- 1 Developments
In this section the people, personalities and debates on the @fedora-devel mailing list are summarized.
Contributing Writer: Oisin Feeley
Frozen for Fedora 11. Some Packages Still Not Built dist-f11
Jesse Keating announced that henceforth all F-11/ builds would go to dist-f11-updates-candidate and builds from devel/ would go to dist-f12. He asked for concerned parties to check that builds were being properly tagged.
In response to Mike Chambers' question Jesse confirmed that the nightly rawhide composes would consist of
Fedora 11 content until the GOLD packages were on their way out to the mirrors at which point the nightly rawhide composes would contain
Fedora 12 content.
On a related note Bill Nottingham asked maintainers of a list of packages not yet rebuilt in dist-f11 (with the attendant compiler and strong RPM hashes) to fix them if possible. Jesse Keating provided a slightly more aggressive list as an addendum.
Xorg Hacking Solves DontZap
Tom Callaway drew attention to a blog entry of Peter's which mentioned upstream patches by Julien Cristau (of Debian) to
xkeyboard-config and Peter's own patch to
Xserver which together make it possible to disallow zapping by default and also to turn zapping on with a
'setxkbmap -option terminate:ctrl_alt_bksp'
. The net result is that it is possible to get zapping to work but the
XKB configuration needs to be set up properly and the DontZap option left disabled (as per the new default).
In discussion with Kevin Kofler Peter clarified the situation in which the new settings would take effect. Kevin responded that it appeared that for
KDE users zapping with Ctrl-Alt-BkSp would remain as before.
The above summary of an elegant technical solution ignores the long, and at times vitriolic, complaints about this change. A common trope occurring in some recent threads seems to be that changes are made by Red Hat employees who are implementing changes without community consultation and all work to a common game plan. Seth Vidal challenged the latter assumption:"In a survey of 10 RH employees you will find between 10 and 40 different opinions. sometimes more if you don't ask some of them to confine their comments to a limited amount of time." In any event it's worth noting that the resolution (which filters the "Terminate_Server" action in a manner consistent with the handling of other actions in xkb rulesets) was contributed upstream by a Red Hat employee. As a point of information Kevin Fenzi also made it clear that the change had not been instigated by FESCo.
Minesweeper Certified Solitaire Professionals Satisfied with DVD
Feedback suggested that retaining the games was preferred and dropping the development libraries made sense as the latest versions would be needed and could be obtained from the repositories anyway. Jesse later posted this was sufficient to achieve the desired image size.
Presto and DeltaRPM Status
The ability to download binary diffs of RPM packages has been offered for some time now on Fedora through the
Presto project and presto-enabled repositories. Interest is high enough in Presto's bandwidth-saving abilities that no fewer than three separate threads were started to ensure that it would function properly for
Warren Togami asked if
Presto would be enabled by default for
Fedora 11. Last month (2009-03-21) Jonathan Dieter reported that the use of
rpm had broken
deltarpm but that a patched version was available in rawhide. See FWN#166 for earlier coverage of the challenges and changes resulting from the introduction of stronger hashes.
Jonathan also reported that the changes necessary in infrastructure to build deltarpms had been done. These changes were made fairly rapidly thanks to work done Michael Schroeder, the upstream
deltarpm developer. One issue that concerned Axel Thimm was the security with which checksums of deltarpms were being made. Till Maas and Jonathan Dieter provided reassurance that all deltarpms are generated from original rpms which needed to pass all verifications which
Martin Sourada was excited not just about
Presto but also about the slick new
Fedora 11. Martin was concerned about the issue of
Presto apparently not working well together. A bugzilla entry revealed that
PackageKit developer [[User:|Richard Hughes]] quickly created a patch which Martin reported as working.
On 2009-04-16 Bill Nottingham added to the "Rawhide Report" that "[...] rawhide is composed with deltarpms against the prior rawhide. Due to a bug, this is only currently working on i386; it should be fixed for other arches tomorrow. Please test and report any issues."
Browser Plugins May Strip SELinux Protections
Dan worried that while "[a] confined nsplugin is a nice feature for confining plugins downloaded from the network. But if you run openoffice and evince from within nsplugin they get confined, causing the apps to not work properly." In response to Simo Sorce Dan explained that any attempt to write transition rules to enable said applications to work properly would create an easy avenue of attack. Simo wondered if it would be possible to either write a security wrapper to restrict the command line, or to get application developers to honor SELinux labels in some way.
Warren Togami shared that removing
mozplugger was "[...] something I always do. It seems to cause more problems than it solves [...]" and James Morris expanded upon this with instructions "[...] on both removing mozplugger and restoring the security protections of SELinux. Simply removing the package isn't enough[.]" James questioned "[...] how a package which breaks a security feature not only made it into the repo, but how it became enabled by default[?]"
- Mozplugger describes itself as "[a] general purpose Mozilla plugin module that allows the user to embed and launch their favorite application to handle the various different types of media found on the Internet." http://mozplugger.mozdev.org/
Getting Rid of /usr for Fedora 12 ?
Lennart Poettering cheerfully invited any inclined parties to a flamefest over the elimination of the /usr directory. Lennart suggested that recent history indicated that more files were being moved from /usr to / and that confusion between the two was a source of error from some packages.
Enthusiasm for both the flamewar and the proposal was low.
A forceful and well-argued objection was made by Konstantin Ryabitsev on the basis that he liked to keep /boot and /usr on their own partitions and use a LUKS-encrypted LVM for everything else. Konstantin emphasized this was especially well-suited to portable machines which need to conserve power and are more likely to need encryption.
Ralf Corsepius invoked the FHS on /usr and the need to contain non-essential packages unavailable at certain boot stages therein. Chris Adams added that symlinking /usr to / had been shown to break
Lennart explained how /etc could be made read-only and adduced OpenSUSE, Debian and Gentoo as further evidence that a read-only root could be attained. Callum Lerwick pined for the days of floppy disks.
Toshio Kuratomi completely declined to play and asked: "I'm hereby giving notice that I don't have time to read obvious flamefests anymore. Once this thread concludes, please summarize whatever the pros and cons are and send it to the packaging committee to discuss and vote on."