In this section the people, personalities and debates on the @fedora-devel mailing list are summarized.
Contributing Writer: Oisin Feeley
Fedora Intrusion Update
Paul W. Frields broke radio silence to provide a detailed explanation of last August's (2008-08-12) security problem. Briefly, a
Fedora Project systems administrator used a pass-phraseless SSH key. This was copied from the administrator's machine and used to gain access to Fedora infrastructure. Subsequently trojaned versions of
rpm were built and deployed on Fedora infrastructure. The investigation concludes that these packages were detected and removed before any
rpms were built with them or distributed to Fedora users. The full, detailed communication includes a time-line.
Emacs Cabal Disables Xorg Ctrl-Alt-Backspace
Much work has been done on the
Fedora 11 release notes to advise users of significant changes. A thread started by Gerry Reno to question the disabling of Ctrl-Alt-Backspace as a key combination to kill the X server shows that these beta release notes are an important means to notify prospective users of new features of the operating system. Gerry was among many contributors to the thread that preferred to keep the traditional functionality enabled. This change was an upstream Xorg decision apparently taken to prevent users from accidentally killing their X servers. Although there had previously been extensive discussion (reported in FWN#162) and a nice, hot flamewar on the upstream lists the change seemed to take many by surprise. This prompted accusations that "[...] big changes like this need to be advertised extensively instead of just quietly slipped in."
Roland McGrath suggested ways in which
xorg.conf could be changed using a
kickstart post-scriptlet but preferred that such choices would be pushed into the users' "keyboard shortcut" preferences. Gerry raised the issue of the use of the Ctrl-Alt-Backspace combination being essential to virtual machine management.
Another dissatisfied user was Arthur Pemberton. He requested discussion of why such large changes as disabling Ctrl-Alt-Backspace, removing
Xorg.conf in favor of auto-detection, and others had been made without what he considered to be enough discussion. Response to this line of questioning suggested variously that the change had been made "secretly" upstream in order to appease an emacs-using cabal, and that Fedora had adopted the changes solely because Ubuntu had done so. This latter accusation was disputed by Matthew Garrett. The
emacs angle seems to come from the fact that the
emacs key-combinations "Ctrl-Alt-End" and "Ctrl-Alt-\" are, with certain keyboard layouts, a danger to fumble-fingered users. Arthur pointed to an added complication in a use case in which booting with the monitor powered off requires restarting the X server.
Felix Miata mentioned that OpenSuSE's solution was to require that the Ctrl-Alt-Backspace sequence be struck twice before it took effect. This was also suggested by Gerry during a thread in which Matthew Garrett and Matthias Clasen explained that the
Terminate_Server symbol could be bound to any desired key-binding through
Ahmed Kamal suggested: "To anyone wanting to kill X when it hangs, why not login through a VC and `pkill X' .. Just like any process, why do we have to have magic keys!" Similarly Adam Jackson challenged the assertion that it would be possible to use the key combination to deal with faulty drivers.
Neal Becker posted a link to an interesting way to use the capabilities of the
ZFS filesystem to take snapshots of the system and provide a safe, stable way to upgrade. Seth Vidal seemed sanguine that this would be relatively easy with a
Repoview Temporarily Bust in Fedora 10
After a report from Uwe Kiewel that he could not create a repoview for
Fedora 10 Everything Seth Vidal posted that there was a fix available in rawhide but it had not got into
Fedora 10 yet. Konstantin Ryabitsev (Icon) built the updated packages and Josh Boyer posted that they would be available very shortly.
LGPL Qt-4.5 in Fedora 10 and Fedora 9
KevinKofler announced updates of
Fedora 10 and
Fedora 9. He detailed the advantages of this backwards-compatible update and suggested that maintainers of
Qt-4-based packages do some quick checks to ensure that there would be no snags.