From Fedora Project Wiki

< FWN‎ | Beats

Revision as of 20:05, 15 March 2009 by Ush (talk | contribs) (dev beat 167 pass2. Fixed s/https/http/ and some fasnames)

Developments

In this section the people, personalities and debates on the @fedora-devel mailing list are summarized.

Contributing Writer: Oisin Feeley

GSoC InstantMirror

Warren Togami asked[1] for any interested parties to get involved with a GSoC[2] project to improve repository replication to mirrors.

Enhance Anaconda to Enable Repositories As Needed ?

Jud Craft reported[1] that installing from the Fedora 10 DVD with the fedora-updates repository enabled resulted in a broken NetworkManager due to a missing dependency on libudev.so.0. Jud pointed out[2] that although he could install the missing library from the DVD the situation would present a serious problem to anyone that tried "[...] a network install with updates [...] the result (a system without network access) can't be fixed without A) network access, or B) another Fedora image (also possibly requiring more network access)."

In answer to questions from Jef Spaleta Jud revealed[3] that: "[libudev.so.0] doesn't seem to actually be installed by the stock F10 image. If I do a plain install (no updates), NetworkManager works fine. Running a yum update' then pulls down all the updates, as well as Install libudev0'. So at some point I suppose NetworkManager picked up a dependency on libudev0, but for some reason updating during the installation process doesn't pull this new package in." Kevin Kofler[4] and Jesse Keating[5] both pointed out that: "[T]he updates repo isn't the Everything repo. To really do a proper install with updates you have to enable both the Updates repo and the Everything repo." Kevin added that this was why the install from DVD with updates enabled was not an officially supported method.

Several people, including Thorsten Leemhuis, suggested[6] that modifying the anaconda installer to be aware of which repositories depend on each other would be useful. Jesse Keating was[7] not averse to the idea as long as it could be done in a "[...] distro agnostic way. Avoiding hardcoded hacks specifically for Fedora is one of the goals of anaconda upstream."

Password Resets and Inactive Accounts

When Mike McGrath was perturbed[1] that so many FAS account holders had failed to reset their passwords recently a discussion of the entanglement of active account status and passwords followed.

Many respondents posted that they had received the email notifications but had not needed to, or had not had time to, perform their password reset.

Lane worried that forcing periodic password resets caused people to weaken security by writing down their passwords but Bruno Wolf III argued[2] that a potentially bigger threat might be "[...] someone forging messages from Mike with deceptive URLs that trick people into changing their passwords using a hostile proxy. Doing things in the current manner is training people to get fooled." He added that cryptographically signing the reset messages was important.

Till Maas requested[3] consistent titling of the password reset notification emails, suggested extending the grace period beyond two weeks and asked that the notification contains the information that the contents of the user's fedorapeople.org home would be moved.

Mike McGrath and others explored[4] possible grace periods and numbers of warning emails.

Patrice Dumas asked why there was a password reset at all and was answered[5] by Jesse Keating that it was "[...] the best way Infra has today to discover all the active and inactive accounts." In response Toshio Kuratomi pointed[6] to an open ticket which nominally deals with how long accounts should be left open if passwords have expired but had become[7] an investigation of how account inactivity can be determined.

After Mike McGrath explained that "[...] we've got thousands of contributors, relatively few of them actually commit to cvs. So we could go around to figure out how to make all of our various auth points report back but that's a lot of work. The account system is the only common point of entry for every contributor [...]" Christopher Aillon suggested[8]: "So let's require to them to simply _log in_ to FAS to reset the timer (you need to do that to change passwords, anyway!)."

Mono Conflagration Jumps to Blog

Following the FESCo decision not to replace rhythmbox with banshee as the default media-player in Fedora 11[1] some follow-up clarifications were made by parties to the discussion and the conflagration jumped between @fedora-devel and the personal blog of David Nielsen, the Banshee ex-maintainer and perhaps the main force behind the Mono SIG[2].

Bill Nottingham put forward[3] a concise time-line which attempted to show that the proposal had been handled in a straightforward and usual manner. Bill noted that the Desktop SIG had expressed[4] a lack of enthusiasm early in the process and that the imminent beta-freeze meant that the decision had to be taken without further prolonged discussion.

AdamWilliamson suggested[5] that because Mono's Microsoft links worried many F/OSS developers it would have been a good idea to address such concerns: "[...] explicitly rather than just pretend they don't exist in your initial proposal (the word 'Mono' does not actually occur a single time in the initial version of the Wiki page you posted)."

A question put by Jóhann B. Guðmundsson wondered[6] whether there was anything preventing the Mono SIG from creating their own Fedora spin in which banshee was given pride of place as the default media-player. Rex Dieter confirmed that there were no obstacles on this path.

A proposal to adopt a Code of Conduct modeled upon Ubuntu's was[7] made by Richard W.M. Jones. He also expressed regret that David was leaving Fedora and apparently moving to Ubuntu as referenced[8] by a blog entry. Reading the blog suggest that Foresight Linux seems more to David's taste although one comment does point out[9] that Ubuntu "[...] head community people have been calling for volunteers to increase the work surrounding Mono and have a huge love for banshee[10] and Canonical isn’t anti-mono since some of their new job postings desire Mono as a skill[11]."

Seth Vidal was[12] among those who wondered specifically how such a code could be enforced and also where specifically the Fedora Project could be alleged to have engaged in misconduct on this issue. Reading David's blog seems to suggest both that any rudeness was privately exchanged and that his perception is[13] that "[...] Mono isn't welcome in Fedora, and will always be a second class citizen[.]"

Documentation Betas

John J. McDonough posted[1] that owners of major features should review the Beta release notes. Scott Radvan posted[2] that the Security Guide[3] would benefit from the scrutiny of any interested @fedora-devel readers.

Provenpackager Re-Seed

Jon Stanley asked[1] that everyone read the process by which the "provenpackager" group will be repopulated.

A request by Ralf Corsepius for some definitions led Patrice Dumas to post[2] that: "provenpackagers are people who can change all the packages with opened ACLs. Sponsors are the people who can accept new contributors in fedora." Further discussion led[3] Michael Schwendt to voice a concern that non-responsive maintainers might be shielded from feedback if provenpackagers step in to update and upgrade packages. Kevin Kofler offered[4] the non-responsive maintainer process as a way to rectify any problems with Bugzilla tickets being ignored.

Michael Schwendt questioned[5] Patrice Dumas in greater detail as to why provenpackagers and sponsors are not equal sets.

Further details on how to apply to FESCo to become a provenpackager were elicited[6] from JoshBoyer by Stepan Kaspal.

In a separate thread MichelSalim asked[7] about the preferred way to become a sponsor.

Closing Bugs NEXTRELEASE

Christoph Wickert requested[1] that all maintainers (and especially Red Hat developers) would "[p]lease fix your bugs [1] in the release they were filed against instead of just closing them NEXTRELASE!"

When Rahul Sundaram responded that it depended on the seriousness of the bug and complexity of back-porting Daniel P. Berrange[2] and Rakesh Pandit[3] acknowledged that such complex cases might exist but that suggested that this was often a cop-out which could discourage users.

Jeremy Katz responded[4] "[...] as the person who has apparently pissed you off this morning [...]" and described the case in point as much more complex than Christoph had claimed. It seemed that Christoph's ability to create LiveCD images of Fedora 11 using Fedora 10 as the development platform had been stymied by changes to syslinux. Jeremy added that even if this single change were reverted Christoph would need a newer kernel and squashfs-tools and more.

Later Jeremy clarified[5] that the combination of livecd-creator + mock were complicated by SELinux but that this had been addressed by recent work.

One complication is that Bodhi uses NEXTRELEASE even for updates to stable releases. After some confusion on this point LukeMacken posted[6] that anyone wanting to change the behavior should file a ticket.