Fedora Weekly News Issue 139
Welcome to Fedora Weekly News Issue 139 for the week ending August 17, 2008.
Fedora Weekly News keeps you updated with the latest issues, events and activities in the Fedora community. This week we report on Encrypted Installs in "Announcements", New Versions of liveusb-install in "Planet Fedora", General Outage of Fedora Infrastructure in "Developments" and Fedora 10 Themes: Development and Deadlines in "Artwork".
If you are interested in contributing to Fedora Weekly News, please see our 'join' page. Being a Fedora Weekly News beat writer gives you a chance to work on one of our community's most important sources of news. Ideas for new beats are always welcome -- let us know how you'd like to contribute.
In this section, we cover announcements from the Fedora Project.
Contributing Writer: Max Spevack
Board IRC Public Meeting
Paul Frields reminded us that the Fedora Board's monthly IRC meeting was scheduled for August 12.
Fedora Test Day: Encrypted Installs & Plymouth
James Laska informed us that the Fedora QA team is organizing a test day specifically for working on encrypted installs and plymouth (the replacement for rhgb).
"There will be a cast of testers and developers on hand between 8am - 5pm EDT (12:00 - 21:00 UTC) to help guide testing, answer questions, triage and troubleshoot issues."
ACL Changes and New Package Group Policy
Casey Dahlin wrote about the new Fedora Account System group policy, implemented "to encourage greater openness in the community while containing newer members until they have earned the trust of the community". The full text includes a discussion of the changes that have been made.
Important Infrastructure Announcement
Paul Frields announced:
"The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance. We're still assessing the end-user impact of the situation, but as a precaution, we recommend you not download or update any additional packages on your Fedora systems."
In this section, we cover the highlights of Planet Fedora - an aggregation of blogs from Fedora contributors worldwide.
Contributing Writer: Max Spevack
Kushal Das announced a new version of the liveusb-creator GUI application. Separate from the livecd-tools and livecd-iso-to-disk application, liveusb-creator is packaged in its own RPM. Kushal writes, "liveusb-creator version 2.7 for Linux is released... Now feel free to create liveusb images for your friends and for the special one."
Nigel Jones discussed a variety of wiki improvements that have been deployed. This is a three-round improvement process. Nigel said of the first two rounds "At the request of the documentation team we enabled searching by default on various namespaces, of course, you most likely won't notice it at all. Round 2 of wiki improvements start tomorrow, this is the exciting one. We are trashing the current authentication method IN THE BIN! No more htaccess prompts... What's going in its place? The standard Mediawiki login prompt, it'll still be connected to FAS, it'll just look different."
Two interesting posts about the Fedora feature process this week. First, John Poelstra discussed the Fedora 10 feature status, saying:
"Feature freeze for Fedora 10 is this coming Tuesday, August 19, 2008. The current list for Fedora 10 is growing with more waiting to go through the acceptance process here. At feature freeze all features must be significantly completed and testable or they will have to wait for Fedora 11.
During this release cycle I collaborated with Paul Frields who greatly improved the documentation explaining the process. We also got help from the Fedora art folks to make the process diagram better. We also changed the categories used to classify feature pages in an attempt to bring greater clarity there."
In a separate post, Paul Frields mused on the benefits of changing the way new Fedora spins are handled from a feature point of view.
In this section the people, personalities and debates on the @fedora-devel mailing list are summarized.
Contributing Writer: Oisin Feeley
A formal request to remove the "miniature libcurl.so.3 library" was made by Josh Boyer. This had been created in order to support the latest version of Adobe's proprietary Flash Player which had a hard dependency on
libcurl.so.3 while Fedora 8, Fedora 9 and Fedora 10(alpha) provided only
libcurl.so.4. Josh argued that the change, mentioned on Warren Togami's blog had been made solely to accommodate a proprietary application.
After NikolayVladimirov argued that it was a minimal, non-invasive change which might be useful for some "dead opensource projects that use the old version" Josh replied this support goal would be better met by providing a "compat-curl" package instead of "just a hack with the sole intention of making Flash work again". In an aside he mentioned that he would have no objection to removing libflashsupport and a bunch of other stuff. Matthew Garrett followed the train of thought to one possible final destination: "If the ABI is consistent across the SONAME bump, then it's a hack that supports any pre-existing binaries that users have. The best way we could serve those users with a compat package would be to ship another copy of the latest version of curl (so they get the bugfixes) but with a changed SONAME - at which point we'd be shipping two identical source packages that produce binary packages that differ only in library name. In doing so, we'd be increasing the cost of security updates. What does that actually win us?"
Bastien Nocera thought that such a "compat-curl" package would duplicate unmaintained code and was pointless "since libcurl didn't break ABI, and only changed soname". Josh stood firm and retorted that if the ABI was static then the applications could simply rebuild against the newer libcurl. Warren Togami characterized Josh's viewpoint as "extremist" as it proposed "removing a zero maintenance 2496 byte file that would permanently break Flash 10 forever in Fedora" and that furthermore "[Adobe] are not violating any licenses like NVidia[.]" Following similar sentiments from "drago01" Josh deferred the discussion to a FESCo meeting held on Wed 13th August and this duly decided to leave things as they were with two soname files in the curl package despite some strenuous objections which emphasized both the desirability of sub-packaging and also of not catering to the needs of proprietary applications.
Parallel Install of syslog-ng, rsyslog and sysklogd
Douglas Warner sought help in packaging syslog-ng so that it could be installed with either of the other current system loggers: rsyslog and sysklogd. He explained that all three installed their own "logrotate" files which targeted the exact same log files for rotation and thus doubly rotated the logs. So far Douglas' attempt to change his own syslog-ng package to fix this was stymied on RHEL boxes because updates of sysklogd (RHEL's preferred system logger) silently remove syslog-ng. Later in the thread Benny Amorsen provided the insight that running syslog-ng for handling remote logs and rsyslog for its simple configuration simultaneously was useful.
The question of how to ship precisely the same logrotate script, from the viewpoint of RPM, was mentioned by Douglas as one possible solution. If this could be done then RPM would be agnostic about where the file came from as long as it were possible to figure out whether the identity was based on "file size, md5, timestamp, ?". Ville Skyttä suggested using the
%verify directive as detailed in a link to the "Maximum RPM" book.
A restructuring of the problem by Jason Tibbits led him to recommend that a separate logrotation-script package be split out of the current packages and that each of the current packages be made to depend on the new package. When Douglas nixed the suggestion due to his lack of control over the sysklogd script Jason seemed to react a little testily and asked "Could we discuss technical solutions and ignore Red Hat politics? What I proposed is a standard method of dealing with these things." After JarodDiamond agreed with this Dmitry Butskoy pointed out that a different PID filename is used in each script and wondered was it possible to to create such a common logrotate package for all the syslog-like packages. A likely solution was proposed by Chris Adams which used the expedient of symlinking each of the unique PID files from within the init script.
General Outage of Fedora Infrastructure
Many were caught by surprise when there was a widespread outage of Fedora Project infrastructure during the week. The earliest symptoms noticed included an inability to access Koji (see e.g. this FWN#139 "Koji from Behind a Firewall") or obtain updates with yum. A general announcement by Paul Frields followed quickly on Thursday 14th and stated that an "issue in the infrastructure systems [was] being investigated and might] result in service outages[.]" Somewhat ominously it concluded "[..] as a precaution, we recommend you not download or update any additional packages on your Fedora systems." This led some to speculate that there might be a security problem.
Further announcements or explanations were not forthcoming for days, except for a post to @fedora-infrastructure which suggested that the problem was causing a lot of hard work. Paul Frields posted another update on Sat 16th. This succinctly stated that the wiki and FAS should be back soon but that the application servers would take a bit longer.
As of Sunday evening it became obvious that a very major amount of work was being undertaken to recover from the problem. It is worth noting that the email lists and the wiki were functional most of the time thanks to the commitment of their administrators.
Koji from Behind a Firewall
A query was made by Victor Lazzarini about how to connect to Koji using the CLI from behind a firewall. He wondered specifically how to set up a proxy connection. He added that he was seeing an error when using a web browser but was unable to provide it due to the general outage in Fedora infrastructure.
Mike Bonnet answered that Koji did not have direct proxy support but that it used only ports 80 (http) and 443(https) as these are generally open. He explained that it would be "a significant amount of effort" to support proxies directly. Unfortunately Vincent had to report that his institution forced everything through a proxy due to being "paranoid about security" and he was stuck with either setting up an open access machine or working from home.
A possibility for the web browser error was supplied by Andrew Price as an
ssl_error_handshake_failure_alert which he had seen prior to the general outage.
Small Machine SIG
An effort to gauge interest in starting a small form-factor machine SIG was made by Jeremy Katz. He asked that anyone interested in running Fedora on the Asus Eeepc, netbooks, UMPCs, MIDs and perhaps the XO would contribute to a wiki page. The specific goals were both to "just get the hardware working well with [current] Fedora" and also "possibly a spin that is explicitly targeted at some of the constraints of the hardware down the line." Several people responded and added themselves to the wiki.
Peter Robinson defined the goal as "a small, low power image with packages without massive dependencies" while Jaroslav Reznik called for an emphasis on the UI instead of merely on drivers for hardware support. Kevin Verma agreed that "more usable UIs for small devices, also apps that are more adaptive to small screens" were important, and cited Maemo and Moblin as inspirations. Kevin had already done some packaging work in this area.
 Maemo is Nokia's software platform for internet tablets. It is based on GTK+. See http://maemo.org/ for more information.
Jeremy Katz responded that given the imminent release of Fedora 10 it was most likely that better hardware support would be the immediately achievable goal. While agreeing that Maemo was interesting he preferred to get Sugar running within the Fedora 11 timeframe. In answer to JeffSpaleta he clarified that recent work done by Greg DeKoenigsberg to run "stock" Fedora on the XO was relevant but a different goal from producing a spin of Fedora, for all small machines, using the Sugar interface.
 The unique interface developed for the resource-constrained XO produced by the OLPC project
The main developer of BLAG, Jeff Moe, posted links to images that supported "all hardware on the EeePC 701/900 using *only* free software. This includes wifi with the ath5k driver. It is based on -libre and -rt plus various other patches." Jeremy Katz re-phrased his goal as "[to] be able to run on the systems with stock Fedora" in order to avoid the distribution problem of special spins. Jeff encouraged this possibility with the information that apart from wireless the stock Fedora 9 kernel supported everything on the EeePC 701/900 and that although there was support for the Atheros ar2425 wireless chip support in the 2.6.27 kernel there were still specific patches lacking for EeePCs. He added that the EeePC 901/1000 used a different wireless chip (from Ralink who have been active in releasing information necessary for Free drivers in the past) and included a link to Ralink's code for an apparently complete RT2860 ABGN driver. Warren Togami confirmed that there were vague rumors that the chipset would be supported upstream.
 A single-CD derivative of Fedora 9 which is strictly Free Software. See https://wiki.blagblagblag.org/FAQ
After Rex Dieter asked why the BLAG folks were not upstreaming their changes to Fedora it was explained by Jeff that he filed bug reports and mailed .spec files upstream but that they were perhaps in conflict with the packaging guidelines. He also alluded to the fact that much of his work centered around the "kernel-libre" which had caused flamewars in the recent past. In conclusion he noted that he had been able to perform many simultaneous tasks "while playing a song with *zero* stutters or dropouts on a teeny little computer. That rules." but that it required the use of the low-latency audio server JACK, that is non-standard on Fedora.
Surprisingly no mention was made during the discussion of the "Eeedora" distribution which had been written about in Red Hat Magazine towards the start of this year.
In this section, we cover the Fedora Artwork Project.
Contributing Writer: Nicu Buculei
Fedora 10 Themes: Development and Deadlines
On the Fedora Art list NicuBuculei started the work on the second round for creating the Fedora 10 desktop theme: "since the first round ended, we had very little theme activity, so maybe is time to heat the things a bit" and he posted an "work in progress" graphic.
This was quickly followed by MairinDuffy, who, liking the concept, developed it further with various designs, which were enthusiastically received by the rest of the team. She also wrote on her blog, showing the progress to the larger community.
In related theming news, MairinDuffy as the leader of the Art Team announced a deadline for the Round 2, as an incentive for the rest of the team and also to fit the release schedule "Let's set the deadline for round 2 to 1 September 2008. Sound like a good idea? Consider this an official kick in the pants to get more artwork flowing".
In this section, we cover Security Advisories from fedora-package-announce.
Contributing Writer: David Nalley
N.B. This week due to the general outage of the infrastructure (see the FWN#139 "General Outage of Fedora Infrastructure") the listings below should be assumed to be incomplete.
Fedora 9 Security Advisories
- condor-7.0.4-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html
Fedora 8 Security Advisories