- 1 Fedora Weekly News Issue 101
- 1.1 Announcements
- 1.2 Ask Fedora
- 1.3 Planet Fedora
- 1.4 Daily Package
- 1.5 Marketing
- 1.6 Developments
- 1.6.1 PulseAudio Enabled By Default
- 1.6.2 GPL And LGPL Not Acceptable For Fedora
- 1.6.3 Mock Problems With Failing libdb-4.5.so Dependency
- 1.6.4 Attention! Low-Hanging Fruit Ahead!
- 1.6.5 XFS Problems Confirmed On x86 LVM
- 1.6.6 Mkinitrd EHCI-HCD Erro-71 On Boot
- 1.6.7 Meet The Desktop Team
- 1.6.8 Naming Fedora 8 And How Freezing Works
- 1.6.9 Package Management Cont.
- 1.6.10 TeXLive Status
- 1.7 Maintainers
- 1.8 Translation
- 1.9 Infrastructure
- 1.10 Security Week
- 1.11 Advisories and Updates
- 1.12 Fedora 7 Security Advisories
- 1.13 Fedora Core 6 Security Advisories
- 1.14 Events and Meetings
- 1.14.1 Fedora Board Meeting Minutes 2007-MM-DD
- 1.14.2 Fedora Ambassadors Meeting 2007-08-16
- 1.14.3 Fedora Documentation Steering Committee 2007-08-14
- 1.14.4 Fedora Engineering Steering Committee Meeting 2007-MM-DD
- 1.14.5 Fedora Extra Packages for Enterprise Linux Meeting 2007-08-15
- 1.14.6 Fedora Infrastructure Meeting (Log) 2007-MM-DD
- 1.14.7 Fedora Localization Project Meeting 2007-08-14
- 1.14.8 Fedora Packaging Committee Meeting 2007-MM-DD
- 1.14.9 Fedora Release Engineering Meeting 2007-08-13
- 1.15 Extras Extras
Fedora Weekly News Issue 101
Welcome to Fedora Weekly News Issue 101 for the week of August 13th. http://fedoraproject.org/wiki/FWN/Issue101
Here is a highlight of this week's report:
In Ask Fedora, we have "Location For Menu Entries And Customization" and "64-bit Java Plugin".
In Daily Package, we have "Fedora Daily Package Articles in Chinese", "MediaWiki - Collaborative publishing", "RenRot - Rename and rotate photos", "Wednesday Why: Logins and Sessions", "GKrellM - System monitoring tool", "TaxiPilot - Drive a Space Taxi" and "Fedora Daily Package Weekly Video Summary"
To join or give us your feedback, please visit http://fedoraproject.org/wiki/NewsProject/Join.
In this section, we cover announcements from various projects.
Contributing Writer: ThomasChung
There was no significant announcement last week.
In this section, we answer general questions from Fedora community. Send your questions to firstname.lastname@example.org and Fedora News Team will bring you answers from the Fedora Developers and Contributors to selected number of questions every week as part of our weekly news report. Please indicate if you do not wish your name and/or email address to be published.
Contributing Writer: RahulSundaram
Location For Menu Entries And Customization
Joe Klemmer <email@example.com>: I have all three of the major desktop environments installed on my systems. My primary is Xfce but I do use GNOME or KDE at times. One thing I have found is that the menu's are not consistent across desktops. On my system Fedora 7 box it seems that KDE has MANY more entries in it's menu than GNOME or Xfce. Xfce generates it's menu on the fly and I'm guessing that the other two do as well. Is there any standard for placement of .desktop files? Something more effective than "locate .desktop"
As an adjunct to this, is there a proper place for users to put manually created .desktop files? I have been putting them with the regular ones in /usr/share/applications/ but I'd be more at ease if there were a place under $(HOME) to put them. Something other than $(HOME)/Desktop as I wish to have entries in the menus but not on the desktop.
Desktop menu entries in GNOME, KDE and Xfce among others follow the freedesktop.org desktop entry specification  . The specification allows for certain entries to be shown only in one particular desktop environment or excluded from others based on the how they are specified in the desktop files in Fedora packages. The menu is generated dynamically from the ".desktop" files.
The system default folder in Fedora for menu entries is /usr/share/applications. See the specification for more details.
64-bit Java Plugin
Lane Brooks <firstname.lastname@example.org>: What options are there for getting a Java plugin working on 64bit Firefox?
Sun has after a long delay committed to a 64-bit plugin for Java version 1.7. Meanwhile the usual solution is to install the 32-bit version of Firefox which is available in the Fedora repository and continue using the 32-bit plugin.
In this section, we cover a highlight of Planet Fedora - an aggregation of blogs from world wide Fedora contributors.
Contributing Writers: ThomasChung
Fedora 8 virtualization work-in-progress
DanielBerrange reports in his blog ,
"For Fedora 8 we have quite an ambitious set of goals to improve security of the virtualization management stack. With the test2 date fast approaching things are starting to fall into place, although as ever its taken longer than expected. Should really have expected this since it requires getting code accepted in 3 upstream projects (Xen, QEMU, KVM), releases several brand new pieces of new software (GTK-VNC and Virt Viewer), and updating many others (Virt Manager & virt-install)."
LinuxWorld San Francisco 2007 Wrap-Up
MattDomsch reports in his blog
See the Video Interview at Fedora Booth.
"Fellow Fedora Project Board member KarstenWade, and Fedora engineer JackAboutboul were manning the Fedora booth, and took time to tell me about the Fedora Translations effort, and the Creative Commons Live Content CD they were giving away, built entirely with Open Source tools included in Fedora 7."
In this section, we recap the packages that have been highlighted as a Fedora Daily Package  .
Contributing Writer: ChrisTyler
Fedora Daily Package Weekly Video Summary
A screencast video summary of this week's daily packages is available  .
Fedora Daily Package Articles in Chinese
Allen Chen has translated a number of Fedora Daily Package articles into Chinese and posted them on his blog at http://a3linux.blogspot.com.
MediaWiki - Collaborative publishing
Productive Mondays highlight a timesaving tool. This Monday we covered Mediawiki :
"A Wiki is a collaboratively-edited web site. Some of the best-known examples are the projects of the Wikimedia Foundation, including Wikipedia and Wiktionary, and Wikis are useful collaboratively editing and publishing many different types of web content. The software that powers the Wikimedia Foundation projects is called MediaWiki and is available within Fedora."
RenRot - Rename and rotate photos
Artsy Tuesdays highlight a graphics, video, or sound application. This Tuesday Renrot was featured:
"Renrot is a simple but very useful command-line tool. It renames photo files based on information in the EXIF tags within the photo file. ... It will also rotate images based on the orientation data in the EXIF tags, if present."
Wednesday Why: Logins and Sessions
The Wednesday Why article took a look at the difference between a login and an X session, and how this affects the execution of the ~/.bash_profile startup script:
"A login occurs when you authenticate to the system in character mode and a shell is started for you. ... A session, on the other hand, is the graphical version of a login. The session is started by the display manager gdm (or, alternatively, kdm or xdm) when the program starts."
GKrellM - System monitoring tool
GUI Thursdays highlight software that enables, provides, enhances, or effectively uses a GUI interface. This Thursday , GKrellM was discussed:
"If you're interested in monitoring your system's performance, but want to see more information than the GNOME System Monitor applet can display, GKrellM is the tool for you. It's the Swiss army knife of graphical monitoring tools, offering more than a dozen built-in monitors (which run in a single process) and supporting both plugins and themes."
TaxiPilot - Drive a Space Taxi
Friday Fun highlights fun, interesting, and amusing programs. This Friday , we took a look at TaxiPilot :
"Taxi Pilot is a strange 2D game where you become the pilot of a space taxi in the year 4017. You must pick up and drop off passengers without landing on the passengers or crashing your vehicle. ... Written for KDE 3, Taxi Pilot is loosely modeled after the Space Taxi game on the Commodore 64."
In this section, we cover Fedora Marketing Project.
Contributing Writer: ThomasChung
Deskftop Faceoff: Fedora vs. Vista
DavidsonPaulo reports in fedora-marketing-list ,
"Fedora 7 adds a veneer to the GNU/Linux desktop that provides much of the ease of use of a Windows operating system, but beneath it, the traditional Unix concerns for security and for users doing things their own way remains. While users can ignore these concerns, especially when just starting out, as they become more experienced they may welcome the added control."
Virgin America moves from Fedora to Red Hat Enterprise Linux
ChristopherAillon reports in fedora-marketing-list ,
"Fedora was a fantastic solution for us as we began our journey with open source," said Ravi Simhambhatla, director of architecture and integration at Virgin America. "As our need for fine-grained control and scalability grew, we decided to migrate to Red Hat Enterprise Linux for its reputation as a resilient, secure and scalable platform as well as for its incredible support. Red Hat has the best kernel engineers in the world and when I'm in a real bind, it's priceless to have the ability to call someone who has the knowledge to get us on track quickly."
Installing Fedora - a video tour
RahulSundaram reports in fedora-marketing-list ,
"Ready to try Linux but want some hand-holding when you do? Here are three videos that walk you through the process of installing Fedora GNU/Linux."
In this section, we cover the problems/solutions, people/personalities, and ups/downs of the endless discussions on Fedora Developments.
Contributing Writer: OisinFeeley
PulseAudio Enabled By Default
A replacement for the aging sound system with PulseAudio was announced as the default in Fedora 8 by LennartPoettering. (See ChrisTyler's description in DailyPackage and earlier coverage in FWN#98 "PulseAudio Improving Fedora Sound"). "Esound" has been booted for all new installs of Fedora 8. Lennart's post was comprehensive including a FAQ, links to presentations and more.
Lennart, as the principle developer, wanted to warn developers and packagers of audio-requiring applications that they needed to exercise caution and go through a handy checklist which he provided in his post. Although PulseAudio provides compatibility layers for e.g. OSS and ALSA it is incomplete and difficult and Lennart asked that people file bugs with him after checking through the list. The one big exception was Adobe Flash which may later have a workaround, but is known for now to be broken.
There was a good deal of concern about the problem of Flash. DennisJacobfeuerborn expressed these concerns best and tried to get some further information from Lennart. Dennis's suggestion was that the Flash problem be fixed before switching to PulseAudio as the default in order to avoid a backlash from users. IanBurrell drew a distinction between replacing the sound-servers "esd" and "aRtsd" with PulseAudio (which will probably cause no problems) and replacing OSS and ALSA (which is the level at which the FLash problem occurs).
MartinSourada wondered whether "swfdec" would work, and pointed out that it was FL/OSS. DavidNielsen responded that "gnash" was in the Fedora repositories and had worked for him with PulseAudio.
MatthiasClasen wondered whether Lennart had looked at "libflashsupport" as it seemed to work well for him. "Kelly" responded that s/he had produced an RPM which worked although it was currently dependent on Flash, which could be changed. After noting that libflashsupport used an acceptable BSD license WarrenTogami wanted to know whether it used sane defaults for sound autodetection and an optional config file to override th(ese with explicit choices. "Kelly" responded with what seemed like a list of sane overrides.
The closed, proprietary nature of Adobe Flash had been mentioned by Lennart as a reason why supporting it was low on his list of priorities. "Nodata" wondered whether he had actually talked to Adobe's developers and WarrenTogami suggested that if PulseAudio's interface was now stable then it might be targettable by Adobe.
 https://www.redhat.com/archives/fedora-devel-list/2007-August/msg01209.html As packager of a large number of games HansdeGoede was concerned that when he tried to follow Lennart's instructions they didn't seem to work. His supposition that it might be a 64-bit issue was quelled by AdamGoode, who noted however that PulseAudio had recently broken in Rawhide for him also.
The VOIP client "Ekiga" was noted to crash with PulseAudio according to MatejCepl.
The issue of KDE's aRtsd was addressed by Kelly who noted that s/he had "Pulseaudio completely set up to use everything, so I know what has to be done to get it working (especially on KDE). Just ask." KevinKofler was also on the ball to assure everyone that the KDE-SIG was on top of the situation with several options and that in future KDE4 would use Phonon which uses xine-lib which is supported perfectly by PulseAudio.
GPL And LGPL Not Acceptable For Fedora
Our attention was grabbed when TomCallaway (spot) posted that "GPL and LGPL are not acceptable for Fedora". Having hooked us, Tom proceded to explain that what he meant was that license-tags in rpms need to be much more specific than merely "GPL" or "LGPL". A list of nine acceptable License tags for L/GPL packages was provided along with definitions.
EricSandeen (packager of "xfsprogs") was confused about an apparent discrepancy between the source-code licence (GPL) and the included COPYING file (which specified that a particular library "libhandle" and some header files were LGPL but all other files were GPL). Tom's message had specified that COPYING should not be trusted and the source should be examined instead.
An interpretation advanced by HansdeGoede pointed to the difference between whether libhandle was distributed as a separate file or else linked into the binaries. The former case, Hans argued, necessitated separate packages with individual licenses in order to make automated license checking work. Hans also interpreted the situation to mean that because the source-code contained specific mentions of the L/GPL they trumped any mentions in the COPYING file.
"Kelly" believed that the point about the COPYING file was supposed to be that if both it and the source mentioned specific versions then the source version trumped all. This initially seemed to be distinct from the situation Hans and Eric were discussing in which COPYING mentioned a version but the source didn't mention a version. Hans seemed a bit miffed and posted a quote from the Fedora Project wiki which backed up his position and stated that if there was no version specified for a L/GLP source then technically it was licensed under _any_ version of the GPL.
An apology from SimoSorce went some way to clear up this point and to disagree with Hans' interpretation. Simo stated that if an author had gone to the trouble of modifying the information in COPYING as opposed to merely cut and pasting it from the GPL then it was clear that their intention was expressed in COPYING and it ought to be used as the determinant of the License-tag. TomCallaway agreed with this.
Simo came up with a pretty good summary of the pairwise combinations of un/modified COPYING with un/specified source licences and the probable actions to take in each case.
A separate thread was started by PatriceDumas to raise the issue of a copyright assignment without any licensing information in the "lesstif" code. Patrice wanted to know which short License-tag he should use. Spot responded that this was a "copyright assignment with no restrictions" which he hadn't added to the table of licenses yet because no package yet was solely and wholly under only thislicense. Subsequent information from Patrice revealed that there were also LPGLv2+, MIT and GPLv2+ parts, and Spot clarified that "no license" was not required to be listed.
Spurred by the apparent green light being given to listing all possible licenses on a single binary rpm HansdeGoede sought clarification from Spot. Spot agreed that Hans was correct in his interpretation and that it was not appropriate to merely list all the compatible licenses that accompanied code that went into a single binary, instead the strictest license should be used. But there was according to Spot one exceptional case (which doesn't occur very often), which is when the licenses are compatible but non-consuming (the L/GPL licenses ARE consuming so this doesn't occur often).
A final point about the licensing applying only to the packaged files was raised in discussion between Hans and Patrice, both of whom thought the wiki should make this clearer.
Mock Problems With Failing libdb-4.5.so Dependency
While trying to build some packages in mock MamoruTasaka stumbled across a weird error where unresolved dependencies on libdb-4.5.so were reported on Koji with a resulting failed build. However the individual packages installed fine without this problem. Mamoru also found the same problem for another build.
A hint as to what was going wrong was supplied by JindrichNovy with the information that db4 had been updated to a newer version (4.6.18) recently and the older version (4.5.20) had been moved to compat-db.
Mamoru knew this and thought that compat-db needed to be added automatically in Koji when dependencies were being resolved. He also pointed out that when compat-db was added manually to the BuildRequires the problem still persisted.
The problem was nailed by VilleSkyttä who noted that the Obsoletes: provided in compat-db were the problem and should be changed from "Obsoletes: db4 < 4.6" to "Obsoletes: db4 < 4.2.52". JindrichNovy agreed and after making this change rebuilt the compat-db package.
This still resulted in failure for Mamoru (who was trying to build the "Oyranos" package produced by NicolasChauvet (kwizart) and "ice").
One of the Fedora Project's most experienced packagers, MichaelSchwendt, then provided further depth to the problem explaining that packages were being obsoleted in the build environment by RPM due to virtual provides and that this was a problem intrinsic to RPM which will hopefully be resolved soon.
Jindrich noted again his rebuild of compat-db without "db4-* provides" and also that he was letting everyone know that "direct library dependencies are now needed for packages using older db4s". This phrase made MichaelSchwendt and PatriceDumas query whether that was needed given rpmbuild's automatic dependency handling. MamoruTasaka was happy to report success using Jindrich's new packages.
Attention! Low-Hanging Fruit Ahead!
MatthiasClasen got the ball rolling over on @fedora-desktop with a discussion of what changes could be easily made in order to produce a "Fedora Desktop" LiveCD spin for Fedora 8.
The most controversial of Matthias' proposals (which he later pointed out were his personal list and not some mandated one) was to remove LVM/RAID from the LiveCD installer. "Dragoran" wondered what was gained by this and ChristopherAillon responded that what was lost were "confused users" and "one less screen in the install". JeremyKatz thought that users were unlikely to be confused about LVM/RAID because they had to click several buttons to get to that point. He also pointed out that another loss would be those that need "dmraid" (fakeraid) support. DavidZeuthen thought users would find their way into confusion if it was offered and explained that RAID or LVM could be used "under the hood" (he also posted a nice ASCII graphic to illustrate his ideal Install screen).
David asked Jeremy how easy it would be to change anaconda so that the underlying mechanism was decoupled from potentially simpler UIs on top of it. Jeremy referred to his earlier suggestion of writing a kickstart generator as easier than adding another interface to anaconda.
A good number of items on the laundry list were already being tackled by JonNettleton, who also cautioned that there was a danger in waiting for perfect solutions instead of neglecting good, practical, immediate solutions. Among the projects Jon has been working on is hacking pam_keyring so that the keyring is unlocked on default, but he suggested, and Matthias confirmed , that with GNOME2.20 the gnome-keyring-pam package would do this.
Reconsidering the launchers presented on the default gnome-panel configuration was appealing to NicuBuculei, who especially thought the OpenOffice.org icons should be removed. DavidZeuthen and ZackCerza agreed and Zack added that having the launcher display the name/icon of the preferred browser automatically would be nice. Further discussion led JonNettleton to suggest a more flexible launcher which could auto-add frequently used applications. JesseKeating thought this sounded like "BigBoard".
GianPaoloMureddu reacted strongly against the idea of removing the root userand thought the Ubuntu experience of "sudo by default" added "/sbin" to the PATH of ordinary users. Gian Paolo wasn't against disabling root login on GDM though. In response ColinWalters wondered what setting the path had to do with enabling the root account and stated that all he cared about was killing the multiple password prompts. Colin posted a link to a thread on FedoraForum in which MatthewMiller detailed how to use sudo and /etc/security/console.apps to achieve this goal.
Dragoran thought that it would be better just to disable root login through GDM and RayStrode agreed enough (including for the non "Desktop Fedora" cases) that he built a new gdm package.
XFS Problems Confirmed On x86 LVM
A follow-up of an earlier discussion (FWN#98 "XFS In Anaconda" ) about support of the XFS filesystem in anaconda was carried out by EricSandeen. Eric confirmed that xfs on 4KSTACKS over LVM was a problem due to stack overflows. However xfs on ordinary partitions seems to work. Eric committed to searching out the biggest problems when he has some spare time.
Earlier NicolasMailhot asked whether it would be possible to enable xfs for the non-problematic case of x86_64.
Mkinitrd EHCI-HCD Erro-71 On Boot
PeteZaitcev wondered why the "ehci" module was loaded last in Rawhide and proposed a patch to mkinitrd to load it before uhci and ohci.
The possibility that this would fix the detection of USB2.0 as USB1.1, especially in notebooks, led LamontPeterson to hope that the change would be accepted. Pete responded, however, that this mis-detection was probably a separate issue (although it might be related) and asked for bugs to be filed. In the same email Pete further explained that the problem he was solving was discovery and initialization on the companion bus when EHCI is initialized in parallel.
Another bug (on bugzilla.kernel.org) was referenced by TomLondon as a related issue, but Pete thought that it wasn't and explained that the "-71" error usually indicates poor signal integrity (due to cabling) and specifically in this case was due to EHCI transferring and switching a port.
PeterJones agreed with PeteZaitcev's patch and committed it to the mkinitrd git repo which led DaveJones to request details of how to access the git repo. PeterJones (confused by all the Joneses and Peters yet?) supplied a URI which depends on ssh-access.
Meet The Desktop Team
An announcement from MatthiasClasen about regular public IRC meetings to co-ordinate interested Fedora community members in making a better "Fedora Desktop" LiveCD (see also "Attention! Low-Hanging Fruit Ahead!" above in this same FWN#101) also mentioned the creation of a Desktop SIG (special interest group).
The time of the inaugural meeting (20:00 - 21:00 CEST) was questioned by MatejCepl as it was awkward for Europeans. DebarshiRay (Rishi) was unimpressed and counterpoised the timing inflicted on developers in China and the Indian sub-continent.
JeroenVanMeeuwen (kanarip) thought that this was an ideal after-work time for Europeans. ChristopherAillon posted that this was the only time that some people could meet and then hastened to assure Matèj that he hadn't meant to sound so harsh.
Matèj didn't seem too disturbed and pointed out that cutting into connubial bliss with after-hours meetings wasn't ideal.
ChristopherBlizzard kept things moving by creating a page for the DesktopSIG on the wiki and added the notes of the first meeting. AdamJackson (ajax) updated the bootchart review request. LinusWalleij was grateful for the meeting notes, but suggested that several of the items be discussed on @fedora-devel. Chris responded with links to greater discussion of some of the items Linus was concerned about and also pointed out that they were all on the F8 feature list already.
Naming Fedora 8 And How Freezing Works
After discussion in the Release Engineering IRC meeting (Aug 13th 2007) JoshBoyer was tasked to collect names for the Fedora 8 release. KevinKofler initiated a thread with his own suggestion (Galois), noting that he was too lazy to subscribe to maintainers. Josh stated that unless suggestions were posted to maintainers or CC'ed to him then they would most likely be missed.
A pleasantly esoteric suggestion from "Alan" was to use "Underline" and from then on there was a descent into jokes about Spinal Tap, including the unpleasant idea of a "Smell the Glove" name for Fedora 13.
DaveAirlie was pushing for "Poitín" (an Irish Moonshine) and AndyShevchenko countered with "Absinthe". The following discussion revealed that Fedora developers are steeped in the lore and minutiae of semi-illegal alcohol.
A suggestion from NormanGaywood to use one of the common objects from John Conway's Game of Life, the "Glider" was approved by several people and DouglasMcClendon added that this might attract ESR back to Fedora...
Doug admitted to AdamJackson that he had been half-trolling, but that in light of the changed situation of codecs in Fedora 8 it might actually be true. JoshBoyer made it clear that Fedora's policy on codecs was still the same and the only new thing was CodecBuddy which pointed interested users elsewhere for informaiton. JesseKeating also thought that attracting ESR back would be a regression.
Similar ideas were tossed around in the Release Engineering IRC meeting, but what was more interesting was the clarification thrashed out between WarrenTogami(warren), WillWoods (wwoods) and JesseKeating(f13) of what a "Feature Freeze" is (new packages are allowed only if they don't require major changes to the well-tested existing packages which precede them). WillWoods seemed to be trying to find a way of producing a cutoff point for significant updates to packages at different "tiers" of strictness.
Also of note in the IRC log is the "Deep Freeze" proposed for October 23rd after which new packages will not be added to Fedora 8 at all. This information should end up documented in the wiki
Warren also posted a notice of the coming August 28th Feature Freeze for Fedora 8 with notes explaining what the purpose of this is (to stabilize components in the default install mainly) and what to do if your favorite feature misses the deadline. DimitrisGlezos added that this was also the date of the StringFreeze.
Package Management Cont.
NicolasMailhot gave some further feedback to RichardHughes about the state of package management on Fedora (see FWN#99 "Package Management: Goats Satisfied With Current Situation" ). Nicolas specifically disagreed with the idea that anyone using a machine should be allowed to install security updates. RichardHughes continued to argue that this was a policy choice which should be under the control of the administrator.
An interesting new general criticism was then raised by Nicolas who thought that the propagation time of fixes from packagers on Koji on through the master server and several layers of mirrors caused much wasted time. He highlighted the problem of a faulty package which can be continued to be installed by users many hours after a problem is identified and fixed. Nicolas proposed that RSS-blacklist support in YUM would avoid the ramifying of such problems.
SethVidal thought that this would introduce a single-point-of-failure and also be a bandwidth problem, but Nicolas responded that the blacklist could be distributed in a decentralized way and would be bandwidth light as evidenced by the use of RSS on many high traffic sites. He added some good food for thought about how users flock to overload the more reliable root servers when there's a problem.
JindrichNovy announced the availability of TeXLive for i386 and x86_64 via a repository hosted at his people.redhat.com account. He was seeking a reviewer and mentioned that the fixes included obsoletion of tetex-tex4ht (which allows the conversion of TeX to HTML and RTF among other things), and contained an updated xpdf-3.02 from upstream and a pdftex no longer statically linked to libstdc++.repository hosted at his people.redhat.com account. He was seeking a reviewer and mentioned that the fixes included obsoletion of tetex-tex4ht (which allows the conversion of TeX to HTML and RTF among other things), and contained an updated xpdf-3.02 from upstream and a pdftex no longer statically linked to libstdc++.
After a small hitch it was reported by EdHill that the x86_64 packages worked apart from a couple of small problems with xdvi map files and dvips. Ed was happy to file bugs, but Jindrich replied that as the package was still waiting on review there was no bugzilla entry for TeXLive yet.
JesseKeating tried to help out with the account quota restriction faced by Jindrich, but even when restricted to the i386 and x86_64 architectures TeXLive is large.
In this section, we cover Fedora Maintainers, the group of people who maintain the software packages in Fedora.
Contributing Writer: MichaelLarabel
Naming Fedora 8
Fedora 8 isn't coming out until November, but entries are now being accepted if you would like to come up with the "code name" for Fedora 8 . After all submissions have been received the names will be run through the legal department followed by an election process. Good luck to everyone picking the successor to Moonshine!
The Status of Eclipse 3.3 In Fedora 8
If you've been wondering the status of Eclipse 3.3 for Fedora 8, AndrewOverholt has updated the fedora-maintainers-list with the current status . The Eclipse 3.3 SDK is mostly done and the message goes into detail with the other areas of this integrated development environment.
This section, we cover the news surrounding the Fedora Translation (L10n) Project.
Contributing Writer: JasonMatthewTaylor
String and Trans Freeze Pages
DimitrisGlezos put out a couple pages to help clarify what freezes are and outlined the string freeze policy. As always comments/suggestions are appreciated.
Module Movement Suggestions
RunaBhattacharjee had a couple of suggestions regarding how to communicate between maintainers and translators when modules get moved around in the repository. The suggestions seem sound and would help keep everyone on the same page.
In this section, we cover the Fedora Infrastructure Project.
Contributing Writer: JasonMatthewTaylor
The Infrastructure group has been closely monitoring some of the systems and are looking to fine tune the monitoring parameters. MikeMcGrath posted this message outlining some options and as always looking for any more suggestions.
In this section, we highlight the security stories from the week in Fedora.
Contributing Writer: JoshBressers
Real world security
It's always easy to talk about how great new security innovations are which are currently included in things like the kernel, glibc, and gcc. The real test of these technologies isn't how many articles are written about how neat they are, it's real world examples. I found two of these examples this week.
- SELinux blocks a Mambo exploit
In this example, we see that SELinux prevented a worm from spreading. This was the result of SELinux sandboxing the httpd process. There are a great many people who suggest the best way to run SELinux is to disable it. I suspect this article proves that SELinux works, and should be used.
- Stack Protector blocked an rsync off by one error
CVE-2007-4091 describes an off by one error in which a stack buffer ends up writing a single NULL byte ('\0') past the end of the character array. The location of this buffer could possibly result in an attacker taking over program execution. Stack Protector contains logic which places a "canary" on the stack which is then checked to ensure that nothing fishy is going on. The canary completely nullifies the potential to exploit this flaw.
Advisories and Updates
In this section, we cover Security Advisories and Package Updates from fedora-package-announce.
Contributing Writer: ThomasChung
Fedora 7 Security Advisories
- qtpfsgui-1.8.12-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00179.html
- kdegraphics-3.5.7-2.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00208.html
- koffice-1.6.3-9.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00213.html
- Terminal-0.2.6-3.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00226.html
- tor-0.1.2.16-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00286.html
Fedora Core 6 Security Advisories
Events and Meetings
In this section, we cover event reports and meeting summaries from various projects.
Contributing Writer: ThomasChung
Fedora Board Meeting Minutes 2007-MM-DD
- No Report
Fedora Ambassadors Meeting 2007-08-16
Fedora Documentation Steering Committee 2007-08-14
Fedora Engineering Steering Committee Meeting 2007-MM-DD
- No Report
Fedora Extra Packages for Enterprise Linux Meeting 2007-08-15
Fedora Infrastructure Meeting (Log) 2007-MM-DD
- No Report
Fedora Localization Project Meeting 2007-08-14
Fedora Packaging Committee Meeting 2007-MM-DD
- No Report
Fedora Release Engineering Meeting 2007-08-13
In this section, we cover any noticeable extras news from various Linux Projects.
Contributing Writer: ThomasChung
Fedora 7 Book for FWN 100th Issue
Unfortunately, there was no winner for Fedora 7 Book since there was no valid entries received last week.
FWN will reserve the copy for future special event for Fedora Project.