FWN/Issue163

= Fedora Weekly News Issue 163 =

Welcome to Fedora Weekly News Issue 163 for the week ending February 15th, 2009.

http://fedoraproject.org/wiki/FWN/Issue163

This week's issue provides some detail on the upcoming Fedora Activity Day (FAD) at Southern California Linux Expo (SCaLE), many posts from the Fedora Planet blogosphere, and selected wonderful event reports from FOSDEM. We welcome a brand new Quality Assurance beat this issue, with coverage of the latest test day focusing on iSCSI for Fedora 11, summary of the latest QA weekly meeting, and discussion of the process for critical-release bugs. In Development news, discussion of FLOSS multimedia codec support in Fedora, preview looks at F11 release notes, and the availability of CrossReport, a tool to evaluate the ease with which applications can be ported to Windows using the MinGW libraries. From the Translation team, updates and details on the infrastructure roadmap for translation, and migration of Damned Lies to the new Django-based interface. Infrastructure reports availability of WordPress multi-user for Fedora sub-projects, and planning for cgit as a replacement for gitweb on hosted2. Artwork has updates on the continuing evolution of Fedora 11 artwork. The Security Week beat examines recent discussion on Slashdot regarding 'how to argue the security of open source software,' and this issue wraps up with a summary of the security advisories for Fedora 9 and 10 over this past week. Enjoy!

If you are interested in contributing to Fedora Weekly News, please see our 'join' page[1]. We welcome reader feedback: fedora-news-list@redhat.com

FWN Editorial Team: Pascal Calarco, Oisin Feeley, Huzaifa Sidhpurwala

[1] http://fedoraproject.org/wiki/NewsProject/Join

Announcements
In this section, we cover announcements from the Fedora Project.

http://www.redhat.com/archives/fedora-announce-list/

http://www.redhat.com/archives/fedora-devel-announce/

http://fedoraproject.org/wiki/FedoraEvents

Contributing Writer: Max Spevack

Slow News Week
It was a quiet week on the announcements front, with nothing more than a few outage notifications being sent to the primary Fedora announcements mailing lists.

Your correspondent promises to make an announcement this week, so that this space may be used to its full potential in next week's issue.

Upcoming Events
2009-02-20: Fedora Activity Day @ SCaLE

2009-02-20 - 2009-02-22: Southern California Linux Expo (SCaLE)

Also, people are encouraged to register for Fedora or JBoss.org related speaking slots at LinuxTag 2009.

release, including Flat Volumes, On-the-fly Reconfiguration of Devices (aka "S/PDIF Support"), Native support for 24bit samples and support for Airport Express.

David Nalley wrote about the Fedora Ambassadors giving away free XO laptops! To qualify, either "Package and maintain a sugar-* package for 2 releases or more" or "Build a Sugar activity that helps meet the 'holy list of 4th grade maths '".

Andrew Overholt announced the release of the  project for. The release has lots of features from profiling and tracing with  to   and RPM spec file editor (with autocomplete) support.

Jef Spaleta expressed mild excitement at Canonical's "Renewed focus on suspend resume". In a later post, he wrote about comparing Linux (and even OSX) user experiences with respect to functionality regressions after an update.

Seth Vidal mused on the fact that a poster on Planet Gnome had said that "Fedora is held to a higher standard" than certain other distributions.

Harish Pillay reacted to an IDC report claiming "Proprietary software products are much better documented than open source because of the volunteer nature of open source software development".

and Amazon's S3 Storage Service.

Mohd Izhar Firdaus Ismail described how to enable "Disk snapshot backup in Linux".

Lennart Poettering requested that  interfaces be properly versioned, and described some best-practices including the hows and whys.

and  functionality with a range of common hardware for. He highlighted four important areas he felt were needed for this: an opt-in system to record what hardware is owned by what testers (possibly utilizing Smolt), a system for producing test plans, a system for recording the results of tests, and regularly scheduled test sessions. Jóhann Guðmundsson supported the idea and suggested that, while some of the features would require help from the infrastructure group, the QA group could at least immediately start writing test cases. James Laska pointed out that extensive information is needed to diagnose and fix  issues remotely. François will work with the X maintainers to define exactly what information needs to be provided.

providing sub-optimal implementations of unencumbered codecs. It seems that for reasons of efficiency  re-invents the wheel from scratch instead of using and improving upstream implementations. Kevin Kofler also rose to the implied challenge that  was preferable to.

video motion detector software can be compiled to use either  or. Steven explained that the problem was that "[...]you can't divide it into sub-packages, at the end it generates one big binary file [...]" and wondered should he just choose the database he preferred or propose two packages.

Manuel Wolfshant expressed what appeared to be the common wisdome: "personally I would compile twice, once enabling mysql and another time pgsql, and create 2 packages. each package would install a "motion-dbname" binary, and a symlink would allow access via the well known name "motion". Using alternatives would allow a switch between the two."

Although it was admitted that David Woodhouse's suggestion to make the program use loadable plugins was the ideal Tom Lane thought that was "[...] a bit above and beyond what a packager should do. If he's also an upstream developer, then he should undertake that addition with his developer hat on; but it's *well* beyond the size of patch that a Fedora package should be carrying."

The ability to specify alternate requires (similar to those used in the .deb package format ) was discussed by Richard W.M. Jones and Tom Lane and dismissed as impractical in this case anyway due to variations in SQL.

Release Notes Ryan Lerch apprised the list of the latest changes to the  Release Notes. Ryan sought early feedback and changes to documentation beats in order to give the community an early preview of the release notes.

Initial feedback from Thorsten Leemhuis and Kevin Kofler and others indicated that the use of fixed-width instead of liquid layout was disliked by some people and loved by others.

Ryan also provided an rpm of this Release Notes mockup.

supports  fully there are still some fixes to make to   before the Fedora buildsystem can cope with noarch subpackages. Florian suggested that those who wanted to could experiment in  with   to compare the results across different architectures. He assured readers that there were no plans to force packagers to use this feature and invited anyone interested in developing the use of noarch in future release to a discussion.

Florian later warned that one potential negative outcome of using such sub-packages would be a proliferation of packages and consequent bloating of metadata which might affect.

VilleSkyttä suggested that it would be wise to make sure that use of  was enforced in order to ensure that earlier versions of   did not produce   versions of the main package and other potential subpackages. Florian's response recognized the problem but deprecated the use of  to such an extent. One possible alternative which he proposed was to "[have Panu Matilainen backport a check that will make noarch packages (both regular and noarch) fail to build if they contain binaries [and ensure that this] additional check will be in place before koji will be updated[.]" This latter proposal stimulated a good deal of interest from Ralf Corsepius and Richard W.M. Jones as they were both concerned with cross-architecture issue. The definition of a "binary" seemed to be one unclear point.

In a later thread Florian updated a list of packages which could be easily turned into noarch subpackages.

(see FWN#161, the use of i586 as the default supported architecture (see FWN#162 and the support of stronger hashes (last paragraph of FWN#107 ).

Apparently the time-constraints led to a desire to start the rebuild as soon as possible without giving maintainers an explicit window in which to do their own builds. Jesse preferred to give maintainers an ability to opt-out and sought suggestions on how this could be achieved.

Jesse suggested that interested parties should either reply to the thread and/or participate in the 2009-02-16 IRC meeting in #fedora-meeting at 1800UTC.

, a tool to evaluate the ease with which applications can be ported to Windows using the  libraries.

After some issue with platform dependency were reported by Michael Cronenworth were sorted out it seemed the tool is ready for use.

Translation
This section covers the news surrounding the Fedora Translation (L10n) Project.

http://fedoraproject.org/wiki/L10N

Contributing Writer: Runa Bhattacharjee

Additions to talk.fedoraproject.org
Rafael Gomes has volunteered to update content on talk.fedoraproject.org and would be creating the .pot file to make it available for translators. Additionally, Lucas Do Amaral has volunteered to add content regarding ekiga configuration that would ensure error free display of the translated content, as had been earlier reported by Richard van der Luit.

Further discussion on the Infrastructure Roadmap
In continuation to the earlier discussion, Dimitris Glezos mentions that the important issue currently is the inconsistent uptime of the system due to the lack of administration resources. He also mentions that adding Publican support to the Transifex instance would be possible with support from the Fedora Publican group. Additionally, he mentions that Transifex v0.5 to be released in March, would have support for Statistics based display as a start to the future goal of supporting all the features of Damned Lies. It is to be noted that FLP uses Damned Lies and Transifex for its Translation infrastructure.

Domingo Becker added a wishlist for the current system, that includes reservation of files for translation, timeout and notification system to the co-ordinator. In a separate thread, Francesco Tombolini voiced his opinion about the lack of the file locking feature and the downtime in the statistics page.

Migration of Damned Lies
Asgeir Frimannsson had announced the imminent migration of the old Damned Lies instance to the new Django-based Damned Lies instance. Damned Lies is used by http://translate.fedoraproject.org for generating the translation statistics.

New Members in FLP
Daniel Yousefi (Persian) , Ahmad Razzaghi (Persian), Daniele Catanesi (Italian) , Mads Bille Lundby (Danish), and Zoltan Sumegi (Hungarian) joined the Fedora Localization Project last week.

Infrastructure
This section contains the discussion happening on the fedora-infrastructure-list

http://fedoraproject.org/wiki/Infrastructure

Contributing Writer: Huzaifa Sidhpurwala

Calendaring system
Discussion on this topic continues from last week. Adam Williamson said that there are a couple of calendaring plugins which will allow for "days" will be allocated.

Clint Savage mentioned that the point is that it should support caldev or something better

wordpress-mu install
Mike McGrath asked who wanted to finalize our wordpress-mu install Mike further said that it has got built and there is a ticket for it

cgit to replace gitweb?
Seth Vidal said that he has setup cgit as a replacement for gitweb on hosted2 and it is available at hosted2.fedoraproject.org/cgit/ He said that he would like to replace gitweb as a web based git repo browser but that would mean that the urls from gitweb will not work any more. He said that he would like to get some feedback on this.

Bill Nottingham suggested that we may be able to able to do a rewrite rule.

Artwork
In this section, we cover the Fedora Artwork Project.

http://fedoraproject.org/wiki/Artwork

Contributing Writer: Nicu Buculei

Evolving Fedora 11 Artwork
The development of the Fedora 11 artwork evolved on @fedora-art. Máirí­n Duffy posted a new wallpaper mockup : "It's more really an attempt at a nice backdrop, and maybe we can layer some of the trees and buildings we were talking about on top[.]"

Charles Brej investigated boot animations: "On the plymouth front, I am likely to be a bit busier at work this release than the F10 one, so I would really appreciate some of ideas as to what people would like during the system boot. The possibilities are pretty much limitless but it would be a good thing to conserve the CPU and keep the number and size of images included in the initrd to a minimum".

Security Week
In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

Is Open Source Software Secure?
This week there was a story posted to Slashdot titled How To Argue That Open Source Software Is Secure?. Quoting the post: ... saying that they were warned that they are dangerously insecure because they run open source operating systems or software, because 'anyone can read the code and hack you with ease.'

This issue seems to keep coming up from time to time. This argument is of course silly and one of those "Prove it ... you can't? So it's true!" There is no way to prove that a piece of closed source software is more or less secure than a given piece of Open Source Software. If you can't see the source, you can't be certain that the vendor did or didn't fix issues. You need to unconditionally trust your vendor. If the source code is wide open for anyone to see, it keeps the vendor honest. You can't sweep issues under a transparent rug. You can try, and maybe hide a few piles of dust, but the really scary piles of dirt will stick out like sore thumbs.

The issue at hand isn't is application A more secure than application B, but do you trust vendor A more than vendor B?

Security Advisories
In this section, we cover Security Advisories from fedora-package-announce.

http://www.redhat.com/mailman/listinfo/fedora-package-announce

Contributing Writer: David Nalley

Fedora 10 Security Advisories

 * xine-lib-1.1.16.2-1.fc10 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00359.html
 * squid-3.0.STABLE13-1.fc10 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00362.html
 * squidGuard-1.2.1-2.fc10 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00365.html
 * python-fedora-0.3.9-1.fc10 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00368.html
 * asterisk-1.6.0.5-2.fc10 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00416.html
 * moodle-1.9.4-1.fc10 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00657.html
 * fail2ban-0.8.3-18.fc10 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00721.html

Fedora 9 Security Advisories

 * squidGuard-1.2.1-2.fc9 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00360.html
 * python-fedora-0.3.9-1.fc9 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00361.html
 * squid-3.0.STABLE13-1.fc9 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00363.html
 * lighttpd-1.4.20-6.fc9 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00364.html
 * xine-lib-1.1.16.2-1.fc9.1 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00367.html
 * moodle-1.9.4-1.fc9 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00496.html
 * asterisk-1.6.0.5-2.fc9 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00602.html
 * dahdi-tools-2.0.0-1.fc9 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00603.html
 * libresample-0.1.3-9.fc9 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00604.html
 * dnsmasq-2.45-1.fc9 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00670.html
 * fail2ban-0.8.3-18.fc9 - http://www.redhat.com/archives/fedora-package-announce/2009-February/msg00719.html