desired.
JonathanUnderwood suggested that the argument was "too hand wavy and nebulous" and asked whether Joachim had submitted a patch which could provide the basis of a technical discussion.
YUM: Should It Update Itself First?
A query from "DrDiesel" about why kmod updates were failing was answered by SethVidal that this was due to a bug in YUM which had been fixed in yum-3.2.8.
WillWoods noted that there had been many bugs lately where the solution had been to update YUM and its dependencies prior to updating anything else. He asked whether it was feasible to make this behavior automatic. HansdeGoede thought it was important that this should only be done when everything was set for an update. Otherwise simply the selected package and dependencies should be installed. Another caveat was added by SethVidal, namely that blind automatic updates of YUM and its dependencies would lead to problems when jumping distribution versions.
Replacing Tail With Inotify Aware Version
On Dec 5th FlorinAndrei drew attention to a cool version of "tail" named "inotail" for which he had written a spec file and produced packages for some architectures and distributions. "Inotail" substitutes the regular polling of a file obtained in follow-mode with inotify triggers sent from the kernel upon specified changes to the file. The result is both faster and also conveys a more accurate picture of when events occur. Florin asked for anyone interested to take over the package and shepherd it through the submissions process as he was short of time.
Interest was expressed by MarcelaMaslanova and ManuelWolfshant (who had already packaged it). Manuel suggested adding it to inotify-tools and offered to review the package. TomasMraz preferred that a patch was prepared to add the functionality to the existing tail contained in coreutils. KarelZak thought that there were potential portability issues, but ColinWalters disagreed and after some discussion of the potential for a problem with scripts depending on the current effect of sleep on tail -f MartinEbourne agreed . JesseKeating pronounced himself happy to remove inotail once the current tail had been patched.
ParagN drew the attention of would-be packagers to the package created by JesseKeating shortly after Florin had first made his announcement.
Smolt UUIDs Broken (Danger Awful Puns)
A request for a follow-up on earlier discussion about the apparent brokenness of the Smolt database was posted by JonMasters. The issue was that hundreds of profile submissions were being made per month against particular UUIDs. Jon speculated that a common hardware device was being inappropriately included in the pool used as a source of entropy for generating random UUIDs. (This is done so that each Smolt user is anonymous yet unique.)
After some horrible puns were exchanged between AlanCox and Jon the thread was mercifully brought to a halt when MikeMcGrath posted that the problem seemed to originate with the construction of the LiveCD and had nothing to do with how the kernel generated UUIDs.
Unfortunately the damage had been done by that time.
Eliminating Un-needed Dependencies
A request for objections to the removal of bdftruncate (a PERL script which generates truncated ISO10646-1 BDF fonts) from xorg-x11-font-utils was posted by AdamJackson. The immediate impetus was to prevent the pulling in of all of PERL in order to satisfy the dependency for this rarely used script. NicolasMailhot referenced last week's discussion about core fonts during which he had expressed the opinion that they ought not to depend on anything, even xorg-x11-font-utils. Nicolas also hoped to persuade Adam to take over the maintenance of the "core fonts packaging guidelines".
While Adam was in agreement with Nicolas he declined to take over the onerous tasks of either making it possible for the core fonts to be packaged instead of generated on the fly, or the maintenance of their guidelines. He expressed an interest solely in simplifying the dependency graph by removing unnecessary arcs from it.
KevinKofler asked why a Perl dependency was a problem, noting that most systems had it installed already. He was answered by DavidZeuthen that his experience working on the OLPC project suggested that if Fedora was to be useful for the embedded and virtual environments then it was very important to be able to choose not to use such large packages. AdamJackson also mentioned the "ability to use trimmed subsets of Fedora for custom purposes" and the speed of dependency resolution as important considerations and DanWilliams echoed the point.
TomCallaway suggested using a sub-package (see also this FWN#112 "Sub-Packaging: Gentooification, Ubiquitous Fragmentation Or Choice?" for a related discussion of sub-packaging) rather than dropping the script entirely.
Open By Default: New FAS Groups Proposed
The template for new package requests was noted by JesseKeating to mislead requesters into thinking that they would not have open ACLs unless they explicitly opted in to this. Jesse wondered if changing this to something clearer emphasizing that "as a requester you'd have to explicitly opt out of of having open acls" would be welcomed.
ToddZullinger liked the "open by default" status-quo and suggested that "Private Commits" would be a good prompt for those with a need for tighter control. DavidWoodhouse added that a valid reason should be required, to which ThorstenLeemhuis responded with some examples and suggested (again) that there should be a FAS group of "experienced maintainers" with universal access. LubomirKundrak agreed with Thorsten that packages with multiple maintainers did not need to be open by default, but thought that a "just sponsored contributor" was an experienced maintainer and that there should be no creation of the more privileged sub-group suggested by Thorsten.
 Fedora Account System
The existence of the "extra most super experienced maintainers" group for which Thorsten wished was revealed by PatriceDumas to already exist.
After Thorsten argued that Lubomir's evaluation of experience was incorrect and suggested that rather than a binary approach to access there could be levels, JohnDennis added some supporting caution that allowing simple open access would provide an ideal channel for anyone who wished to distribute malware.
JesseKeating argued that many of the major distributions had "open" commits for project members. In response to Thorsten's querying whether Jesse had a solution to the problem Jesse suggested that a new group "cvsnewbies" be created. Members would only have access to their own packages and could later be promoted to existing groups such as "cvspkgs" or "cvsextras". Jesse described the motivation as "[to have] our package set to be accessible to as many people as possible instead of locked away from as many people as possible." Jesse then outlined a detailed proposal which includes changing the "cvsextras" group to become similar to "cvspkgs" and adding a new "cvsexperienced" group with CVS access to all modules which have not explicitly opted out. Thorsten was substantially in agreement with this although he noted that it sounded very like proposal which he and others had tried to make months ago. Thorsten also thought that membership of "cvsexperienced" (or whatever it will be called) should be determined by people (FESCo or sponsors) rather than a rigid guideline.
Heads Up: OpenSSL, OpenLDAP Changed In Rawhide
TomasMraz announced that there are new versions of OpenLDAP and OpenSSL with new sonames. Consequently dependent packages need to be rebuilt.
A lingering problem with KDE's licensing uncertainties(see FWN#105 "SAMBA: The GPLv3 License Dance Begins"[1a] ) was flagged by SimoSorce as the reason that SAMBA packages were being delayed in rebuilding. He asked whether libsmbclient support could be disable in KDE while Trolltech pondered the issue.
RexDieter kindly and promptly disabled libsmbclient support and TomCallaway counseled patience . Simo explained that there were a lot of other packages being delayed as a result.
Later MatthiasClasen posted a list of packages which still needed to be rebuilt. He expressed a willingness to help with them, but point out that most had ACLs which prevented him from being able to do so. AdamTkac expressed a similar frustration (see this FWN#112 "Open By Default: New FAS Groups Proposed") wondering why "cvsextras" members were restricted from commits. AlexLancaster thought the package list was much larger (up to 656) and suggested a systematic approach of starting with packages in the "Base" comps group and proceeding upwards, in order to avoid wasting time on rebuilds guaranteed to fail.
In the course of trying to determine which packages would need to be rebuilt, Jesse realized there would also be ordering problems and mentioned a tool named "thetango" which derives build trees for individual SRPMS by evaluating dependencies between binary RPMs derived from a set of SRPMS. An ordered build list is one of the products and Jesse posted that he was working on generating this list. HansdeGoede was appreciative : "Thanks for that, your awesome! Yes really you are despite us having differences of opinion sometimes :)"
In this section, we cover the Fedora Documentation Project.
Contributing Writer: JohnBabich
Nominations for FDSCo Election Open
KarstenWade wrote  :
"Forgot to remind us the nominations are open:
Elections start on 14 December."
New POT Available for Release Notes
Paul Frields wrote  that a "new POT is available for the last few days for the Release Notes module. We plan to gather updated PO and push an update on or about December 11." Localization (L10n) work is welcome on the following docs: release-notes, readme, readme-live-image, readme-burning-isos, and about-fedora.
For those of us unfamiliar with l10n: "The GNU gettext toolset helps programmers and translators at producing, updating and using translation files, mainly those PO files which are textual, editable files...A PO file is made up of many entries, each entry holding the relation between an original untranslated string and its corresponding translation."  Gettext is part of the Fedora Project's toolchain for translation and localization with PO being an acronym for "Portable Object".
FDSCo Election Calendar
KarstenWade wrote  that elections for the Fedora Documentation Steering Committee (FDSCo) need to be held soon. He endorsed the previously suggested schedule:
Nominations open on 05 December and close on 12 December. Voting opens on 14 December and closes on 24 December.
We have three seats open for (re)election, currently held by John Babich (jmbabich), Pawel Sadowski (mcgiwer), and Bart Couvreur (couf).
These four seats are held until the next election: Paul W. Frields (pfrields), Karsten Wade (kwade), Dimitris Glezos (glezos) and Robert 'Bob' Jensen (bjensen).
He concluded by saying, 'After this election, the new FDSCo has to hold discussions with all contributors and decide how we are cycling seats and how often we are holding elections for the future. This was a direction left by the current FDSCo after the previous round of elections: "After the next election, review election policy and how often elections should be held."'
Bart Couvreur  seconded the motion, as did BobJensen  , and PaulFrields  , with JohnPoelstra  adding it to the official voting calendar.
Digging the DUG
MarcWiriadisastra began discussion as to the focus of the revived Fedora Desktop User Guide (DUG): "Can we come to a consensus on what else needs to be done to make this doc a reality."  As lead writer of the DUG, JohnBabich responded quickly with "There are two types of apps: common and desktop manager-specific apps." and went on to explain his vision for the DUG encompassing common apps like Firefox and desktop manager-related apps, mainly those grouped with GNOME, KDE and Xfce. 
KarstenWade  , VladimirKosovac  , PaulFrields  , and DanOBrien  all expressed their opinions on the scope and depth of the DUG as opposed to documents like the Administration Guide. One issue discussed in detail was DVD and HTTP installs with apparently buggy behavior, requiring CLI skills to resolve them. If this is the case, how much detail should be discussed on topics like this, beyond the basics?
NSA guide to securing Red Hat Enterprise Linux 5
MurrayMcAllister wrote that there "is a fantastic "Guide to the Secure Configuration of Red Hat Enterprise Linux 5" PDF available here: http://www.nsa.gov/snac/downloads_redhat.cfm?MenuID=scg10.3.1.1
It looks like it would be an invaluable resource for research for the Fedora Admin Guide. Among many other things, it covers IMAP/POP3, DNS, Web, Samba, Proxies, LDAP etc." 
VladimirKosovac thought it would be good additional reference  , which KarstenWade seconded  , and added that it was a great example of technical documentation from which to learn.
This section, we cover the news surrounding the Fedora Translation (L10n) Project.
Contributing Writer: JasonMatthewTaylor
New Release Note POT
PaulFrields posted this week about the updated release-note POT/PO files. As always we appreciate the work that the translation team does!
In this section, we cover the Fedora Infrastructure Project.
Contributing Writer: JasonMatthewTaylor
Wanted! Mirror Manager Wranglers
MattDomsch this week posted a request for more people to help with the Mirror Manager setup. This will allow, among other things for more enhancements to the Mirror Manager software and help alleviate some of the workload on those already doing the work. He received a fair amount of replies with offer to help, if you are interested contact him on IRC or reply on the Fedora Infrastructure mailing list
The Jigdo Discussion
This week saw discussion about the feasibility of implementing Jigdo to host spins which would according to the thread author reduce the storage space requirements for spins which is a definite benefit as storage capacity is always a concern.
In this section, we highlight the security stories from the week in Fedora.
Contributing Writer: JoshBressers
Critical Vulnerability in Microsoft Metrics
Window Snyder has some rather insightful feedback regarding Microsoft Metrics. In general this commentary can apply to anyone who tries to compare closed source and open source security records.
Advisories and Updates
In this section, we cover Security Advisories and Package Updates from fedora-package-announce.
Contributing Writer: ThomasChung
Fedora 8 Security Advisories
- wesnoth-1.2.8-2.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00006.html
- kernel-22.214.171.124-63.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00032.html
- openoffice.org-2.3.0-6.7.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.html
- nagios-2.10-5.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00161.html
- seamonkey-1.1.7-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
- ruby-gnome2-0.16.0-18.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00214.html
- zabbix-1.4.2-4.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00232.html
- drupal-5.4-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00258.html
Fedora 7 Security Advisories
- wesnoth-1.2.8-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00004.html
- nagios-2.10-3.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00125.html
- openoffice.org-2.3.0-6.5.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.html
- seamonkey-1.1.7-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
- kernel-126.96.36.199-34.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00170.html
- drupal-5.4-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00190.html
- zabbix-1.4.2-3.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00196.html
- ruby-gnome2-0.16.0-18.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00251.html
Fedora Core 6 Security Advisories
- firefox-188.8.131.52-7.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
- htdig-3.2.0b6-9.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html
- perl-5.8.8-12 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00120.html
- openoffice.org-2.0.4-5.5.25 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.html
- xorg-x11-xfs-1.0.5-1.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00301.html
- kernel-184.108.40.206-72.fc6 - https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00302.html
Events and Meetings
In this section, we cover event reports and meeting summaries from various Projects and SIGs.
Contributing Writer: ThomasChung
Fedora Board Meeting Minutes 2007-MM-DD
- No Report
Fedora Ambassadors Meeting 2007-MM-DD
- No Report
Fedora Documentation Steering Committee (Log) 2007-12-09
Fedora Engineering Steering Committee Meeting 2007-12-06
Fedora Infrastructure Meeting (Log) 2007-MM-DD
- No Report
Fedora Localization Meeting 2007-MM-DD
- No Report
Fedora Marketing Meeting 2007-MM-DD
- No Report
Fedora Packaging Committee Meeting 2007-12-04
Fedora Quality Assurance Meeting 2007-MM-DD
- No Report
Fedora Release Engineering Meeting 2007-12-04
Fedora SIG EPEL Meeting Week 2007-12-05
Fedora SIG KDE Meeting Week 2007-12-04
Fedora SIG Store Meeting 2007-MM-DD
- No Report