FWN/Issue88

= Fedora Weekly News Issue 88 =

Welcome to Fedora Weekly News Issue 88[1] for the week of May 13th through May 19th, 2007. The latest issue can always be found here[2] and RSS Feed can be found here[3].

[1] http://fedoraproject.org/wiki/FWN/Issue88

[2] http://fedoraproject.org/wiki/FWN/LatestIssue

[3] http://feeds.feedburner.com/fwn

Announcements
In this section, we cover announcements from various projects.

Deep Freeze coming for Fedora 7
JesseKeating announces in fedora-maintainers[1] ,

"We're planning on entering "Deep Freeze" this Thursday. From that point on we'll only be accepting build tag requests for builds that are fixing release blockers.  See Fedora Release Criteria[2]  for current release criteria."

[1] https://www.redhat.com/archives/fedora-maintainers/2007-May/msg00351.html

[2] http://fedoraproject.org/wiki/QA/ReleaseCriteria

Announcing fedora-cs-list for Czech and Slovak Fedora users
MarekMahut announces in fedora-ambassadors-list[1] ,

"Let me introduce you our new mailing list [2] for Czech and Slovak Fedora users. If you are speaking one of those languages, feel free to join."

[1] https://www.redhat.com/archives/fedora-ambassadors-list/2007-May/msg00104.html

[2] http://www.redhat.com/mailman/listinfo/fedora-cs-list

Fedora Rawhide Live Images (20070517)
JeremyKatz announces in fedora-test-list[1] ,

"First set of post-merge rawhide live images. These are based off of yesterday's rawhide (packages tagged f7-final in koji).

You can get the torrent file from Fedora Project Torrent[2]. Available images are i386, x86_64, i386 KDE and also an x86_64 KDE image. Note that the x86_64 images require DVD media, the i386 images will fit on 700 meg CD media. Please file any issues against product Fedora Core, version devel and against the relevant component or LiveCD if you're unsure."

[1] https://www.redhat.com/archives/fedora-test-list/2007-May/msg00558.html

[2] http://torrent.fedoraproject.org.

Planet Fedora
In this section, we cover a highlight of Planet Fedora - an aggregation of blogs from world wide Fedora contributors.

http://fedoraproject.org/wiki/Planet

Summary from the Red Hat Summit
ChristopherBlizzard points out in his blog[1] ,

"We announced a pile of things at the Red Hat Summit[2] . Lots of confusing articles have been written. Lots of press releases have been sent out filled with warnings about forward looking statements. Maybe you just want the run down on all the things that happened. This is your simple cheat sheet. Here’s the list:.."

[1] http://www.0xdeadbeef.com/weblog/?p=289

[2] http://www.redhat.com/promo/summit/2007/news/

F7 Firstboot and EULA
MaxSpevack points out in his blog[1] ,

"In an attempt to have some transparency and no surprises, I've sent an email[2] to Fedora Advisory Board that details some of the changes we've made to firstboot and the EULA in Fedora 7. My personal opinion is that the changes are good for Fedora, and also relatively innocuous."

[1] http://spevack.livejournal.com/16260.html

[2] https://www.redhat.com/archives/fedora-advisory-board/2007-May/msg00111.html

'Play Ogg': FSF launches free audio format campaign
ThomasChung points out in his blog[1]

"The Free Software Foundation (FSF)[2] today launched Play Gears web application framework.  It includes:


 * a database of mirror sites, individual mirror hosts, content carried such as Core, Extras, EPEL, and soon the Fedora Releases. Mirrors may choose to carry whichever subsets of the whole tree they wish.
 * an administration web app for mirror admins to manage detail about their own site.
 * a web crawler that crawls each mirror site several times a day updating the database with what they carry
 * the yum mirrorlist handler which tells yum the list of mirrors to try.

With this system in place, users should begin to see faster yum downloads, from a mirror in your country if possible. You can see the whole list of mirrors by country and content[3].

We're always looking for additional mirrors. If you would like to provide a public Fedora mirror, please see [4].

Troubles with new system should be reported to fedora-infrastructure-list redhat com or #fedora-admin on Free Node.

[1] http://fedoraproject.org/wiki/Statistics

[2] https://hosted.fedoraproject.org/projects/mirrormanager

[3] http://mirrors.fedoraproject.org/publiclist

[4] http://fedoraproject.org/wiki/Infrastructure/Mirroring

Koji
Koji[1] (buildsystem software) was upgraded this week to a new version and moved to heavier duty hardware. The upgrade went well, though the outage lasted longer than initially anticipated. MikeMcGrath has more here[2].

[1] http://fedoraproject.org/wiki/Koji

[2] https://www.redhat.com/archives/fedora-infrastructure-list/2007-May/msg00075.html

Proxy Server
The proxy servers[1] were upgraded[2]  this week to RHEL 5. All went well and no outages were reported.

[1] http://fedoraproject.org/wiki/Infrastructure/Architecture

[2] https://www.redhat.com/archives/fedora-infrastructure-list/2007-May/msg00096.html

Artwork
In this section, we cover Fedora Artwork Project.

http://fedoraproject.org/wiki/Artwork

Ambassador Program Banner
After a posting to the art-list requesting a new banner for the Ambassador Program's websites[1], one was quickly forwarded[2] and is now part of the Ambassador's websites.

[1] https://www.redhat.com/archives/fedora-art-list/2007-May/msg00010.html

[2] https://www.redhat.com/archives/fedora-art-list/2007-May/msg00011.html

The Ambassadors are still looking for some print banners[1], however, for LinuxTag Germany, and work is underway[2] but new contributions are always welcome.

[1] https://www.redhat.com/archives/fedora-art-list/2007-May/msg00013.html

[2] https://www.redhat.com/archives/fedora-art-list/2007-May/msg00014.html

Shutdown and Logout Icons
A discussion was prompted about the usability of Fedora's current approach to logging out and shutting down, the functions respective icons and menu locations[1].

[1] https://www.redhat.com/archives/fedora-art-list/2007-May/msg00024.html

Security Week
In this section, we highlight the security stories from the week in Fedora.

Samba
Last week a round of Samba flaws were fixed[1] :

This update fixed three security flaws, all of which could allow a remote attacker to execute arbitrary code with the same permissions of the Samba server. Some of these flaws are especially dangerous as they allow an anonymous attacker on the network to compromise the Samba server. The anonymous part is what makes the flaws the most scary. If an attacker has to be authenticated against the Samba server, you have a known number of attackers. If anyone attached to the network is able to attack Samba, there can be a near infinite number of attackers depending on the network setup.

The lesson one should take away from this, is that proper network setup is important. Sane firewall rules can go a long way. If you only need one machine to talk to the Samba server, you should only allow that machine access, not the whole network. Spending some time thinking about your network needs can make a big difference when a security flaw is found.

[1] http://news.samba.org/releases/samba_3_0_25_release/

Security Advisories
In this section, we cover Security Advisories from fedora-package-announce.

https://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora Core 6 Security Advisories

 * 2007-05-15 nfs-utils-1.0.10-10.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-510
 * 2007-05-14 [SECURITY] freeradius-1.1.3-2.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-499
 * 2007-05-14 [SECURITY] php-5.1.6-3.6.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-503
 * 2007-05-14 [SECURITY] samba-3.0.24-5.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-507
 * 2007-05-14 [SECURITY] squirrelmail-1.4.10a-1.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-505
 * 2007-05-14 firefox-1.5.0.10-6.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-500
 * 2007-05-14 foomatic-3.0.2-39.5.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-446
 * 2007-05-14 logrotate-3.7.4-13.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-504
 * 2007-05-14 openldap-2.3.30-2.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-467
 * 2007-05-14 procps-3.2.7-10.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-495
 * 2007-05-14 ypbind-1.19-7.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-502

Fedora Core 5 Security Advisories

 * 2007-05-14 [SECURITY] samba-3.0.24-5.fc5 - http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-506
 * 2007-05-14 openldap-2.3.30-2.fc5 - http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-468
 * 2007-05-14 procps-3.2.7-2.fc5 - http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-494
 * 2007-05-14 SDL-1.2.9-6 - http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-498

Events and Meetings
In this section, we cover event reports and meeting summaries from various projects.

Fedora Release Engineering Meeting 2007-05-14

 * https://www.redhat.com/archives/fedora-devel-list/2007-May/msg01192.html

Fedora French Ambassadors Meeting 2007-05-13

 * https://www.redhat.com/archives/fedora-ambassadors-list/2007-May/msg00094.html

Fedora Engineering Steering Committee 2007-05-10

 * https://www.redhat.com/archives/fedora-maintainers/2007-May/msg00474.html

Feedback
This document is maintained by the Fedora News Team[1]. Please feel free to contact us to give your feedback. If you'd like to contribute to a future issue of the Fedora Weekly News, please see the Join[2] page to find out how to help.

[1] http://fedoraproject.org/wiki/NewsProject

[2] http://fedoraproject.org/wiki/NewsProject/Join