From Fedora Project Wiki


Fedora Weekly News Issue 113

Welcome to Fedora Weekly News Issue 113 for the week of December 10th.

In Announcement, we have "Samba Security Updates For FC6", "GPG Keysigning at FUDCon"

In Planet Fedora, we have "Talks with Mark: RHM Video", "F8 on the PS3", "Back from India:", "A good flip-flop: FUDCon Raleigh 2008", "Re-spinning Fedora" and "Succession Planning"

FWN will take two weeks off for Christmas and New Years Holidays. The next issue will resume on January 7th 2008.

On behalf of Fedora News Team, Happy Holidays!

To join or give us your feedback, please visit


In this section, we cover announcements from Fedora Project.

Contributing Writer: ThomasChung

Samba Security Updates for FC6

SimoSorce announces in fedora-announce-list[1]

"Fedora 7 and 8 packages are being released but as you may know FC6 has reached EOL just recently.

As I think this is an important security problem I decided to release new packages for FC6[2] so that people that have not yet finished their migration to newer supported Fedora releases can buy some more time.

This is a one off service I felt compelled to release to help people, I am not going to do regular releases for FC6."



GPG Keysigning at FUDCon

MattDomsch announces in fedora-devel-list[1] ,

"I'm volunteering to run a GPG keysigning party at the FUDCon[2] in Raleigh in January. Keysignings are good ways to get to meet people face-to-face (with a government-issued photo ID to boot!), and serves to extend the GPG Web of Trust."



Planet Fedora

In this section, we cover a highlight of Planet Fedora - an aggregation of blogs from world wide Fedora contributors.

Contributing Writers: ThomasChung

Talks with Mark: RHM Video

MarkCox points out in his blog[1] ,

"Late last month I spent a day with the Red Hat Magazine team talking about vulnerability response. The first video is now available and talks about the role of Red Hat in dealing with vulnerabilities in third party software. The video was shot in my home office which explains the calming green paint; it's hard to get too stressed in a pale green room."


F8 on the PS3

JoshBoyer points out in his blog[1] ,

"There was a last minute regression on the PS3 for the F8 installer that causes a traceback in anaconda when looking for the video driver. This is worked around by specifying "xdriver=fbdev" on the command line. After that, it booted the F8 DVD just fine, and is currently installing in text mode on my standard definition TV."


Back from India:

LennartPoettering points out in his blog[1] ,

" was one the best conferences I have ever been to, and a lot of fun. The organization was flawless and I can only heartily recommend everyone to send in a presentation proposal for next year's iteration. I certainly hope the commitee is going to accept my proposals next year again. Especially the food was gorgeous."


A good flip-flop: FUDCon Raleigh 2008

PaulFrields points out in his blog[1] ,

"MaxSpevack posted to fedora-devel-announce that we might swap days on the FUDCon schedule, splitting the hackfest days — Friday and Sunday — with the BarCamp day on Saturday. This potentially could turn out to be a great routine arrangement for FUDCon. since now the Saturday sessions can benefit from being informed by a prior day of hacking. FUDCon sessions now can be just as much about showing off work completed the day before, like a progress report for a code sprint, or the results of brainstorming and prototyping sessions."


Re-spinning Fedora

JeroenVanMeeuwen points out in his blog[1] ,

"Here's a brief overview of what it takes to seriously Re-Spin Fedora. Fedora Unity has done so for a long time now, and not just for home use, but to distribute amongst a larger audience. The reasons we started and continue to do so are obvious, amongst others:"

"The number of updates available to any freshly installed system (from officially released media) increases over time and rises up to 2 GiB. We believe there is no reason why anyone shouldn't be able to have these updates on the installation media already, thus decreasing the amount of updates available immediately after installation. This is a matter of convenience, as well as bandwidth and data traffic; bandwidth and/or data traffic in some locations in the world isn't as cheap as you might think, and some of us do not even have internet -those usually get a Re-Spin via the FreeMedia program or get it from a friend."


Succession Planning

MaxSpevack points out in his blog[1] ,

"After two years and four releases of Fedora, I would like to be able to do some other things related to Fedora and/or Red Hat while allowing someone else to assume the "Fedora Project Leader" responsibilities."



In this section, we cover Fedora Marketing Project.

Contributing Writer: ThomasChung The search for a new Fedora leader

RahulSundaram reports in fedora-marketing-list[1] ,

"MaxSpevack, who has led the Fedora project through a period of great change and improvement, has announced that the time has come to move on to other (Fedora-related) challenges. So the project is looking for a new leader. "The Fedora Project Leader is a full-time Red Hat position, and so we need to go through a full interview process, etc. None of this is being done ad-hoc or randomly. The Fedora Board is part of the process, as is Red Hat's CTO and other managers within the engineering organization and human resources."

[1] Fedora Core 6 No More

ThomasChung reports in fedora-marketing-list1[1] ,

"As of this last Friday, December 7th Fedora Core 6 is no more. With it goes the last release the Fedora Project had seen the split between "Community" (Extras) and Red Hat sponsored (Core). Those not intimately involved in Fedora might be interested to learn that when the merge happened it was the core packages that ended up having to follow the former "Extras" packaging guidelines and not the other way around. Yet another testament to the power of community."



In this section, we cover the problems/solutions, people/personalities, and ups/downs of the endless discussions on Fedora Developments.

Contributing Writer: OisinFeeley

How Should PulseAudio Work?

PekkaSavola sought[1] details about how PulseAudio worked after sound stopped working on his Fedora 8 system following a re-installation. PulseAudio had worked prior to this reinstallation and Pekka wondered whether it was a daemon which needed to restarted. KellyMiller confirmed[2] that it was a daemon which is started in the background by the desktop.



A detailed explanation[3] by WillWoods outlined how access to the sound devices is managed by the desktop environment using HAL, ConsoleKit and PulseAudio. Will suggested that an upgraded system might need to use sudo yum groupupdate sound-and-video gnome-desktop kde-desktop with either of "gnome-desktop" or "kde-desktop" being omittable if desired.


Some concern was expressed[4] about the latency that results from redirecting ALSA-using applications through PulseAudio, which in turn then communicates with alsad, which in turn communicates with the hardware. DenisLeroy had noticed the lag in some games. CallumLerwick recalled that this was because these applications were built using SDL and OpenAL (common libraries in game programming) and they were unable to work with PulseAudio directly, so SDL had been hacked to use ESD which in turn talked to PulseAudio. WillWoods confirmed[5] this and noted that last April a preliminary driver had been written to allow SDL to communicate with PulseAudio without any ESD intermediary. Fedora 9 was mentioned as a possible deadline for this native support of PulseAudio by SDL.



CallumLerwick rebuilt[6] a version of SDL with the PulseAudio patch and reported[7] that Second Life and OpenArean worked well, but that Quake3 displayed some stuttering due to its sampling rate. LeszekMatok suggested[8] a possible fix for the latter by choosing 44.1KHz sampling rate. There also appeared to be an OpenAL dependency on SDL-devel which needed to be fixed.




NicolasMailhot had to report[9] serious problems playing video streams. These seemed directly attributable to PulseAudio. See FWN#101 "PulseAudio Enabled By Default"[10] and FWN#110 "PulseAudio CPU Usage"[11] for previous coverage of PulseAudio.




PekkaSavola responded[12] to WillWoods that it appeared that the problem was that he was using XFCE which was not starting either PulseAudio, or the ESD compatibility wrapper. Will encouraged[13] Pekka to use one of the startup scripts and deprecated the idea of packaging up scripts to do this instead of fixing ALSA's configuration files to only use PulseAudio as the default when PulseAudio has been confirmed to be actually running.



Two RFCs For Smolt

A request from YaakovNemoy presented[1] for community consideration a Privacy Policy in Smolt (the opt-in hardware profiler) and the integration of kerneloops with Smolt.


After it was clarified that smolt was the client program and smoon was the server which gathered the data StephenSmoogen suggested[2] that an improved plugin system would help to allow users choose the amount of data which they wished to share. A basic minimum would be collected and could be augmented with plugins to collect additional information. Discussion moved[3] on to whether a simple set of booleans configurable on both the smoon server and the smolt client was preferable to this plugin architecture.



CallumLerwick expressed[4] a wish for more detailed CPU information and ChristopherBrown wished[5] that anaconda would not prompt multiple times to query whether people really wanted to enable Smolt. In response to the latter point Yaakov commented that he had not received many complaints and would like to wait before disabling the confirmation screen.




EricSandeen requested filesystem information and Yaakov agreed[7] that this was a desirable piece of information.


KDE4: Removable Media Mounting Refused Under GDM

A problem with mounting a USB drive while using the new KDE4 was posted[1] by LexHider. Lex had reported the problem to @kde-core-devel and been informed that the problem lay on Fedora's end.


KevinKofler described[2] some possible interactions between PolicyKit, ConsoleKit and HAL to help interpret the slightly sparse error messages. It was unclear as to whether the two error messages reported by Lex were the same, but Kevin suggested that ck-list-sessions would help to debug the problem. It turned out[3] that Lex was actually using GDM instead of KDM (see also FWN#108 "KDE Flamewar Warms Up Night Of Final Freeze"[4] ) and that using KDM obviated the problem.




A note from RexDieter drew attention[5] to the work the KDE SIG have been doing upstream to integrate KDM with ConsoleKit.


Color Management With Argyll

A happy collaboration between NicolasMailhot and FrédéricCrozat (of Mandriva) was reported[1] by Nicolas. Apparently the Argyll monitor color calibration system is coded idiosyncratically and Nicolas had done a lot of work re-working it to use standard build tools. Unfortunately he ran out of steam. Fortunately he published his work on his "fedorapeople" blog and Frédéric picked up where Nicolas had left off. Nicolas had been inspired to build on Frédéric's work and add some more features. He requested friendly reviews especially with regard to PAM, Hal and udev functionality.


DanielBerrange mentioned[2] that he too had found it hard to package Argyll and promised to look over the packages. NicolasChauvet (kwizart) was also interested[3] as he had previously submitted the xcalib and oyranos packages. Nicolas noted that both of these depended on argyll for ICC[5] profile creation and hoped that reviewer attention would fall on NicolasChauvet's packages once argyll was sorted out.




[5] International Color Consortium. See

Multilib Fun With Group* Commands

The recurring problem of i386 packages being installed on x86_64 systems got an airing when ChristopherWickert wondered[1] why an attempt to yum groupinstall XFCE pulled in i386 versions of Thunar (an XFCE file manager) and xprintf and consequently a sizable number of other i386 packages in order to satisfy dependencies.


DavidWoodhouse replied[2] that this was because of bug 235756[3] which was planned to be fixed in Fedora 9, see FWN#103 "YUM To Get Configurable Multilib Behavior In Fedora 9 ?"[4] .




DominikMierzejewski (rathann) asked[5] if yum install yum-basearchonly solved the problem, but Christopher demonstrated[6] that he had no XFCE i386 packages installed and yet the former command attempted to install i386 packages. He summed up the situation as "the whole group process seems really broken." SethVidal asked[7] for a full list of all installed i386 packages and commented that "groupcommands increase the weirdness since they offer no arch specification at all"




Policies For Creating SIGs

In the pursuit of creating an Erlang SIG PeterLemenkov asked[1] what needed to be done to form a SIG. HansdeGoede replied[2] that it was not necessary to pass any formal procedure other than a simple declaration that the SIG existed. He cautioned that enforcing packaging guidelines was a completely different matter however.




In FWN#112 "Heads Up: OpenSSL, OpenLDAP Changed In Rawhide"[1] , we indavertently attributed to JesseKeating a suggestion from AlexLancaster that OpenSSL and OpenLDAP packages should be built in a systematic way, starting with Core packages. This has been corrected in the archived version.


Advisory Board

In this section, we cover discussion in Fedora Advisory Board.

Contributing Writer: MichaelLarabel

Fedora Project Leader Succession Planning

This past week on the fedora-advisory-board, MaxSpevack, the Fedora Project Leader since early 2006, announced that they've begun planning for someone else to take the reigns of Fedora. Max is very much still interested in doing work for Red Hat and Fedora, but is looking for someone else to take the role as the Fedora Project Leader. If you're interested in finding out more about the succession planning, check out his e-mail announcement[1] .



In this section, we cover the Fedora Documentation Project.

Contributing Writer: JohnBabich

FDSCo Election In Progress

The election for the Fedora Documentation Steering Committee (FDSCo) is now under way.

The election runs from 14 December until 23:59 UTC on 24 December 2007.

The self-selected nominees for the election are listed at

The rules governing the election are at

Here is a short summary of the voting rules:

  • Voting is open to all contributors in the Documentation Project who have joined the 'cvsdocs' group in the Fedora Account System.
  • Contributors have up to three votes they can cast for the slate of nominees, with one vote per nominee.
  • The four top vote receivers serve on FDSCo for 12 months, the next three vote receivers serve for 6 months.
  • Following this initial election, regular elections are every six months. Half of the seats are up for voting each election, first three seats, then four seats, and so on.
  • We are using the Fedora standard voting software.

If you have not done this, there is still time to get your account so you can vote:

1. Go to the account edit page at 1. Under Add new membership at the bottom of the page, put yourself in the cvsdocs group

The actual voting takes place at

Security Week

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

Squirrelmail Compromise

It seems that some of the squirrelmail 1.4.11 and 1.4.12 releases have been compromised. The problem only exists in their releases, not in CVS, which is good. This is still a rather scary scenario though.

We looked through the version being shipped in Fedora and didn't find the backdoor, but we will still upgrade to version 1.4.13 for peace of mind and to reduce confusion.

Linux Virus Scanner

And what better to end 2007 with than a story about virus scanners on Linux:

The Top 5 Most Overlooked Open Source Vulnerabilities for 2007

This story is most interesting, but a little confusing if you don't understand what Palamida does.

Palamida specializes in inspecting source repositories and finding embedded source. A good example of this is projects that like to include source copies of zlib, rather than linking against a system version. It's no secret that there are significant benefits to using system libraries rather than including your own. Any project that includes a copy of an upstream library, needs to track the security flaws that affect that source. Most do not do this, which ends up leaving their users vulnerable.

Advisories and Updates

In this section, we cover Security Advisories and Package Updates from fedora-package-announce.

Contributing Writer: ThomasChung

Fedora 8 Security Advisories

Fedora 7 Security Advisories

Events and Meetings

In this section, we cover event reports and meeting summaries from various Projects and SIGs.

Contributing Writer: ThomasChung

Fedora Board Meeting Minutes 2007-12-04

Fedora Ambassadors EMEA Meeting 2007-12-12

Fedora Documentation Steering Committee 2007-MM-DD

  • No Report

Fedora Engineering Steering Committee Meeting 2007-MM-DD

  • No Report

Fedora Infrastructure Meeting 2007-12-13

Fedora Localization Meeting 2007-MM-DD

  • No Report

Fedora Marketing Meeting 2007-MM-DD

  • No Report

Fedora Packaging Committee Meeting 2007-MM-DD

  • No Report

Fedora Quality Assurance Meeting 2007-MM-DD

  • No Report

Fedora Release Engineering Meeting 2007-12-10

Fedora SIG EPEL Meeting Week 2007 Week 50

Fedora SIG KDE Meeting Week 2007-12-11

Fedora SIG Store Meeting 2007-MM-DD

  • No Report