- 1 Fedora Weekly News Issue 136
- 1.1 Announcements
- 1.1.1 FESCo Election Results
- 1.1.2 Cast your vote for the Fedora 10 Codename!
- 1.1.3 Fedora 10 Alpha Freeze
- 1.1.4 Announcing the Fedora OLPC Special Interest Group
- 1.1.5 Fedora Unity releases updated Fedora 9 Re-Spin
- 1.1.6 Feature Process Improvements
- 1.1.7 FUEL opens up collaborative standardization of localization terms
- 1.2 Planet Fedora
- 1.3 Marketing
- 1.3.1 Linus Torvalds' personal Linux distro? Fedora 9, of course
- 1.3.2 Asus Eee PC Fedora Respin
- 1.3.3 Zimbra changes license to address Fedora concerns
- 1.3.4 Seneca College teams with FOSS projects for hands-on learning
- 1.3.5 Intel's Moblin switches from Ubuntu in favor of Fedora
- 1.3.6 Fedora launches OLPC group
- 1.3.7 Ring. Ring. It's Fedora calling
- 1.3.8 Linux Symposium Proceedings Available
- 1.3.9 Video: Fedora Live
- 1.4 Ambassadors
- 1.5 Planet Fedora
- 1.5.1 Erratum: FWN#133 "Shark" is a JIT not a VM
- 1.5.2 New libraw1394 Rebuild Exposes Closed ACLs
- 1.5.3 XULRunner Security Update Breakage Stimulates Bodhi Discussion
- 1.5.4 Broken Upgrade Paths Due to NEVR
- 1.5.5 Application Installer "Amber" Provides Browser Interface to Packages
- 1.5.6 RPM Inspires Intel Moblin2 Shift From Ubuntu
- 1.6 Artwork
- 1.7 Security Advisories
- 1.1 Announcements
Fedora Weekly News Issue 136
Welcome to Fedora Weekly News Issue 136 for the week ending July 26, 2008.
Fedora Weekly News keep you updated with the latest issues, events and activities in the fedora community.
If you are interested in contributing to Fedora Weekly News, please see our 'join' page. Being a Fedora Weekly News beat writer gives you a chance to work on one of our community's most important sources of news, and can be done in only about 1 hour per week of your time.
We are still looking for a beat writer to summarize the Fedora Events and Meetings that happened during each week.
In this section, we cover announcements from the Fedora Project.
Contributing Writer: Max Spevack
FESCo Election Results
Brian Pepple announced the results of the Fedora Engineering Steering Committee election:
"The results of the Fedora Engineering Steering Committee (FESCo) election are in: Bill Nottingham, Kevin Fenzi, Dennis Gilmore, Brian Pepple, and David Woodhouse have been elected to full two-release terms, and Jarod Wilson, Josh Boyer, Jon Stanley and Karsten Hopp have been elected to a one-release term."
Cast your vote for the Fedora 10 Codename!
Josh Boyer reminded folks to vote:
"As long as you have signed the CLA and belong to one additional group in the Fedora Account System, you can cast your vote.
Voting will end and be tallied at 23:59:59 28 July 2008 UTC."
Fedora 10 Alpha Freeze
Jesse Keating announced:
"We have our first development freeze of the Fedora 10 cycle tomorrow. This is the alpha freeze, which is non-blocking. Release Engineering will be making a freeze inside the buildsystem of tomorrow's rawhide content. This will be the basis of the Fedora 10 Alpha release."
Announcing the Fedora OLPC Special Interest Group
Greg DeKoenigsberg announced:
"Thus, I am proud to announce the formation of the Fedora OLPC Special Interest Group. Our mission: to provide the OLPC project with a strong, sustainable, scalable, community-driven base platform for innovation.
1. To identify and take responsible ownership of as many OLPC base packages as possible.
2. To maintain an excellent Sugar environment for Fedora, including a dedicated Sugar spin.
3. To identify useful opportunities for collaboration (infrastructure, localization, etc.)"
Fedora Unity releases updated Fedora 9 Re-Spin
Jeroen van Meeuwen informed us:
"The Fedora Unity Project is proud to announce the release of new ISO Re-Spins (DVD) of Fedora 9.
These Re-Spin ISOs are based on the officially released Fedora 9 installation media and include all updates released as of July 18th, 2008. The ISO images are available for i386 and x86_64 architectures via Jigdo starting Sunday, July 20th, 2008."
Feature Process Improvements
John Poelstra had some excellent news on the feature front:
"I was recently talking with Paul Frields about how to make the feature process more accessible... this combined with feedback in the rpm thread have led to a (hopefully) clearer presentation of how the feature process works."
FUEL opens up collaborative standardization of localization terms
FUEL (Frequently Used Entries for Localization) aims at solving the problem of inconsistency and lack of standardization in computer software translation across the platform for all Languages. It will try to provide a standardized and consistent look of computer for a language computer users.
In this section, we cover the highlights of Planet Fedora - an aggregation of blogs from Fedora contributors worldwide.
Contributing Writer: Max Spevack
Shameless Recruiting Pitch
We begin this week's summary of Planet Fedora with a recruitment pitch for Fedora Weekly News beat writers, scribed by Karsten Wade.
Intel's Moblin moves to Fedora
The topic that took Planet Fedora by storm on Friday and Saturday was the announcement of Intel's Moblin moving from Ubuntu to Fedora as its base OS. Yaakov Nemoy, John Palmieri, Seth Vidal, and Karsten Wade all weighed in with their thoughts.
A number of event reports were posted on Planet Fedora this week.
- LUG Radio Live UK, attended by Max Spevack.
- Ottawa Linux Symposium (day 1), as reported by Dennis Gilmore.
- LTSP Hackfest (day 1), which included hackers from numerous Linux distros, and Fedora's own Warren Togami.
- A GUADEC trip report (including pictures) from Dimitris Glezos.
- A second place finish in the 2008 RoboCup World Championships, with a report from Tim Niemueller.
In other event news:
- Sandro "red" Mathys has posted details about the upcoming Fedora Ambassador Day EMEA.
- James Morris shared his Ottawa Linux Symposium paper with us, which is a detailed update on SELinux.
Transifex 0.3 has been released. "Transifex 0.3 is a major release, including a lot of under-the-hood changes. We’ve added full i18n support, and now in addition to the templates, per-module information stored in the database, such as names and descriptions, can be translated as well," explains project lead Dimitris Glezos.
Lorenzo Villani is working on adding the ZYpp stack into Fedora. He explains, "It seems that with the latest releases of sat-solver, libzypp and zypper, the whole stack has become more stable on Fedora, especially, in the past few weeks I wasn’t able to update packages due to various resolver’s problems, but now it seems that 'zypper up' does its job smoothly."
Other Interesting Posts
In this section, we cover the Fedora Marketing Project.
Contributing Writer: PascalCalarco
Linus Torvalds' personal Linux distro? Fedora 9, of course
LCafiero reported that the creator of Linux, Linus Torvalds, currently uses Fedora 9 "on most of his computers" as reported in a recent interview. "I've used different distributions over the years ... Fedora had fairly good support for PowerPC back when I used that, so I grew used to it. But I actually don't care too much about the distribution, as long as it makes it easy to install and keep reasonably up-to-date," Torvalds added.
Asus Eee PC Fedora Respin
ValentTurkovic asked if there was interest in working on a Fedora spin for the Eee PC. ClintSavage reported that his kickstart for the Eee is working almost perfectly, and Mathieu Bridon pointed to the [EeePc wiki page] for this activity.
Zimbra changes license to address Fedora concerns
Rahul Sundaram reported that Yahoo has responded to the suggestion that the license language for Zimbra be modified to allow it to be consonant with the Fedora project, which now paves the way for Zimbra to be made available in Fedora. "Our colleagues in the Fedora community were concerned that the old version of 6.2 did not give licensees enough certainty that they could keep exercising their license, even if they followed its requirements. We thought this change was a reasonable request, and we were very pleased that we were able to respond to the Fedora community in the way they asked. Many thanks to our Fedora friends for their input," the Yahoo spokesman explained. Jeroen Van Meeuwen added that efforts are already underway to package Zimbra for Fedora.
Seneca College teams with FOSS projects for hands-on learning
Rahul Sundaram shared a feature from Linux.com detailing the growth of the free and open source software program at Seneca College in Toronto, Canada. Beginning this fall, thanks to Fedora, it will add the graduate-level Linux/Unix System Administration program. The article continues with Greg DeKoenigsberg, Fedora's liaison with Seneca, saying, "There's a lot of knowledge that's just not taught that you need [in order] to participate in an open source project. There's a difference in how open source is approached [compared to] traditional software, and it's not like you can learn it in a book. It's very much an apprenticeship model."
Intel's Moblin switches from Ubuntu in favor of Fedora
Rahul Sundaram shared news reported in the UK's Register that Intel has shifted from use of Ubuntu to Fedora. "Under the changes, the existing Ubuntu-based kernel is out and Fedora is in, along with a set of Gnome-compatible mobile components that updates Moblin's previous Gnome implementation." Intel's director of Linux and open-source strategy explained that "there was no falling out with Ubuntu, but the move to Fedora was a technical decision based on the desire to adopt RPM for package management." Rahul followed up with more information on this development, reported later in heise open source.
Fedora launches OLPC group
Rahul Sundaram forwarded news that the Fedora Project has started a Open Laptop per Child Special Interest Group to help with the educational computing effort. Fedora will offer increased help with package maintenance for OLPC, "maintain an excellent Sugar environment for Fedora, including a dedicated Sugar spin; to identify opportunities for collaboration on things such as infrastructure and localisation." A discussion list has also been established for this, and all are welcome to join these efforts.
Ring. Ring. It's Fedora calling
Rahul Sundaram shared a story in CNET News this week about Fedora Talk, a VOIP project that "allows Fedora contributors to use any standard VoIP hardware or software to sign into the Fedora system and make and receive calls to other Fedora contributors." CNET added, "It's an intriguing way for the Fedora community to tighten the development process by bringing developers together. IM, mailing lists, and e-mail are great, but talking with someone is sometimes the best way to make things happen."
Linux Symposium Proceedings Available
Rahul Sundaram posted that the 2001-2008 proceedings of the Linux Symposium were now freely-available, along with the GCC Summit Proceedings.
Video: Fedora Live
Rahul Sundaram shared a recent article in Red Hat Magazine featuring the Fedora Project's Paul Frields talking with developer Jeremy Katz "to discuss the Live USB feature debuted in Fedora 9 ... See a live demo of the persistent desktop, and find out how to get more involved in the next Fedora release."
In this section, we cover Fedora Ambassadors Project.
Contributing Writer: Jeffrey Tadlock
FAD EMEA 2008 - Date & Location Determined
Sandro Mathys announced that the data and location for FAD EMEA 2008 have been determined. It will take place in Basel, Switzerland from 2008-11-14 to 2008-11-16. Additional information is available on the FAD EMEA 2008 wiki page.
Planning for Fedora 10 Release Parties
Francesco Ugolini posted to the ambassadors list a request for feedback for planning for Fedora 10 release parties. We had great success with out Fedora 9 release parties - be sure to get your suggestions in for planning Fedora 10 release parties in the future.
Event Reports Reminder
Max Spevack posted a reminder that event reports are required if you were the leader of an event. Event reports are also encouraged from attendees of events as well. The event reporting guidelines page covers what should be included in an event report.
In this section the people, personalities and debates on the @fedora-devel mailing list are summarized.
Contributing Writer: Oisin Feeley
Erratum: FWN#133 "Shark" is a JIT not a VM
Gary Benson kindly corrected an error in FWN#133 "Java, So Many Free Choices" which reported on the work being done by Red Hat engineers to expand the availability of a FOSS Java across more architectures. The gist of the correction is that shark is not a Virtual Machine(VM) as stated in the article. Gary explained that OpenJDK is composed of a VM named HotSpot and a class library. HotSpot runs on a limited number of architectures and so there have been two independent attempts to increase VM coverage. One of these is named cacao and while it was a promising project it was uncertain how well it would work. The other is a Red Hat initiative to explicitly port HotSpot to more architectures by providing an interpreter named zero. As zero is solely an interpreter it is slow and in need of a JIT. This JIT could well end up being Shark. Thanks to Gary for taking the time to clarify this point. We encourage readers to correct important technical issues and misunderstandings and can be contacted via "email@example.com".
New libraw1394 Rebuild Exposes Closed ACLs
A simple warning made by Jarod Wilson of a soname bump of libraw1394 (which among other things allows easy switching between juju and the older drivers) revealed that Fedora's KDE maintainers are not using open ACLs for their packages. The issue of whether open ACLs should be used to allow any interested community member (e.g. with a FAS account) to start making changes without bureaucracy has been visited several times on @fedora-devel and has been argued[1a] to be one of the exciting "post-merge" aspects of the FedoraProject. Objections have included those based on security (see FWN#112 "Open By Default: New FAS Groups Proposed"[1b]) and the logistics of co-ordinating such open access (see FWN#91 "Community Control And Documentation Of New Workflows"[1c]). At times it has appeared that those who were non-Red Hat employees and contributing to the pre-merge "Extras" repository were the strongest advocates for open ACLs.
Jarod provided a short list of affected packages including kdebase and kdebase3 and wondered whether he should "do a fancy chainbuild, or just let rawhide be busted for a day?" Following advice received offlist he decided that the procedure would be to first bump and tag each of the packages, and then from within the devel-branch of a dependent package issue a:
[jwilson foo fedora-cvs/pkg11/devel]$ make chain-build CHAIN="libraw1394 pkg1 ... pkg10"
This eventually worked, but first Jarod had to contact maintainers that disallowed commit access using open ACLs and get them to do the bump and tag in order to use the above method.
Early on in the chain of events Kevin Koffler noted the necessity to do this for the KDE packages. "Drago01" wondered why there were closed ACLs to which Rex Dieter replied that it was not necessary for non-core development platform bits and he would try to change the ACLs for them. Konrad Meyer defended the choice on the basis that "KDE is a major system component and the KDE team (which is something like 6-8 people) does a very good job of fixing things as soon as they need fixing." Further probing for an actual reason by Rahul Sundaram resulted in Konrad stating that it was necessary to prevent people from making mistakes and that the
kernel package was handled similarly. Rahul was unconvinced by this and Jon Stanley agreed it should be possible, as with GNOME, to use open ACLs to allow anyone to help.
XULRunner Security Update Breakage Stimulates Bodhi Discussion
After Michael Schwendt published a summary of broken dependencies for Fedora 9 it was noticed by Martin Sourada that most of the problems were due to a recent update of xulrunner which now provides gecko-libs (see FWN#110.) Martin discovered that gxine, which was his particular responsibility, did not depend on a specific version of gecko-libs and thus removed the versioned dependencies. He suggested that a review by carried out of the other affected packages to determine whether this was also the case for them.
Martin was further concerned that the policies for pushing security updates for a stable release be examined in the light of this particular case because it would fail to install due to all the broken dependencies. He suggested that it ought to be possible to use chain builds (the Koji buildsystem allows packages to be grouped into sets during the build process and to only report success if all the packages complete perfectly) to ensure that such breakage does not occur. He also wondered why the security update was not mentioned on the "-devel(-announce) list?"
Nicolas Mailhot agreed strongly wondering: "why the hell is this stuff not tested in -devel first? [...] When the update process is not streamlined in -devel, it's no surprise it bombs in -stable when security updates are due." The answers to these questions came from Adel Gadllah (drago01) who replied that as it was a security fix it had to go to updates-stable immediately instead of following the normal procedure. David Nielsen interjected that this method did not deliver a quick security fix because those using, for example, epiphany failed to get the update because the dependencies had not been properly handled. Michael Schwendt also made the same point: "Doesn't matter. It doesn't install at all if it breaks dependencies of *installed* packages. Not even *skip-broken helps in that case." Adel clarified that he was explaining "why it was done, not that it was the right thing to do. As I already said, bodhi should block updates that break deps."
 Generally bleeding-edge changes for the next version of Fedora are published in the "fedora-rawhide" repository, which is derived from a CVS branch named "-devel". The "fedora-updatestesting" repository contains bleeding edge changes for the current maintained release, the idea being that volunteers will test them and provide feedback before they are pushed to the "fedora-updates" repository for general consumption.
Broken Upgrade Paths Due to NEVR
A report listing packages which failed to upgrade smoothly was emailed to the list on Mon 21st. This would appear to be the output of Jesse Keating's revamped version of the old Extras script upgradecheck (previously discussed in FWN#108 "Package EVR Problems") which examines Koji tags to determine whether upgrades from one package version to another will work.
Michael Schwendt noticed that at least one reported failure, of audacity to upgrade from "dist-f8-updates-testing" to "dist-f9-updates" was a false positive because it omitted to take the possible intermediate tag "dist-f9-updates-testing" into account. Jesse Keating pondered the idea and while admitting the possibility that someone might "at one time [have] installed F8 testing updates, and then upgraded to F9 + updates, but without F9 updates-testing. However, it's more plausible that if they were using updates-testing on F8 that they would upgrade to F9 + updates + updates-testing." He suggested that he would break the testing down into two separate paths: "F8, F8-updates, f9-updates" and "F8-updates-testing, F9-updates-testing" and also list the person that built the broken instance instead of listing the owners of the broken packages.
As the owner can change per branch Michael Schwendt suggested that the pkgdb could be queried for branch-specific ownership data, but Jesse thought that it was more interesting to know who built the package rather than who owned it. He hoped that "the <pkg>-contact fedoraproject org or some such gets created soon so that the script can just email that + the person whom built the problematic package" and Seth Vidal quickly implemented this after Toshio Kuratomi made some changes to pkgdb.
Application Installer "Amber" Provides Browser Interface to Packages
A description was posted by Owen Taylor of a visual means to rate, browse and install packaged applications in a repository. The discussion around this revealed some differences over the advisability of providing separate ways for ordinary end-users on the one hand and package maintainers on the other to discover and discuss the software available from the FedoraProject. Owen's post was to announce that he had hacked up a web-browser plugin (a detailed README is available which includes discussion of security and cross-browser support) which used PackageKit to allow the installation of packages selected from this website. He had hopes that this would be "robust against inter-distro differences in package names" and wondered "[w]hat do people think... does this make sense as part of the PackageKit project?"
Following a suggestion from Tom Callaway that it be integrated with PackageDB (this is the central repository of meta-information on packages and is currently targeted to the needs of package maintainers and release-engineering to track ownership and ACLs) there were questions from Jeff Spaleta about what that meant. Owen replied with more detail, and explained that the web application would take information from PackageDB but that the plugin would use PackageKit (and YUM and hence comps.xml) to display actual installable packages. He listed other possible operations beyond simple installation of packages. It would be possible to offer installation to any anonymous user, but after authentication rating and commenting on packages could be authorized for users in the FAS class. Similarly, the ability to edit package information could be authorized for package owners.
Jeff emphasized that he would prefer to see Owen's interface replace, or augment, the existing PackageDB one in order to increase user-maintainer communication by simplifying and reducing the number of interfaces. Bill Nottingham wondered "Does anyone actually use packagedb to browse for available software?" and although there were a couple of affirmative replies there was no aggregate data presented to answer this question. Nicolas Mailhot replied with some possible uses for expanded meta-information based upon the experience of the Fonts SIG.
Robin Norwood explained to Jeff that the PackageDB was for one audience "(mostly) targeted at people interested in the plumbing of Fedora" while the new interface was "targeted at people who are looking for applications to install and 'do stuff' with." He posted a link to the Feature page for this ApplicationInstaller. Work seems to have progressed quite far with both the web-application side, which is tentatively named "Amber" and is available for proof-of-concept testing and also with Owen's plugin.
Jeff re-iterated his point that "driving users to a different site than the package maintainers... and allowing them to comment [is] going to cause a communication gap" and characterized this as "driveby commenting and rating." Matthias Clasen did not accept that the use cases and requirements were the same as those for PackageDB and argued that "[t]his is not an effort to improve package quality or gain new contributors. This is an effort to make life of users better. It is not about packages, but about applications." Robin was against Jeff's idea of a "monolithic app" and emphasized that he was using existing infrastructure to provide a new interface and also planning easy export of the data. He envisioned this data as providing, for example, a feed of comments about each package to PackageDB: "More of a semantic web type idea than an isolated database or a 'one-stop shop'."
RPM Inspires Intel Moblin2 Shift From Ubuntu
An excited Peter Robinson copied a link to "The Register" to the list. The article claimed that Intel's next version of "Moblin" (cunningly codenamed Moblin2) would be replacing the "Ubuntu-based kernel" with the Fedora kernel and cited Dirk Hohndel. Specifically it attributed a desire to "move to Fedora [as] a technical decision based on the desire to adopt RPM for package management [and also that] having a vibrant community push is the winning factor." The article has since been rebuffed by Hohndel in a comment on one of his blogs as "not only low on detail, it's also high in content that's made up or blown out of proportion" but he does confirm that "we decided to move to an rpm based distribution as that gave us better build tools and most importantly a better way to manage the licenses under which the individual packages are released."
 Moblin is a GNU/Linux-based software stack for Mobile Internet Devices which includes Xorg,GStreamer,ALSA,the MatchboxWM, GTK, Cairo, Pango, D-Bus, Avahi, Evolution Data Server and more. In order to make life easy for developers a Moblin Image Creator makes it easy to create a small 350-600MB binary image for a particular architecture. Moblin explicitly aims to provide an alternative to GNOME and KDE. http://www.moblin.org/resource.center.php
Commentary on @fedora-devel tended to cautious optimism mixed with a desire for a lot more information. Jeff Spaleta asked whether the idea was to have Moblin2 be a "part of the larger Fedora project or is it going to be a downstream derived distribution that will include components such that it can not carry the Fedora name?" and broached the idea that Moblin2 might be a candidate for a Secondary Architecture (see FWN#90 and FWN#92.) DavidWoodhouse (posting with an Intel.com sig) also liked the idea of a Moblin2 SIG producing a Fedora spin for MIDs (Mobile Internet Devices.)
While "yersinia" thought that the emphasis on RPM was interesting Hansde Goede was intrigued by the emphasis on community activity. Hans suggested that Jeff Spaleta contact Dirk Hohndel to emphasize the dynamic nature of the FOSS community behind Fedora. Jeff suggested that Karsten Wade could meet with Dirk at this week's OSCON. Ex-Red Hat star employee Arjanvande Ven volunteered to do what he could to help make contact with Dirk, describing himself as "on the other side of a cube wall" from him. In response to Rahul Sundaram's request for concrete information from Intel Arjan responded that he would do his best to get the right people to make contact, but that much of the speculation on @fedora-devel concerned topics which have an "eh we don't know yet" answer. He also repeated cautions against believing anything which journalists write.
Paul Frields followed up with details of a meeting at OSCON with senior Fedora hackers. It seemed that the ability to use OpenSuSE's Open Build System (which is based on RPM) was one of the main motivations behind Intel's move. Apparently Koji (the Fedora Project's buildsystem) lacks some specific functionality. Discussion between Paul Frields and Jeff Spaleta centered around whether the apparent Moblin2 plan of acting as a downstream derivative of the Fedora kernel would allow them to garner community contributions and whether this mattered anyway given Intel's vast resources.
Arthur Pemberton thought that this was a good opportunity to take on some of the anti-RPM and anti-YUM misinformation which had been spread about. David Nielsen thought it was best to merely demand proof from those spreading FUD. Seth Vidal conceded that perhaps not enough had been done to publicize the improvements in YUM and RPM over the last few years and cited a particular case-study of a smartpm user comparing it with YUM to the advantage of the latter.
In this section, we cover the Fedora Artwork Project.
Contributing Writer: Nicu Buculei
After Martin Sourada laid out some plans last week for the Nodoka GTK2 theme engine development, he updated the Fedora Art list with news about the topic: "Considering that the Feature freeze for F10 is nearing and I haven't finished yet with the sketching, I'll push it for Fedora 11, while in Fedora 10 we'll have new notification theme , maybe the Echo icons and some minor improvements to the gtk theme/engine."
Gathering feed-back about Fedora 10 theme proposals
After the first round of the theme creation process for Fedora 10 ended, Nicu Buculei started gathering feed-back from the community (everyone is invited to participated, including the Fedora Weekly News readers): "Since the first round for F10 themes just ended, I wrote to my (infamous) blog an article listing all the proposals, including thumbnails and descriptions and asked for feedback (noting that the preferred way is this mailing list). Also posted about it on FedoraForum."
A possible Bluecurve revival
Andy Fitzsimon shared on the Fedora Art list a theme mockup "I didn't design it specifically for fedora but I hope someone here finds it useful for future mocks" and very quickly Hylke Bons expressed his interest and idea about using it in combination with his own project "I think this will fit well in my attempt to ressurect Bluecurve" (Bluecurve is the venerable theme introduced in Red Hat Linux 8 and used as a default until Fedora 6).
In this section, we cover Security Advisories from fedora-package-announce.
Contributing Writer: David Nalley
Fedora 9 Security Advisories
- mantis-1.1.2-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00801.html
- dbmail-2.2.9-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01094.html
- libetpan-0.54-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01093.html
- php-5.2.6-2.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01021.html
- ruby-126.96.36.199-1.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01016.html
- gnutls-2.0.4-3.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00980.html
- licq-1.3.5-2.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00879.html
- perl-5.10.0-27.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00874.html
- linuxdcpp-1.0.1-3.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01106.html
- sipp-3.1-2.fc9 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01160.html
Fedora 8 Security Advisories
- wireshark-1.0.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00798.html
- asterisk-188.8.131.52-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html
- mantis-1.1.2-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00813.html