From Fedora Project Wiki

< FWN

Fedora Weekly News Issue 139

Welcome to Fedora Weekly News Issue 139 for the week ending August 17, 2008.

http://fedoraproject.org/wiki/FWN/Issue139

Fedora Weekly News keeps you updated with the latest issues, events and activities in the Fedora community. This week we report on Encrypted Installs in "Announcements", New Versions of liveusb-install in "Planet Fedora", General Outage of Fedora Infrastructure in "Developments" and Fedora 10 Themes: Development and Deadlines in "Artwork".

If you are interested in contributing to Fedora Weekly News, please see our 'join' page. Being a Fedora Weekly News beat writer gives you a chance to work on one of our community's most important sources of news. Ideas for new beats are always welcome -- let us know how you'd like to contribute.

http://fedoraproject.org/wiki/NewsProject/Join

Announcements

In this section, we cover announcements from the Fedora Project.

http://www.redhat.com/archives/fedora-announce-list/

http://www.redhat.com/archives/fedora-devel-announce/

Contributing Writer: Max Spevack

Board IRC Public Meeting

Paul Frields reminded us[1] that the Fedora Board's monthly IRC meeting was scheduled for August 12.

[1] http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00006.html

Fedora Test Day: Encrypted Installs & Plymouth

James Laska informed us[1] that the Fedora QA team is organizing a test day specifically for working on encrypted installs and plymouth (the replacement for rhgb).

"There will be a cast of testers and developers on hand between 8am - 5pm EDT (12:00 - 21:00 UTC) to help guide testing, answer questions, triage and troubleshoot issues."

[1] http://www.redhat.com/archives/fedora-devel-announce/2008-August/msg00005.html

ACL Changes and New Package Group Policy

Casey Dahlin wrote[1] about the new Fedora Account System group policy, implemented "to encourage greater openness in the community while containing newer members until they have earned the trust of the community". The full text includes a discussion of the changes that have been made.

[1] http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00007.html

Important Infrastructure Announcement

Paul Frields announced[1]:

"The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance. We're still assessing the end-user impact of the situation, but as a precaution, we recommend you not download or update any additional packages on your Fedora systems."

[1] http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00008.html

Planet Fedora

In this section, we cover the highlights of Planet Fedora - an aggregation of blogs from Fedora contributors worldwide.

http://planet.fedoraproject.org

Contributing Writer: Max Spevack

Tech Tidbits

Kushal Das announced[1] a new version of the liveusb-creator GUI application. Separate from the livecd-tools and livecd-iso-to-disk application, liveusb-creator is packaged in its own RPM. Kushal writes, "liveusb-creator version 2.7 for Linux is released... Now feel free to create liveusb images for your friends and for the special one."

Nigel Jones discussed[2] a variety of wiki improvements that have been deployed. This is a three-round improvement process. Nigel said of the first two rounds "At the request of the documentation team we enabled searching by default on various namespaces, of course, you most likely won't notice it at all. Round 2 of wiki improvements start tomorrow, this is the exciting one. We are trashing the current authentication method IN THE BIN! No more htaccess prompts... What's going in its place? The standard Mediawiki login prompt, it'll still be connected to FAS, it'll just look different."

[1] http://kushaldas.in/?p=284

[2] http://nigelj.livejournal.com/8525.html

Artwork

Mairin Duffy gave us a look[1] at some of the proposed Fedora 10 artwork in the "gears" theme, which is a collaboration between her and Nicu Buculei.

[1] http://mihmo.livejournal.com/60026.html

Features

Two interesting posts about the Fedora feature process this week. First, John Poelstra discussed the Fedora 10 feature status[1], saying:

"Feature freeze for Fedora 10 is this coming Tuesday, August 19, 2008. The current list for Fedora 10 is growing with more waiting to go through the acceptance process here. At feature freeze all features must be significantly completed and testable or they will have to wait for Fedora 11.

During this release cycle I collaborated with Paul Frields who greatly improved the documentation explaining the process. We also got help from the Fedora art folks to make the process diagram better. We also changed the categories used to classify feature pages in an attempt to bring greater clarity there."

In a separate post[2], Paul Frields mused on the benefits of changing the way new Fedora spins are handled from a feature point of view.

[1] http://poelcat.wordpress.com/2008/08/14/fedora-10-feature-process-and-beyond/

[2] http://marilyn.frields.org:8080/~paul/wordpress/?p=1129

Developments

In this section the people, personalities and debates on the @fedora-devel mailing list are summarized.

Contributing Writer: Oisin Feeley

FlashPlayer 10 Symlink Provokes Proprietary Support Argument

A formal request to remove the "miniature libcurl.so.3 library" was made[1] by Josh Boyer. This had been created in order to support the latest version[2] of Adobe's proprietary Flash Player which had a hard dependency on libcurl.so.3 while Fedora 8, Fedora 9 and Fedora 10(alpha) provided only libcurl.so.4. Josh argued that the change, mentioned on Warren Togami's blog[3] had been made solely to accommodate a proprietary application.

[1] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00476.html

[2] http://labs.adobe.com/technologies/Flashplayer10/

[3] http://wtogami.livejournal.com/27778.html

After NikolayVladimirov argued[4] that it was a minimal, non-invasive change which might be useful for some "dead opensource projects that use the old version" Josh replied[5] this support goal would be better met by providing a "compat-curl" package instead of "just a hack with the sole intention of making Flash work again". In an aside he mentioned that he would have no objection to removing libflashsupport and a bunch of other stuff. Matthew Garrett followed[6] the train of thought to one possible final destination: "If the ABI is consistent across the SONAME bump, then it's a hack that supports any pre-existing binaries that users have. The best way we could serve those users with a compat package would be to ship another copy of the latest version of curl (so they get the bugfixes) but with a changed SONAME - at which point we'd be shipping two identical source packages that produce binary packages that differ only in library name. In doing so, we'd be increasing the cost of security updates. What does that actually win us?"

[4] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00484.html

[5] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00484.html

[6] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00498.html

Bastien Nocera thought[7] that such a "compat-curl" package would duplicate unmaintained code and was pointless "since libcurl didn't break ABI, and only changed soname". Josh stood firm[8] and retorted that if the ABI was static then the applications could simply rebuild against the newer libcurl. Warren Togami characterized[9] Josh's viewpoint as "extremist" as it proposed "removing a zero maintenance 2496 byte file that would permanently break Flash 10 forever in Fedora" and that furthermore "[Adobe] are not violating any licenses like NVidia[.]" Following similar sentiments from "drago01" Josh deferred the discussion to a FESCo meeting held on Wed 13th August and this duly decided[10] to leave things as they were with two soname files in the curl package despite some strenuous objections which emphasized both the desirability of sub-packaging and also of not catering to the needs of proprietary applications.

[7] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00486.html

[8] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00488.html

[9] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00496.html

[10] http://bpepple.fedorapeople.org/fesco/FESCo-2008-08-13.html

Parallel Install of syslog-ng, rsyslog and sysklogd

Douglas Warner sought help[1] in packaging syslog-ng so that it could be installed with either of the other current system loggers: rsyslog and sysklogd. He explained that all three installed their own "logrotate" files which targeted the exact same log files for rotation and thus doubly rotated the logs. So far Douglas' attempt to change his own syslog-ng package to fix this was stymied on RHEL boxes because updates of sysklogd (RHEL's preferred system logger) silently remove syslog-ng. Later in the thread Benny Amorsen provided[2] the insight that running syslog-ng for handling remote logs and rsyslog for its simple configuration simultaneously was useful.

[1] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00531.html

[2] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00632.html

The question of how to ship precisely the same logrotate script, from the viewpoint of RPM, was mentioned[3] by Douglas as one possible solution. If this could be done then RPM would be agnostic about where the file came from as long as it were possible to figure out whether the identity was based on "file size, md5, timestamp, ?". Ville Skyttä suggested[4] using the %verify directive as detailed in a link to the "Maximum RPM" book.

[3] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00558.html

[4] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00577.html

A restructuring of the problem by Jason Tibbits led him to recommend[5] that a separate logrotation-script package be split out of the current packages and that each of the current packages be made to depend on the new package. When Douglas nixed the suggestion due to his lack of control over the sysklogd script Jason seemed[6] to react a little testily and asked "Could we discuss technical solutions and ignore Red Hat politics? What I proposed is a standard method of dealing with these things." After JarodDiamond agreed with this Dmitry Butskoy pointed[7] out that a different PID filename is used in each script and wondered was it possible to to create such a common logrotate package for all the syslog-like packages. A likely solution was proposed[8] by Chris Adams which used the expedient of symlinking each of the unique PID files from within the init script.

[5] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00561.html

[6] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00563.html

[7] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00584.html

[8] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00604.html

General Outage of Fedora Infrastructure

Many were caught by surprise when there was a widespread outage of Fedora Project infrastructure during the week. The earliest symptoms noticed included an inability to access Koji (see e.g. this FWN#139 "Koji from Behind a Firewall") or obtain updates with yum. A general announcement by Paul Frields followed[1] quickly on Thursday 14th and stated that an "issue in the infrastructure systems [was] being investigated and might] result in service outages[.]" Somewhat ominously it concluded "[..] as a precaution, we recommend you not download or update any additional packages on your Fedora systems." This led some to speculate[2] that there might be a security problem.

[1] https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00008.html

[2] http://lwn.net/Articles/294188/

Further announcements or explanations were not forthcoming for days, except for a post to @fedora-infrastructure which suggested[3] that the problem was causing a lot of hard work. Paul Frields posted another update[4] on Sat 16th. This succinctly stated that the wiki and FAS should be back soon but that the application servers would take a bit longer.

[3] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00109.html

[4] http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00009.html

As of Sunday evening it became obvious that a very major amount of work was being undertaken to recover from the problem. It is worth noting that the email lists and the wiki were functional most of the time thanks to the commitment of their administrators.

Koji from Behind a Firewall

A query was made[1] by Victor Lazzarini about how to connect to Koji using the CLI from behind a firewall. He wondered specifically how to set up a proxy connection. He added that he was seeing an error when using a web browser but was[2] unable to provide it due to the general outage in Fedora infrastructure.

[1] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00660.html

[2] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00664.html

Mike Bonnet answered[3] that Koji did not have direct proxy support but that it used only ports 80 (http) and 443(https) as these are generally open. He explained that it would be "a significant amount of effort" to support proxies directly. Unfortunately Vincent had to report[4] that his institution forced everything through a proxy due to being "paranoid about security" and he was stuck with either setting up an open access machine or working from home.

[3] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00665.html

[4] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00667.html

A possibility for the web browser error was supplied[5] by Andrew Price as an ssl_error_handshake_failure_alert which he had seen prior to the general outage.

[5] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00675.html

Small Machine SIG

An effort to gauge interest in starting a small form-factor machine SIG was made[1] by Jeremy Katz. He asked that anyone interested in running Fedora on the Asus Eeepc, netbooks, UMPCs, MIDs and perhaps the XO would contribute to a wiki page[2]. The specific goals were both to "just get the hardware working well with [current] Fedora" and also "possibly a spin that is explicitly targeted at some of the constraints of the hardware down the line." Several people responded and added themselves to the wiki.

[1] http://www.redhat.com/archives/fedora-devel-list/2008-August/msg00497.html

[2] http://fedoraproject.org/wiki/JeremyKatz/Netbooks

Peter Robinson defined the goal as "a small, low power image with packages without massive dependencies" while Jaroslav Reznik called[3] for an emphasis on the UI instead of merely on drivers for hardware support. Kevin Verma agreed[4] that "more usable UIs for small devices, also apps that are more adaptive to small screens" were important, and cited Maemo[5] and Moblin[6] as inspirations. Kevin had already[7] done some packaging work in this area.

[3] http://www.redhat.com/archives/fedora-devel-list/2008-August/msg00576.html

[4] http://www.redhat.com/archives/fedora-devel-list/2008-August/msg00589.html

[5] Maemo is Nokia's software platform for internet tablets. It is based on GTK+. See http://maemo.org/ for more information.

[6] http://fedoraproject.org/wiki/FWN/Issue136#RPM_Inspires_Intel_Moblin2_Shift_From_Ubuntu

[7] http://kevinverma.fedorapeople.org/packages/

Jeremy Katz responded[8] that given the imminent release of Fedora 10 it was most likely that better hardware support would be the immediately achievable goal. While agreeing that Maemo was interesting he preferred to get Sugar[9] running within the Fedora 11 timeframe. In answer to JeffSpaleta he clarified[10] that recent work done by Greg DeKoenigsberg to run "stock" Fedora on the XO was relevant but a different goal from producing a spin of Fedora, for all small machines, using the Sugar interface.

[8] http://www.redhat.com/archives/fedora-devel-list/2008-August/msg00594.html

[9] The unique interface developed for the resource-constrained XO produced by the OLPC project

[10] http://www.redhat.com/archives/fedora-devel-list/2008-August/msg00609.html

The main developer of BLAG[11], Jeff Moe, posted[12] links to images that supported "all hardware on the EeePC 701/900 using *only* free software. This includes wifi with the ath5k driver. It is based on -libre and -rt plus various other patches." Jeremy Katz re-phrased[13] his goal as "[to] be able to run on the systems with stock Fedora" in order to avoid the distribution problem of special spins. Jeff encouraged[14] this possibility with the information that apart from wireless the stock Fedora 9 kernel supported everything on the EeePC 701/900 and that although there was support for the Atheros ar2425 wireless chip support in the 2.6.27 kernel there were still specific patches lacking for EeePCs. He added that the EeePC 901/1000 used a different wireless chip (from Ralink who have been active in releasing information necessary for Free drivers in the past) and included a link to Ralink's code for an apparently complete RT2860 ABGN driver. Warren Togami confirmed[15] that there were vague rumors that the chipset would be supported upstream.


[11] A single-CD derivative of Fedora 9 which is strictly Free Software. See https://wiki.blagblagblag.org/FAQ

[12] http://www.redhat.com/archives/fedora-devel-list/2008-August/msg00511.html

[13] http://www.redhat.com/archives/fedora-devel-list/2008-August/msg00533.html

[14] http://www.redhat.com/archives/fedora-devel-list/2008-August/msg00537.html

[15] http://www.redhat.com/archives/fedora-devel-list/2008-August/msg00550.html

After Rex Dieter asked why the BLAG folks were not upstreaming their changes to Fedora it was explained[16] by Jeff that he filed bug reports and mailed .spec files upstream but that they were perhaps in conflict with the packaging guidelines. He also alluded to the fact that much of his work centered around the "kernel-libre" which had caused flamewars in the recent past. In conclusion he noted that he had been able to perform many simultaneous tasks "while playing a song with *zero* stutters or dropouts on a teeny little computer. That rules." but that it required the use of the low-latency audio server JACK[17], that is non-standard on Fedora.

[16] http://www.redhat.com/archives/fedora-devel-list/2008-August/msg00554.html

[17] http://jackaudio.org/

Surprisingly no mention was made during the discussion of the "Eeedora" distribution which had been written about[18] in Red Hat Magazine towards the start of this year.

[18] http://www.redhatmagazine.com/2008/02/14/fedora-eee-pc-eeedora/

Artwork

In this section, we cover the Fedora Artwork Project.

http://fedoraproject.org/wiki/Artwork

Contributing Writer: Nicu Buculei

Fedora 10 Themes: Development and Deadlines

On the Fedora Art list NicuBuculei started[1] the work on the second round for creating the Fedora 10 desktop theme: "since the first round ended, we had very little theme activity, so maybe is time to heat the things a bit" and he posted an "work in progress" graphic[2].

[1] https://www.redhat.com/archives/fedora-art-list/2008-August/msg00206.html

[2] https://fedoraproject.org/wiki/Image:Gears-r2.png

This was quickly followed by MairinDuffy, who, liking the concept, developed it further[3] with various designs, which were enthusiastically received by the rest of the team. She also wrote on her blog[4], showing the progress to the larger community.

[3] https://www.redhat.com/archives/fedora-art-list/2008-August/msg00208.html

[4] http://mihmo.livejournal.com/60026.html

In related theming news, MairinDuffy as the leader of the Art Team announced[5] a deadline for the Round 2, as an incentive for the rest of the team and also to fit the release schedule "Let's set the deadline for round 2 to 1 September 2008. Sound like a good idea? Consider this an official kick in the pants to get more artwork flowing".

[5] https://www.redhat.com/archives/fedora-art-list/2008-August/msg00229.html

Security Advisories

In this section, we cover Security Advisories from fedora-package-announce.

https://www.redhat.com/mailman/listinfo/fedora-package-announce

Contributing Writer: David Nalley

N.B. This week due to the general outage of the infrastructure (see the FWN#139 "General Outage of Fedora Infrastructure") the listings below should be assumed to be incomplete.

Fedora 9 Security Advisories

Fedora 8 Security Advisories

none