From Fedora Project Wiki

< FWN

m (One reference wasn't separated from the running text)
(update lasest issue for Pascal/Max to push out to lists, some minor last edits)
Line 1: Line 1:
= Fedora Weekly News Issue 134 =
= Fedora Weekly News Issue 135 =


Welcome to Fedora Weekly News Issue 134 for the week ending July 12, 2008.
Welcome to Fedora Weekly News Issue 135 for the week ending July 19, 2008.


http://fedoraproject.org/wiki/FWN/Issue134
http://fedoraproject.org/wiki/FWN/Issue135


Fedora Weekly News keep you updated with the latest issues, events and activities in the fedora community.
Fedora Weekly News keep you updated with the latest issues, events and activities in the fedora community.
Line 13: Line 13:
http://fedoraproject.org/wiki/NewsProject/Join
http://fedoraproject.org/wiki/NewsProject/Join


{{Anchor|Announcements}}
== Announcements ==
== Announcements ==


Line 23: Line 24:
Contributing Writer: [[:User:Mspevack|Max Spevack]]
Contributing Writer: [[:User:Mspevack|Max Spevack]]


=== New RPM version in Rawhide ===
=== FESCo Elections open on July 15th ===


[[PanuMatilainen|Panu Matilainen]] had a '''very important announcement'''[1]:
[[BrianPepple|Brian Pepple]] announced[1]:


"At long last, we are about to get a brand new RPM version (alpha snapshot at the moment) into rawhide. The list of changes from 4.4.2.x is massive and a full summary needs a separate posting (will follow as time permits), this is just a heads-up of immediate consequences for Fedora packagers and rawhide consumers.
"Elections for the Fedora Engineering Steering Committee (FESCo) open at 0001 UTC on 15 July 2008 -- or about 1 hour from the time of this message. The voting system is available at: https://admin.fedoraproject.org/voting


"BACKUP YOUR RPMDB, NOW! We're not aware of any baby-eating bugs in rpm but I'd be shocked if there were no new bugs at all... Better safe than sorry - do something like this before updating to the new rpm:
The voting system uses the range voting method: http://en.wikipedia.org/wiki/Range_voting


  # cp -avp /var/lib/rpm /var/lib/rpm-`date +%d%m%y`
Any Fedora Account System (FAS) account holder who has completed the CLA, and has an addition account (like ambassadors, art, cvs*, fedorabugs, l10n-commits, web, etc.) in the FAS is eligible to vote.  Voting is open until Monday, July 21st, 2008 23:59 UTC. Election
"
results will be announced shortly afterward."


[1] https://www.redhat.com/archives/fedora-devel-announce/2008-July/msg00002.html
[1] https://www.redhat.com/archives/fedora-announce-list/2008-July/msg00005.html


=== Bugzilla upgrade coming July 26th ===
=== FUDCon Brno 2008 ===


[[JohnPoelstra|John Poelstra]] announced[1] on behalf of Dave Lawrence:
[[MaxSpevack|Max Spevack]] announced the details of [[FUDCon/FUDConBrno2008|FUDCon Brno 2008]][1]:


"The Red Hat Bugzilla team is happy to announce that the release of the
"The next FUDCon will take place in Brno, Czech Republic, from September 5 - 7, 2008.
next version of Red Hat Bugzilla will occur on July 26th, 2008. The next
version will be based on the upcoming upstream 3.2 code base soon to be
released."


[1] https://www.redhat.com/archives/fedora-announce-list/2008-July/msg00000.html
The main conference day and social event will be on Saturday (to attract the most people), with hackfest days on Friday and Sunday. FUDCon is always free to attend, no matter where in the world it is located. "


=== Rawhide Orphanarium Purge: June 18th ===
[1] https://www.redhat.com/archives/fedora-announce-list/2008-July/msg00006.html


[[WarrenTogami|Warren Togami]] announced on fedora-devel-announce[1]:
=== Release Engineering Email Trac Queue Disabled ===


"Please review the following packages. This is roughly the list of current orphans in rawhide. If they are not claimed by June 18th then they may be removed from rawhide by the F10 Alpha freeze."
[[JesseKeating|Jesse Keating] announced[1]:


[1] https://www.redhat.com/archives/fedora-devel-announce/2008-July/msg00001.html
"Until further notice the email to trac gateway for rel-eng has been disabled. We've been unable to cope with the spam attacks and the subsequent mail loops that have been created, and thus we have disabled the gateway.


For the time being if you need release engineering to do something for you, please use the web UI to file a ticket."


[1] https://www.redhat.com/archives/fedora-devel-announce/2008-July/msg00004.html
{{Anchor|PlanetFedora}}
== Planet Fedora ==
== Planet Fedora ==


Line 64: Line 66:
Contributing Writer: [[:User:Mspevack|Max Spevack]]
Contributing Writer: [[:User:Mspevack|Max Spevack]]


=== Robocup 2008 ===
=== Fedora at RoboCup ===
 
[[TimNiemueller|Tim Niemuller]] posted on his blog[1] that he is en-route to China for RoboCup 2008[2]:
 
"I will place some Fedora stickers on the robots and I hope to foster some questions and spawn some interest for the Fedora Robotics SIG. We have put this SIG on our team description poster as a community contribution! Next year we will have that funky robotics LiveCD!"
 
[1] http://www.niemueller.de/blog/show.php?id=225
 
[2] http://www.robocup-cn.org/
 
=== Fedora TV ===
 
[[JonathanRoberts|Jonathan Roberts]] discussed[1] the Fedora TV idea, as implemented using Miro.
 
"What is [Fedora TV]?
 
A way for our community to easily share video and audio related to Fedora with each other - the mechanism we’ve chosen to do this is an RSS feed that also exists as a channel in Miro.
 
How do I watch?
 
You can install Miro and subscribe to the Fedora TV channel. You can also add the RSS feed to any feed reader or suitable podcatching client."
 
Also, [[JefSpaleta|Jef Spaleta]] talked about[2] the current status of Fedora TV on his blog.
 
"Fedora TV is up and running a work flow. We have a submission que. We have a delivery channel. So now we need is to start looking at what sort of things make sense as content. We have people looking at doing screencasts, and doing interviews... content of an educational or newsworthy nature. But what we don't have to round out our experimental programming is someone looking into generating artistic or entertainment content."
 
[1] http://jonrob.wordpress.com/2008/07/08/fedora-tv/
 
[2] http://jspaleta.livejournal.com/24610.html
 
=== OLPC call to action ===
 
[[GregDeKoenigsberg|Greg DeKoenigsberg]] exhorted[1] the Fedora packaging community to pick up some of the items on OLPC's wish list, and gives a general update of the state of OLPC's relationship with Fedora.
 
"Did you know that the OLPC project is the largest single "customer" of Fedora in the entire world?
 
The rumours of OLPC's death have been greatly exaggerated. Despite some unfortunate statements by the project's erstwhile CEO, the OLPC project is still *extremely* focused on succeeding in its noble goal -- the education of the world's children -- with the use of free software as the central component of their software strategy. And they are, in fact, succeeding, even though the open source community has largely turned its collective back on that success. Which is, I think, a shame."
 
[1] http://gregdek.livejournal.com/31067.html
 
=== TurboGears 2 slides & code from FUDCon Boston 2008 ===
 
TurboGears ninja [[LukeMacken|Luke Macken]] has posted[1] his slides and code from FUDCon Boston.
 
"So, for this presentation I wanted to start a new application from scratch to use as an example. Turns out, I ended up implementing something similar to brainstorm.ubuntu.com -- but better. Not only does it allow you to share, rank, and collaborate on ideas, but you can also ask, answer, and rate questions as well. The thing that makes this application really stand out is that once you land on the page, the widgets update themselves in *real-time*. To accomplish this, I created a bunch of ToscaWidgets, which are re-usable bundles of xhtml+css+javascript that I can easily use all over my application. When the widgets are rendered in the clients browser, they open a persistent comet connection back to our Orbited server. From here, our TurboGears application sends events to Orbited as they happen, which then get sent asynchronously back to our clients where jQuery handles rendering the results. "
 
[1] http://lewk.org/blog/TG2-FUDCon2008.html
 
=== Featureful ===
 
[[PaulWFrields|Paul Frields]] highlighted some of the early Fedora 10 feature work[1]:
 
"I was just looking at the proposed Fedora 10 features category on the wiki. There are over a dozen cool features being set up for this next release."
 
[1] http://marilyn.frields.org:8080/~paul/wordpress/?p=1053


=== Graphical Boot and Live Images ===
[[TimNiemueller|Tim Niemueller]] reported from China[1]:


[[JeremyKatz|Jeremy Katz]] wrote in his blog[1]:
"As you can see on the photo we have put Fedora stickers at prominent places on our robots (there is one at the back side as well). It fostered some interest. I was talking to a member of the executive committee for the RoboCup@Home league. He liked the idea of a LiveCD with robotics software on it. A few other guys were asking "what is that T-Shirt about?"... Quite cool, hope to spawn more interest in Fedora in the RoboCup community."


"One of the goals for Fedora 10 is to replace the aging rhgb that has been used for graphical boot since Red Hat Linux 8.0. rhgb is implemented using an X server which started in rc.sysinit relatively early during the boot process and then some feedback is provided to the user. With some of the improvements underway for Fedora 10 we should hopefully have kernel modesetting in place at least for some drivers which will let us set a native resolution graphical mode as opposed to requiring either text-mode, an X driver + server or the use of a framebuffer."
[1] http://www.niemueller.de/blog/show.php?id=226


Jeremy has also posted a screencast[2] showing this new functionality in action.
=== FUDCon Brno ===


[1] http://katzj.livejournal.com/432195.html
[[SandroMathys|Sandro "red" Mathys]] posted on his blog[1]:


[2] http://katzj.livejournal.com/432586.html
"The FUDCon Brno 2008 in Brno, CZ has been announced a while ago (previously as being located in Prague, though). But only just yesterday, some basic facts were confirmed, after a short planning meeting on last Tuesday.


=== Whence world domination? ===
So, the facts so far are:


[[ColinWalters|Colin Walters]] muses[1] during GUADEC:
* It will take place from Friday, 2008-09-05 to Sunday, 2008-09-07. Saturday, 2008-09-06 being the most important day, since people will probably travel there/back on Friday/Sunday.
* It will take place at some university in Brno, CZ and we’ll have a hotel near the university which we’re told will not be very expensive.


"How do we increase use of GNOME and Free Software in general on the desktop? What's our target audience? What kinds of things can we do? Why haven't we taken over the world yet?"
That’s not much yet, but I think the most important things are fixed: When to travel and where to travel."


[1] http://cgwalters.livejournal.com/18327.html
[1] http://blog.sandro-mathys.ch/2008/07/17/fudcon-brno-2008-in-the-czech-republic/


=== Patented oddness... ===
=== Privacy policy update ===


[[JefSpaleta|Jef Spaleta]] opined on his blog[1] about ooxml:
[[PaulWFrields|Paul Frields]] discussed the need to update Fedora's privacy policy on his blog[1]:


"So looking back over the last few months of all the coverage concerning ooxml and how very bad it is... it seems to me that a lot of people have made it a point to question whether the ooxml specification has patented bits. Even in countries where software patents aren't so very important...yet.. the very issue of patents on bits of the ooxml specification made some sort of press.
"Thankfully, we have a proposal from Tom ’spot’ Callaway that will fix some of these gaps, and improve the transparency of our project. The new policy, and FAS, will continue to keep absolutely private your vital personal information, like address and phone number. And the FAS will provide “opt-out” capabilities for any project member who does not want to share their other data.


Compared to the situation we have for patent encumbered audio/video standards..i find such interest in talking about the ooxml patent issue quite out of proportion. Why does the world, the free world, the world where innovation is yet to be shackled by the constraints of enforced software patents care so very much about the patentability of ooxml, but for audio/video format specifications, its barely on anyone's radar at all as something to be up in arms about?"
The fedora-advisory-board mailing list has a thread to discuss the policy. After a discussion period over the next several days, the intention is to submit it to the Board for a vote."


[1] http://jspaleta.livejournal.com/24410.html
[1] http://marilyn.frields.org:8080/~paul/wordpress/?p=1063


=== Bug reporting for Planet Fedora ===
=== Beat writers needed ===


[[MaxSpevack|Max Spevack]] wrote on his blog[1],
[[PaulWFrields|Paul Frields]] put out the call for writers[1]:


"We have received several reports from people who visited parents, relatives, etc. over the 4th of July weekend and saw strange rendering problems with Planet Fedora on various browser/OS combinations.
"As we approach the Fedora 10 Alpha release, the Docs team finds our list of beat writers for the Release Notes is sadly outdated. We need to get it updated with people who are willing to write information on Fedora 10 changes."


In response to that, we have set up a test matrix that anyone in our community can use to report either successful or problematic browser/OS combinations.
[1] http://marilyn.frields.org:8080/~paul/wordpress/?p=1066


If you have a Windows box or a Macintosh near you, this is an easy way to do a little bit of testing that will be of benefit to the Fedora community."
=== Workarounds ===


[1] http://spevack.livejournal.com/58828.html
[[ChrisTyler|Chris Tyler]] posted[1]:


=== A walking little guy ===
"Some workarounds and fixes for annoyances I've recently encountered in Fedora:


[[NicuBuculei|Nicu Buculei]] made a little animation that your correspondent thought was cute[1].
* Fedora Planet display problems in Firefox 2 (F8) and 3 (F9)
* Unable to boot from a CD using KVM"


[1] http://nicubunu.blogspot.com/2008/07/walking-little-guy.html
[1] http://blog.chris.tylers.info/index.php?/archives/127-Workarounds.html


=== Fedora EMEA Ambassador Meeting Reminder ===
=== Python dictionary optimizations ===


[[FabianAffolter|Fabian Affolter]] wrote on his blog[1],
[[LukeMacken|Luke Macken]] wrote[1]:


"The next monthly EMEA Ambassador Meeting will be next week.
"In my recent journey through the book ''Beautiful Code'', I came across a chapter devoted to Python's dictionary implementation. I found the whole thing quite facinating, due to the sheer simplicity and power of the design. The author mentions various special-case optimizations that the Python developers cater for in the CPython dictionary implementation, which I think are valuable to share."


Day : Wednesday, July 16, 2008 (16.07.2008)
[1] http://lewk.org/blog/python-dictionary-optimizations.html


Time : 20:00 UTC
=== SELinux and Security in the 2.6.26 Kernel ===


Channel : #fedora-meeting"
[http://namei.org/ James Morris] discussed SELinux in the 2.6.26 kernel on his blog[1].


[1] http://fabaff.blogspot.com/2008/07/reminder-emea-ambassador-meeting-next.html
"What's new and exciting with SELinux and security in the new 2.6.26 kernel?"


=== Eth-0 and hacking out in the woods ===
[1] http://james-morris.livejournal.com/31714.html


[[YaakovNemoy|Yaakov Nemoy]] wrote on his blog[1] about the [http://www.eth-0.nl/ Eth-0] show in Wieringermeer.
=== Steampunk photography - a GIMP tutorial ===


"I think it's really important for people to understand a little bit about how open source in Europe works compared to the US. For many people here it isn't just a development model or a way of guaranteeing some level of code security, but just a matter of life and reality. Many people here, at this event, are pretty involved not only in messing around with fun electronic toys, but also administrating some very complex networks and systems deployments. Being able to apply a certain level of code freedom to playing with complex servers scales equally as well to being able to create new tools for Audio and Video production. In other words, all the cool parties use open source here.
[[NicuBuculei|Nicu Buculei]] posted on his blog[1]:


When working with Free Media geeks, having libraries of open media for use in productions is equally as important. It's very common to want to use movies out of pop culture or out of alternative culture (cue obvious cut to a scene from Yellow Submarine for 750 milliseconds.) The sooner most common media, even off-Hollywood films are under licenses like the Creative Commons, the closer artists are able to legally and freely use this media for their performances as well. Open Source and Open Media aren't just philosophical discussions but really affect the things that people her do."
"Now I can proceed to writing a GIMP tutorial about turning a regular photo intro "steampunk photography" effectively photos that would fit my Gears theme proposal for Fedora 10. (note: those photos are intended as additional graphics, not as a default wallpaper, I am not a big fan of photographic wallpapers as default and I can see no way of adding some blue to it, to make it look like Fedora).


[1] http://loupgaroublond.blogspot.com/2008/07/eth-0-and-hacking-out-in-woods.html
Those familiar with my graphic tutorials probably know that I use to address the beginners, showing some techniques as simple as possible (and only pre-built filters), followed by some pointers about advanced usage and also letting it open, with a lot of optional steps and alternative ways, so I will try to do the same this time."


=== Pushing kernels more aggressively to updates-testing ===
[1] http://nicubunu.blogspot.com/2008/07/steampunk-photography-gimp-tutorial.html
 
[[DavidNielsen|David Nielsen]] offered his opinions[1] on how we push kernel updates in Fedora:
 
"We did the correct thing, to a degree naturally, the update was in relation to a security update something Fedora takes very seriously. As such our users should always feel safe knowing that we will push such updates fast, keeping their systems secure through multiple means including proactive security and rapid updates.
 
However the problem is that we don’t apply the update to the existing stable kernel, the patch is always applied on top of the progressing kernel, meaning we also end up shipping a lot of other things such as bugfixes, updates to the latest upstream STABLE tree and various other things. This however is confronted with one problem, the kernels in between the current stable and next update are not all being pushed to updates-testing - only selected kernel updates are. In cases where we then have to release a security fix we are forced to ship a bunch of stuff additionally which is not likely to have been tested extensively."
 
[1] http://davidnielsen.wordpress.com/2008/07/06/pushing-kernels-more-aggressively-to-updates-testing/


{{Anchor|Marketing}}
== Marketing ==
== Marketing ==


Line 210: Line 153:
Contributing Writer: Pascal Calarco
Contributing Writer: Pascal Calarco


=== Beat Writers sought for Marketing & Meetings ===
=== Cirgon Will Ship a Fedora Linux HTPC - Encore Media Server ===


Pascal Calarco posted [1] a call for volunteers for the Marketing and Meetings beats for Fedora Weekly News. He added, "If you are interested, take a peek at the last few issues of FWN [2] to see what this looks like, and then sign up [3] by joining the fedora-news-list, introduce yourself and claim one of these beats as your own!  
Paul Frields reposted [1] an article [2] detailing the planned August 2008 release of a new Fedora Linux-based $2000 home theatre personal computer (HTPC), Encore Media Server, from Cirgon [3].  


[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00037.html
[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00105.html


[2] https://fedoraproject.org/wiki/FWN
[2] http://www.ehomeupgrade.com/2008/07/14/cirgon-will-ship-a-fedora-linux-htpc-encore-media-server/


[3] https://fedoraproject.org/wiki/NewsProject/Join
[3] http://www.cirgon.com/index.html


=== Rebranding EPEL ===
=== Open Source in Brazil's Supreme Court ===


Karsten Wade announced [1] that the Extra Packages for Enterprise Linux (EPEL) project was going to go through a rebranding process and invited interested folk on the fedora-marketing list to participate in a teleconference this past week on this workStay tuned for more information on this.
Teseu [1] publicized that the Supreme Court in Brazil is starting to initially replace Microsoft Office for OpenOffice in the Supreme Court offices there [2]This will hopefully expand to other software applications as well, he indicates.


[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00051.html
[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00112.html


=== Red Hat Replaces RHGB With Plymouth ===
[2] http://teseu.wordpress.com/2008/07/16/o-primeiro-passo-para-um-mundo-maior/


Rahul Sundaram shared [1] a story from Phoronix [2] about Red Hat's replacement of the Red Hat Graphical Boot loader, which is being discontinued and replaced with a new boot loader called Plymouth, engineered by Red Hat's Ray Strode. More information on Plymouth is available on the Fedora wiki [3]
=== Improved audio from Paul Frields' 2008 FudCon talk ===


[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00072.html
Valent Turkovic reported [1] that he enhanced the audio on Paul Frields' FudCon 2008 talk [2] that is available on FedoraTV [3], and posted how he did it. Jeff Spaleta remarked that "[y]ou just validated what we are trying to do here by having everything openly licensed and publicly available." [4]


[2] http://www.phoronix.com/scan.php?page=news_item&px=NjU3OA
[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00115.html


[3] http://fedoraproject.org/wiki/Releases/FeatureBetterStartup
[2] http://herlo.fedorapeople.org/files/fudconf10paulfrields.ogg


=== Top 4 New Features Proposed for Fedora 10 ===
[3] https://miroguide.com/channels/6891


Rahul Sundaram posted [1] an article in Linux Loop [2] where the writer shared his top four suggested enhancements for Fedora 10, including a web-based software portal, Live CD without the CD, improved support for fingerprint readers, and a 'Fedora Lite,' suitable for older computers.  The posting generated some discussion on Linux Loop.  
[4] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00120.html


[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00073.html
=== #1 Supercomputer in the World Runs Fedora ===


[2] http://www.linuxloop.com/news/2008/07/09/top-4-new-feature-proposed-for-fedora-10/
Rahul Sundaram shared [1] his posting on OSNews [2] documenting that the $100 million IBM Roadrunner [3], the current fastest supercomputer in the world, runs Fedora Linux.


=== Fedora-powered tools on new Phoenix BIOS hypervisor ===
[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00122.html


Paul W. Frields forwarded [1] a recent article from BetaNews that reported [2] "that NEC will be among the first PC
[2] http://osnews.com/story/20054/_1_Supercomputer_in_the_World_Runs_Fedora
manufacturers to use its HyperSpace technology...In a meeting with BetaNews on Thursday at this week's Digital Life press preview, the VP said that the HyperSpace platform allows software tools to run on Fedora Linux firmware, even though Windows is installed on the same system."


[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00089.html
[3] http://www.top500.org/system/9485


[2] http://www.betanews.com/article/Phoenix_BIOS_with_hypervisor_to_premiere_Monday_in_NEC_laptops/1215815330
=== July 17th Marketing Meeting: A new Fedora Brand Motto ===


=== Concept Art for Fedora 10 ===
Michael Beckwith posted [1] the log of the July 2008 Marketing meeting.  One of the major topics of the meeting was the Fedora brand of "infinity / freedom / voice" vs. the motto of "friends / freedom / features / first", developed earlier this year.  Paul Frields later posted [2] that these new "four foundations" need to come to the front and become the new motto for Fedora.  He invites ideas to express the four foundations graphically, and is going to be moving the request into the Artwork project queue. 


Rahul Sundaram contributed [1] a recent article from OSNews [2] encouraging readers to check out developments in concept art for Fedora 10 and pointing to a longer posting in Linux Loop [3].  "For many, their first experience with Fedora leaves them in awe of the incredible artwork. This is an important part of Fedora's reputation, so if your a fan of Fedora art, you should definitely check out what the art team has come up with."  The poster at Linux Loop briefly looks at six thematic conceptual sketches to be included in Fedora 10, and concludes, "Overall, I cannot wait to see what Fedora 10’s final theme looks like. If the concepts look this good already, I bet they will look simply incredible when they are finalized."
[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00141.html
 
[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00090.html
 
[2] http://www.osnews.com/story/20039/Concept_Art_for_Fedora_10
 
[3] http://www.linuxloop.com/news/2008/07/11/early-fedora-10-artwork/


[2] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00142.html


{{Anchor|Ambassadors}}
== Ambassadors ==
== Ambassadors ==


Line 272: Line 210:
Contributing Writer: JeffreyTadlock
Contributing Writer: JeffreyTadlock


=== FUDCon Brno ===


Max Spevack posted [1] a link to the FUDCon Brno 2008 wiki page.  This FUDCon is being held September 5 - 7, 2008 in Brno, Czech Republic.  Additional details and sign-ups are available [2].


=== RMLL Event Report ===
[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00211.html
 
Pierre-Yves posted [1] an event report for the RMLL at Mont-de-Marsant, France to the ambassador mailing list.  The conference had approximately 4000+ visitors and T-shirts, buttons and live media were distributed from the Fedora booth.  Be sure to read the event report for the full details.


[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00156.html
[2] https://fedoraproject.org/wiki/FUDCon/FUDConBrno2008


=== More FrOSCon 2008 Information ===


=== Fedora 9 Release Party - Rio de Janeiro ===
Robert Albrecht posted [1] to the ambassador mailing list asking ambassadors who are attending to update the wiki page [2], let him know about hotel arrangements and to remind people of the social event.


Rodrigo Padula posted [1] pictures from the Firefox 3 and Fedora 9 release party in Rio de Janeiro.  
[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00223.html


[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00109.html
[2] http://fedoraproject.org/wiki/FedoraEvents/FrOSCon/FrOSCon2008




=== Event Budget Deadlines ===
=== Help Wanted - Dharan Workshop===


Max Spevack reminded [1] ambassadors that the deadline to have your event on the Fedora Events [2] page is August 1st if it falls between September 1 and November 30.  In order to be considered for the FAmSCo budgeting process the events need to be posted to the wiki.  The email to the ambassadors list contains the full details.
Tushar Neupaney asked for help [1] for a workshop being held in Dharan.  The date has not been determined, but if you are in the area and can help please check the post for additional details.


[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00152.html
[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00214.html


[2] http://fedoraproject.org/wiki/FedoraEvents


== Developments ==
=== FAD EMEA 2008 Request for Comments ===


Sandro Mathys posted [1] a request for feedback in regards to FAD EMEA 2008.  The email contains additional information and there is a wiki page [2] for the event.


Contributing writer Osin Feeley


=== New RPM Sparks Exploded Source Debate ===
[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00209.html


The announcement[1] of a sparkling new alpha-version of RPM by [[PanuMatilainen]] was greeted with congratulations and applause and later some passionate argument. It has been approximately one year since Panu solicited (see FWN#98 "Panu Opens Pandora's Box"[2] and FWN#99 "RPM Roadmap (Cont.)"[3]) suggestions from those not intimately involved in RPM development as to which problems should be fixed. This initiative was taken after deciding to move RPM-4.4 to bugfix maintenance due to artistic differences with the current RPM coder (who then led a very public fork named RPM5[4]). Panu's new RPM-4.6.0 implements many of those suggestions as detailed[5] in the release notes and many of those involved in the initial roadmap process (such as [[RalfCorsepius]] who cleaned[6] up the ''autotool'' stuff also helped to implement the desired changes. By Panu's estimate over 2300 commits were made[7] to the source since the initiative to get RPM development back on schedule began, and although the wiki provides[8] essential details of what has been implemented there is still a good deal of information lacking.
[2] https://fedoraproject.org/wiki/FAD/FADEMEA2008


[1] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00477.html
{{Anchor|Developments}}
== Developments ==


[2]http://fedoraproject.org/wiki/FWN/Issue98#RPM.Roadmap.....Panu.Opens.Pandora.27s.Box
In this section the people, personalities and debates on the @fedora-devel mailing list are summarized.


[3] http://fedoraproject.org/wiki/FWN/Issue99#RPM.Roadmap..28Cont..29
Contributing Writer: [[:User:OisinFeeley|Oisin Feeley]]


[4] http://rpm5.org/
=== Kerneloops for SELinux ===


[5] http://wiki.rpm.org/Releases/4.5.90
The last furore[1] over SELinux contained a positive contribution from [[StewartAdam]], who proposed[2] to improve the interaction between users and SELinux by means of a "kerneloops-like plugin [which] would allow for statistics on where denials occur most and that way the policy could be modified accordingly." [[DanWalsh]] commented[3] that [[JohnDennis]] had written the ''setroubleshoot'' tool[4] to include the ability to send messages to an upstream collector. Dan was worried that he would be chosen as "the upstream infrastructure to handle all the messages" but optimistic that "the XML data [could be] run through some tools to see if the AVC was fixed by a newer version of policy". [[RobinNorwood]] thought[5] this would be easily solved using TurboGears[6] and Stewart concurred[7].


[6] http://www.mail-archive.com/rpm-maint@lists.rpm.org/msg00386.html
[1] http://fedoraproject.org/wiki/FWN/Issue133#SELinux.Eats.Babies.2C.Confines.Wives.2C.Gives.Birth


[7] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00538.html
[2] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01081.html


[8] http://wiki.rpm.org/Releases/4.5.90
[3] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01085.html


The announcement contained suggestions for users (of Rawhide where the alpha is available) about how to trouble-proof themselves and a more extensive list of notes for packagers. Of note are the changes to the macros to eliminate the old buildroot directory defaults and ignore[9] the BuildRoot in an rpm's spec file, and the addition of support for LZMA[10] compression. Another cool new feature is the addition of a macro to allow iteration over all patches, something which was welcomed[11] by [[JarodWilson]], who noted that RHEL5 needed 1800 lines in the kernel specfile solely to mention each patch.
[4] The ''setroubleshootd'' daemon listens for AVC denials and passes them through a series of plugins to analyze the audits and report what has been prevented. Suggestions are made on how to fix denials. On the client side ''sealert'' provides either a GUI or plain CLI interface which can connect to either the local machine or to a remote ''setroubleshootd''. The daemon can be configured to send email alerts. Making changes to system policy can be done in a variety of ways. The aforementioned sealert often suggests a simple CLI sequence to run. The older CLI ''audit2allow'' and ''audit2why'' tools respectively generate fixes based on the audit logs and explain them. ''semanage'' allows changes to be made on the fly to SELinux policies and ''system-config-selinux'' also allows boolean selection among pre-written policy options and the easy changes of ports or filecontexts.


[9] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00531.html
[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01087.html


[10] http://en.wikipedia.org/wiki/LZMA
[6] A web framework written in Python which is widely used in Fedora Project infrastructure.


[11] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00502.html
[7] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01093.html


It seems that a massive amount of work has gone into API changes and internal cleanup of the code in order to set up a framework for the addition of new features in the future.
A substantial chunk of the rest of the discussion hovered around the topic of whether some button(s) should be added to make it easier for the user to ignore the problem. Similar ideas had been floated (see [[AlanCox]]'s and [[JamesMorris]]'s comments in FWN#133, ref 7&8 [8]) earlier and [[AhmedKamal]] made[9] a good summary of them. He suggested that an AVC denial would present two buttons: "AutoFix" would try to enact the recommended fix stored in the database; and an "Exempt" button which would allow the offending application to run unrestricted. The latter especially was intended to prevent users from just switching off SELinux entirely. [[ArthurPemberton]] and [[StewartAdam]] thought[10] that this was exactly the wrong approach, with Arthur being reminded of MS Vista users automatically clicking "allow" and Stewart commenting "The idea of this is to get users to report what's going wrong and get it fixed in the policy instead of exempt/disable which defeats the purpose and trains the user to hit "Exempt" without reading anything." Ahmed took the point and made the modification that the "Exempt" button would only work once-per-launch. He argued this would allow the user to get work done but still preserve the incentive to get the problem fixed. [[DaveAirlie]] appeared[11] somewhat upset at the idea, arguing that this was "NO NO NO ... DOING IT WRONG."! Taking a cue from the implicit messages of the iMac vs. Windows television advertisements and the successful model of kerneloops he insisted that users should "[never be involved] in the mess other than asking for opt-in [...] The user is not going to have a freaking clue wtf exempting means." Instead he suggested that pinging a remote server to ask for an updated policy would be superior.


[[ThorstenLeemhuis]] expressed[12] happiness with Panu's contribution but wondered whether the FESCo Feature process[13] had been shown to be unnecessarily bureaucratic by the manner in which this change had occurred. [[JoshBoyer]] and [[JeffSpaleta]] drew[14] a slightly different lesson and suggested that it ought to be made easier for a developer to determine whether their package upgrade should be filed as a feature. Panu also agreed[15] that Thorsten's points were fair but excused himself on the grounds of concentrating on upstream RPM development and not being sure what the demarcation between feature and non-feature was.
[8] http://fedoraproject.org/wiki/FWN/Issue133#SELinux.Eats.Babies.2C.Confines.Wives.2C.Gives.Birth


[12] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00549.html
[9] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01089.html


[13] https://fedoraproject.org/wiki/Features/Policy
[10] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01092.html


[14] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00562.html
[11] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01101.html


[15] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00565.html
Replying specifically to the idea of an "Exempt" [[DanWalsh]] noted[12] that there were such policies (called "permissive domains") now available in Rawhide. He went on to restate the problem that "Teaching people to press a button to tell SELinux to disable protection [because of AVCs that don't really block anything will get them to disable it when a real attack comes along." Instead the SELinux developers are concentrating on eliminating many of the false AVCs and one of the recent changes towards this end is the addition of a new access permission "open". [[JamesMorris]] added[13] that he had written about this work, as implemented by [[EricParis,]] in his livejournal: "Until now, opening a file under SELinux invoked the same permission checks as the intended operation on the file, such as read, write, execute and append. There was no separate "open" check: opening a file for write, for example, was considered by SELinux policy as equivalent to actually writing to the file. Experience has shown that this approach is not ideal for handling cases such as IO redirection via the shell, because policy writers cannot usefully guess where users will send redirected output."


[[PaulFrields]] suggested[16] that it might be useful to think of the "Fedora feature process as leveraging what Fedora can provide for an upstream community. Two things that come to mind immediately are QA/testing and widespread publicizing of the feature." [[JohnPoelstra]] also drew attention[17] to the synergistic advantages of the Features process resulting from its public communication of what is being worked on currently. [[CallumLerwick]], responding to Thorsten, gave his understanding of the Features process as "a conduit for the Engineering side of Fedora to collaborate with the Marketing side of Fedora, to allow the Marketing people to build up pre-release hype for new features without having to second-guess us notoriously busy, and quiet, engineering types. It allows the Marketing people to keep tabs on engineering activities and have reasonable certainty as to the status of the feature, specifically whether or not it is going to be finished in time for the final release." He emphasized the voluntary participation of developers and software engineers in the process and the benefit resulting from having marketing clued-in to interesting changes. [[JesseKeating]] responded[18] that the process was "way more than just marketing fluff. Features have very real schedule impact, just consider this time around, RPM with a bunch of new features, and a new gcc coming at some point soon. Usually we want to rebuild for both of those. Without some high level coordination, how do we schedule so that we rebuild once for all of the right reasons instead of multiple times individually?" The marketing advantages of the Feature process were confirmed[19] by [[PaulFrields]]. [[MatthiasClasen]] made[20] some concrete suggestions on how to improve the Feature process. They included the addition of definitions or explanations for each section and the perception that the review of his feature pages felt a bit like getting homework graded.
[12] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01091.html


[16] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00580.html
[13] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01170.html


[17] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00581.html
[[DanWalsh,]] in response to questions from [[ArthurPemberton]], listed[14] the private information contained in an AVC denial as "Hostname, filename, potentially username, rpm information. What apps they are running."


[18] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00626.html  
[14] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01132.html


[19] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00582.html
Dan was also concerned that any new upstream reporting only occurred when ''setroubleshoot'' had been unable to find a suggested fix in its database. He reported that many bugzilla entries filed against him appeared to indicate that users did not even attempt the actions indicated as potential fixes by ''setroubleshoot''. [[ArjanvandeVen]] suggested[15] that ''setroubleshoot'' should just make those changes. [[DavidTimms]] wondered whether suggesting such "let this happen anyway" actions to users should be considered risky and not dissimilar to Ahmed's "Exempt" and "FixMe" buttons. He also listed several means by which he considered SELinux could be improved. [[DanWalsh]] replied[16] that many of these desired capabilities were already present in SELinux but appeared to ignore the behavioral similarities argued by David.


[20] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00645.html
In response to further questions from [[ArthurPemberton]] it seemed[17] that the preferred mode for such a tool would be to suggest installation of any available updated policies either via PackageKit offering to install them or a "yum update".


The point about co-ordination of activities was highlighted when [[DougLedford]] confessed[21] that his first reaction had been "Oh hell...what a colossal waste of time" when he realized that he had spent a week studying what was now obsolete RPM source code. Panu's friendly response that Doug "could've just asked" drew out the central problem: "Yeah, I know, I just didn't know a big update like this was in the works." Doug's interest lay[22] in extending ''rpmdb'' to add fields to allow interaction with SCMs[23] mostly "to be able to support exploded source repos and usage of exploded source repos as canonical source versions of binary packages." Panu answered[24] that these sorts of changes were probably post-Fedora 10 and that he too was keen to integrate with SCM tools. He pleaded for some more patience to settle this clean, new codebase down before implementing such changes: "I know. People have been waiting SO long for various things to happen in RPM that everybody's out of patience and wants their stuff in NOW. Please try to be patient a little bit longer: once this release stabilizes, RPM can move to a "normal" development-release cycle where folks will not have to wait 5+ years to get their changes in :)" [[SethVidal]] and [[ToshioKuratomi]] were impatient with Doug's impatience[25,26] with the latter noting that Fedora Policy "to allow using source control repos interchangeably with tarballs would [not] be approved in time for F10 either."
[15] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01193.html
[21] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00683.html  


[22] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00694.html  
[16] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01138.html


[23] http://en.wikipedia.org/wiki/Software_configuration_management
[17] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01151.html


[24] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00696.html
=== Process Wakeups and Energy Efficiency ===


[25] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00702.html
[[UlrichDrepper]] posted[1] a systemtap script which revealed a list of applications which cause wakeups due to timeouts. He noted that "Programs should be woken based on events. They shouldn't poll data (which is what usually happens after a timeout)" and requested that package maintainers for the programs in the list try to help solve the issue. The Flash ''npviewer'' was clearly the worst offender. The creator of the ''PowerTOP'' program, [[ArjanvandeVen]] wondered[2] why this work could not have been done using PowerTOP.


[26] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00699.html
[1] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00921.html


Later Panu requested[27] that packagers "refrain from using the new spec features in Fedora to minimize the fuss in case disaster strikes and we need to go back to rpm 4.4.x. The new rpm is on probation for a while ;) Please do test and use the new things as much as possible in private, just not yet in Fedora CVS.  A further notification will be sent when the probation is over."
[2] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00931.html


[27] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00703.html
[[MatthewGarrett]] thought[3] that polling was inevitable for many applications but that the Glib timer function ''g_timeout_add_seconds''[4], which allows a function to be called at repeated intervals until it is automatically destroyed, could be used to do this at low frequency. It turned out[5] that this was exactly the approach which [[ArjanvandeVen]] had taken. [[HaraldHoyer]] thought that this was non-ideal as it did not sync globally and while Matthew agreed that kernel support would be needed [[DavidWoodhouse]] speculated[6] that tackling the problem per-thread instead of per-event might be possible.


Doug expended a good deal of effort both trying to get an answer as to whether there was any point in him trying to go ahead and add some of the basic features which he thought were necessary, and also explaining why the ability to interact directly with a distributed SCM/VCS instead of through the middle-man of a tarball was a good idea. Among the advantages Doug described were "since you built the binary packages from this exploded source repo, then in order to give people the exact sources you built from, you need to make the repo available for clone/checkout by people. You need never once build an srpm or tarball from this repo if you don't want to [...] the first advantage to this type of setup is that every SCM worth a pile of dog poo will store the different versions of software in some form of change related format that keeps you from duplicating the same things over and over again like tarball after tarball does. You generally take a hit in size versus a single tarball, but end up saving quite a lot in the long run [...] you get to work on the code in native format, try things out, run build tests, and all the while the pain of repetitive rpm source processing is reduced[...]" Doug went on to explain that in the case where the upstream also uses a distributed SCM then things become even easier. He attached his notes (in ''tomboy'' format) with yet more detail.
[3] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00938.html


Doug was obviously brimming with ideas about how this would make Fedora development easier and reacted[28] with a certain amount of frustration to Panu's and Seth's assumption that he was asking them to do something which they could not get around to until Fedora 11. Doug also pointed[29] out that the problem of forcing the creators of spins to distribute their own sources was also possibly solved by using distributed SCMs and that he had discussed this with [[JesseKeating]] at the recent FUDCon. His perception was that the Fedora Project was actively blocking Red Hat's needs. [[JesseKeating]] later returned[30] to the problem of compliance with the distribution requirements of the GPL: "I either have to offer you a CD/DVD of corresponding sources in <insert vague nonlegal terms here> format, or provide you a written offer to provide the above that is good for the next 3 years, or pass along such written offer that I myself may have gotten. Nobody has confirmed nor denied what that <vague nonlegal terms here> means, nor how long the 3year clock ticks on those formats, and whether or not directions on how to get the source from our public source repo is OK."
[4] http://library.gnome.org/devel/glib/stable/glib-The-Main-Event-Loop.html#g-timeoutadd-seconds


[28] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00729.html
[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00962.html


[29] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00776.html
[6] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00968.html


[30] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00793.html
[[NilsPhilippsen]] added[7] that it should be possible to use IMAP IDLE to fix mail clients and servers that polled too frequently.


This has been an inadequate summary of a complex topic. If you are interested in it you are well advised to read the thread especially Doug's posts and the responses to them. They start here[31].
[7] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01032.html


[31] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00683.html
[[RichardHughes]] quickly jumped[8] in to report a fix for his PackageKit problem but was less sanguine that GNOME Power Manager could be fixed quite so easily, although there was an expectation that Xorg would fix things by sending out a notification of changed DPMS state.


=== Fedora EDU Spin Preview Temporarily Pulled ===
[8] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00948.html


A spin targeted at educational environments, "Fedora EDU"[1], was announced [2] as available in preview by [[SebastianDzillias]]. He explained that its focus was on mathematical applications with a KDE-4.1 desktop environment and that it was currently x86 only.
[[DanielBerrange]] provided[9] some evidence that the apparent problem with ''libvirtd'' was actually due to DBus sending unrequested signals every six seconds. When [[DanWilliams]] took a look[10] at NetworkManager's contributions and explained some problems were due to the ''ipw2200'' drivers waking up all WEXT listeners every four seconds and others were due to the presence of bogus rfkill switch events in HAL Daniel connected[11] the dots and said "Ahhh, so that's probably what's causing /usr/libexec/hal-ipw-killswitch-linux to be run every 6 seconds, which in turns causes any app connected to DBus system bus to be send a signal every 6 seconds and thus causes all the hits against libvirtd - and a fair number of other apps in that list too." [[DanWilliams]] responded that it was possible, but that it might be worth checking to see if D-Bus signal filtering was being done properly. The forthcoming 2.6.27 kernel was also said to contain the appropriate patches for rfkill which would help solve the problem.


[1] http://fedoraproject.org/wiki/SIGs/Education/Roadmap
[9] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00973.html


[2] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00628.html
[10] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00976.html


[[JesseKeating]] was quick to point out[3] that the use of the KDE-4.1 preview provided by the "kde-redhat" repositories meant that the spin could not use the "Fedora" trademarks. [[JoshBoyer]] amplified[4] on this with the information that "you need to get Board/Spin SIG/Rel Eng approval to call a spin a Fedora spin" and that there was no need to use the kde-redhat repositories as Rawhide already had the KDE preview packaged up. [[ChristopherAillon]] also noted the existence of the SpinSubmissionProcess and [[LukeMacken]] wondered [5] whether anyone wanted to help out in creating a "fedora-spins" mailing list to help unblocked that process.
[11] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00978.html


[3] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00629.html
Problems with ''PulseAudio'' were guessed by [[LennartPoettering]] to be due to the aforementioned Flash player ''npviewer'' opening audio streams and never closing them which in turn caused PulseAudio to keep the device open. Again there was a promise of future improvement as Lennart mentioned that the version of PulseAudio in rawhide should not generate any wakeups when completely idle.


[4] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00632.html
It would seem that Ulrich's initiative may yield some useful improvements.


[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00651.html
=== Nodoka Notification Theme a Fedora 10 Feature ===


Further discussion between [[RexDieter]] and [[JoshBoyer]] revealed[6] that the spin was also based on Fedora 9, which led Josh to suggest that new spins should dovetail into the release process and specifically that this one should be based off Fedora 10. Rex agreed that this had been the plan, but that this was simply a preview to obtain feedback. [[JeffSpaleta]] thought[7] that "Preview binaries are great, because it shows that these particular Spin developers are making their best effort to get this working and tested[.]" He asked for confirmation that there was no actual policy preventing such preview spins being built against the current (as opposed to rawhide) release and suggested that the main problems were "they pushed ahead and used non-fedora binaries in what they published [and] [w]e don't want anyone out in the wild to get the idea that this is a baked concept. The generic logos are there specifically so we can do preview spins like this." [[JoseMatos]] thought[8] that the question should be extended beyond spins to consider the general case of "non-official" repositories such as the TEXLive, Python-2.5 and other repositories. Although he was aware of the inherent possibility of diluting rawhide testing due to such repositories "I would have expected that by now we had some kind of mechanism to deal with such cases other than the non-official stance of every of those repositories." [[CharlesDostale]] thought[9] that an ultra-rawhide as hinted at by Jose would be interesting.
[[MartinSourada]] asked[1] for help determining whether his plan to provide a beautiful new notification theme for Fedora 10 counted as a "Feature" (see FWN#135 "New RPM Sparks Exploded Source Debate refs 10-20 for recent discussion of the Feature process.) The notification daemons are responsible for popping up small, dismissable windows informing the user that certain events have occurred[2][3].


[6] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00637.html
[1] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00842.html


[7] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00644.html
[2] http://freedesktop.org/wiki/Specifications/systemtray-spec


[8] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00650.html
[3] http://developer.gnome.org/doc/guides/platform-overview/platformoverview.html#notification-area


[9] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00690.html
Martin stated that the public test release had been available for three months and no issues had been reported. He explained how to obtain the new theme from Koji and how to make it available to the system. After encouragement from [[RahulSundaram]] that such a visible change should be considered a feature Martin created a feature[4] page in the wiki. Further feedback from Rahul resulted[5] in the addition of screenshots and a Test Plan section.


[[JeroenvanMeeuwen]] agreed[10] with Jeff that there was no current hard policy against working off the current release and decided to "propose to the spin sig to have the spin-kickstarts master branch use generic-logos (master branch is for development so basically anyone can do anything there)." [[RexDieter]] took responsibility and announced on his blog[11] that the spin was pulled until the aforementioned problems had been resolved.  
[4] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00901.html


[10] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00653.html
[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00908.html


[11] http://rdieter.livejournal.com/2008/07/10/
[[WillWoods]] wrote[6] a concise and informative overview of what was expected from Test Plans.


Later Jeroen posted[12] an explanation and request for how those wishing to produce official Fedora spins should proceed. An exchange[13] between [[JesseKeating]] and [[RahulSundaram]] focused on the question of whether FESCo should, as the designated body, be the one to decide whether the "desktop" and KDE variants were not spins. Jesse argued that because they were produced as part of the distribution they should be treated as "in essence the non-contrib part" and thus not to be treated as spins. Jesse argued strongly that it was "ill advised [for FESCo to have voted that spins are not features and] Releng and the Spins SIG want them to be features, and I'll use my powers in FESCo now and the board as well if necessary to push that agenda." He returned to the theme that Features were essential to the process of co-ordinating the production of a release. Rahul agreed[14] with the logic of Jesse's argument but disagreed with the over-riding of FESCo's decision "[..] if FESCo makes a decision, it should be the same group reversing it instead of any of us arbitrarily deciding otherwise. There is no point in FESCo making such decisions otherwise." [[JeffSpaleta]] also appeared[15] to believe that the decision-making process was slightly off-kilter.
[6] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00912.html


[12] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00686.html
=== Mono Beta ===


[13] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00720.html
[[PaulJohnson]] announced[1] that a new beta of ''mono'' was about to hit the servers and would probably break a number of things. Also of note was the change of license to MIT for Mono-2.0.


[14] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00724.html
[1] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01123.html


[15] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00721.html
[[DavidNielsen]] was excited and wondered if this would be pushed into Fedora 8 and Fedora 9 once any obvious breakage had been fixed. [[BillNottingham]] did not think 2 that "breaking the entire ABI and licensing of mono in released distros is a *good* thing. Especially Fedora 8." David expressed the advantages of pushing out one big update with a completely revamped stack to which [[WillWoods]] replied[3] that it made more sense to wait for Fedora 10's release in three months' time. David returned[4] to the idea that "having the same Mono throughout our releases is easier to maintain [and] pushing newer versions of the stack will enable us to support applications more widely across the stack." He suggested shipping a Fedora 9 preview release and drew a parallel to the situation with KDE-4.1 and their QT libraries. [[KevinKoffler]] disputed[5] the parallel as "Qt-4.4 and KDE-4.1 aren't breaking binary compatibility[.]"


=== Fedora, Meet OLPC. OLPC, Meet Fedora ===
[2] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01156.html


[[GregDeK | Greg De Koenigsberg]] asked[1] Fedora packagers to help out the OLPC project by taking up the reins as far as package maintenance goes. He noted that contrary to some press reports the OLPC project has not died and quoted some surprising statistics: "OLPC has shipped over 300,000 units to kids around the world. They plan to ship at least another 50,000 more each month, and very likely more than that. It's entirely possible that by the end of 2008, there will be a million OLPC systems deployed worldwide. Of those systems, 100% of them currently run Fedora, and 0% of them currently run Windows despite the press clippings you may have read." Greg argued that this made OLPC Fedora's single largest customer and that the community was exceptionally well placed to help this continue. Some of the tasks were "simple issues that even novice packagers could handle." [[JeffSpaleta]] suggested that a "Sugar Desktop Spin" for standard PC hardware with a SIG to help organize around would improve efficiency.
[3] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01158.html


[1] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00433.html
[4] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01160.html


[[DebarshiRay]] wondered[2] "Can someone running vanilla Fedora (8/9/etc.) without any physical access to the XO hardware maintain/use OLPC packages?" and [[DennisGilmore]] answered[3] unequivocally "Yes, there is only a tiny handful of packages that are specific to the hardware/setup of the XO. the rest should always be applicable for use outside of the XO, sugar is in F-9 there is still some kinks in regards to the packaging that needs fixed. but if it doesnt work right on a normal fedora desktop its a bug and needs fixing." [[ChristopherAillon]] pointed out[4] that plenty of packagers maintain their packages for architectures, such as PPC, for which they do not have physical hardware and that XO was no different.
[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01163.html
 
[2] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00461.html
[[PaulJohnson]] explained[6] that until all the breakage had subsided only Rawhide would see the new beta "To me, rawhide is there for exactly this purpose - a testing ground to see how much is broken before pushing to stable." [[JeffSpaleta]] wondered[7] what the purpose of "updates-testing" was in that case.
 
[3] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00462.html
 
[4] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00463.html
 
[[ColinWalters]] thought[5] that simple manual fixing of problems missed the opportunity to automate the process where appropriate.  [[DanielDrake]] raised[6] a related point, based on his experience of working on upgrading the OLPC from Fedora 7 to Fedora 9, which was that there appeared to be ever increasing bloat as a result of dependency chains. Due to the limited space on the XO Daniel requested help in slimming things down somehow. [[MatthiasClasen]] remembered[7] that when he had been involved with OLPC it had been necessary to do a lot of "dependency pruning." He advised that the best course of action was to "keep fighting this by filing bugs and pointing out package split candidates, since these deps have the tendency to grow back." [[RahulSundaram]] noted[8] that the need to produce LiveCDs helped combat the bloat tendency and [[RichardJones]] separately mentioned[9] ''oVirt''[10] in the same context.
 
[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00439.html
 
[6] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00490.html
 
[7] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00503.html
 
[8] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00512.html
 
[9] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00529.html
 
[10] http://ovirt.org/
 
After [[MatthiasClasen]] told Daniel that ''gvfs'' would possibly be split-up for Fedora 10, but that it was unlikely without a fork for Fedora 9, [[DennisGilmore]] added that he had been working on always tracking Rawhide for the olpc and that a Fedora 10-based build was possible. [[DanielBerrange]] spoke for the ''oVirt'' project when he expressed[11] a desire for tools to produce nightly reports on statistics such as the "disk footprint of the chain starting from package 'X', or list of dependencies from package 'X', or perhaps something that given a kickstart file can report the total size of the package set listed in the kickstart without actually going through the full livecd (or equiv) build process." SethVidal offered to take care of this and Daniel added[12] some further desiderata. Shortly afterwards Seth whipped-up an implementation to which [[JeremyKatz]] commented "The thing which becomes important to see is growth (or shrinkage) in packages as well as what new packages/removed packages there are. Which involves fiddly questions of growth thresholds and human analysis of the output." [[DavidTimms]] was excited[13] by the output, including what it appeared to reveal about the minimal set of install packages. Seth ended up modifying the output to a simple format which allowed[14] the use of standard UNIX text-processing commands to do fun things with the output.
 
[11] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00519.html
 
[12] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00525.html
 
[13] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00649.html
 
[14] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00685.html
 
=== Getting Rid of pam_console for Fedora 10 ? ===
 
Currently Fedora sports both ''pam.console'' and HAL-based ACL support and [[BillNottingham]] posted[1] that it was "time to cut the cord and remove pam.console, so we only have one way of setting device permissions to worry about." He attached a list of affected packages.
 
[1] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00555.html
 
[[ChrisAdams]] wondered[2] how he would implement HAL-based ACLs for his serial ports to access other consoles. Following Bill's request for an ''lshal'' output and a pointer to an example HAL policy Chris's own stab at producing the policy seemed to pass muster. He added "I have another system where I have multiple USB-to-RS232 adapters; one is used for outbound terminal sessions (console user gets access) and one for a modem (no console access). I differentiate between the two with a udev rule that adds a symlink (e.g. "term" and "modem") and then set the permissions with a pam.console match on the symlink. Is it possible to match something set from udev like that (so I don't have two places to keep track of hardware serial numbers and such for matching)?" Bill's reply suggested examining ''/usr/share/hal/fdi/information/10freedesktop/10-usb-pda.fdi'' and ''/usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi'' in order to see respectively how varying information in HAL is handled and then ACL management is applied. This led a happy [[JeffSpaleta]] to exclaim[3] "that was the first explanation of how to do this sort of thing on how to generate new hardware access control rules that I've actually followed."
 
[2] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00567.html
 
[3] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00570.html
 
[[DavidZeuthen]] corrected[4] Bill's description of the surgery to "the plan is actually to move this to ConsoleKit (HAL is going away and all that etc. etc.) but that's most likely F11 material. So suggest to hold off this feature for now." This might reassure [[DmitryButskoy]] who commented[5] that pam_console's "auth" features were useful.
 
[4] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00621.html
 
[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00608.html
 
=== New PackageKit and GNOME-packagekit in Fedora 9 ===


[[RichardHughes]] drew attention[1] to the availability of API-breaking update of ''PackageKit'' and ''gnome-packagekit'' in the Fedora 9 "updates-testing" repository. He requested testing and bug reporting via email.
[6] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01189.html


[1] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00304.html
[7] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01195.html


Richard noted that speed-wise there would be a major improvement coming much later based upon his work on profiling ''yum'' and working around "slow paths in the API [...] For instance, the group list used to take 14 seconds on my machine, and now completes in less than a tenth of a second using master." [[SethVidal]] cautioned[2] against Richard's approach of accessing the SQLite databases directly instead of going through YUM's layers and suggested that instead "I've implemented a searchNames() method to pkgSack in yum which will let you search very quickly for multiple package names."
=== Policy On Non-Responsive Maintainers ===


[2] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00305.html
The issue of non-responsive maintainers was aired[1] when [[PatriceDumas]] suggested a new policy designed to force maintainers to answer "easy fix" bugs or orphan packages. While Patrice worried that it might look rude he emphasized that the intent was to spread co-maintainership and obtain quicker bugfixes. While most contributors acknowledged the intent behind this they saw myriad problems.


Most of the other responses reported no significant issues after several days of testing, except that [[MartinSourada]] found[3] some non-intuitive behavior when installing local rpms.
[1] https://www.redhat.com/archives/fedora-devel-list/2008-July/thread.html#00796


[3] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00309.html
[[EricSandeen]] quickly raised[2] the problem of defining an "easy bug". [[AndrewBartlett]] thought[3] that this was potentially just "a stick to hit a stressed developer with - and surely developers under external stresses, who do not maintain Fedora packages as their day, job will be the ones most likely to have this stick waved at them. Their re-action may not be the one they or you want in the short and long term."


== Translation ==
[2] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00745.html


This section, we cover the news surrounding the Fedora Translation (L10n) Project.
[3] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00845.html


http://fedoraproject.org/wiki/L10N
The issue of whether or not a fix had to, or could be, determined as correct was also seen[4] as a problem by [[BillNottingham]] and [[JesseKeating]].


Contributing Writer: [[MarekMahut]]
A very detailed and thoughtful response from [[MichaelSchwendt]] to [[MatejCepl]] outlined[5] the problem of increasing the volume of bureaucracy and email dealt with by maintainers. It's worth reading to understand the stresses mentioned by other posters including [[AdamJackson]] and [[NigelJones]] who described[6] typical volumes of email which they faced. Adam added that anyone was welcome to help him fix bugs. Michael suggested instead that there be "a policy for package maintainers to respond to specially marked tickets from fellow fedora contributors in a timely manner. And if that results in tickets which are still not answered, timeout periods can be applied and give contributors the opportunity to prepare a test update (and only a test update!)." [[JesseKeating]] liked[7] the idea and added that SIG meetings could help to triage bugs.


=== Defining Minimum Criteria for I18N Support ===
[4] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00894.html


Rahul Bhalerao [https://www.redhat.com/archives/fedora-trans-list/2008-July/msg00020.html defines] criteria for language support:
[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00937.html


"I think the term Language Support has been used in more vague sense
[6] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00856.html
so far (please correct me if I am wrong). Also there has been a
difference between a language being supported technically and a
language that is supported with all the localization. Thus there has
been a need to define the terms with more clarity. I think it would be
good if we have two different sections for a language support namely,
i18n and l10n."


[1] https://www.redhat.com/archives/fedora-trans-list/2008-July/msg00020.html
[7] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00939.html


== Infrastructure ==
[[HansdeGoede]] thought[8] that it would be better to address the problem of how to allow others to help make easy fixes. He argued that it ought to be possible to use ACLs to allow "easy fixes" to be committed by anyone with CVS extras permissions if a developer has allowed it. Patrice replied[9] that the cases which he was concerned about were not owned by maintainers who would allow such changes.


This section contains the discussion happening on the fedora-infrastructure-list
[8] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00757.html


http://fedoraproject.org/wiki/Infrastructure
[9] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00764.html


Contributing Writer:  HuzaifaSidhpurwala
Another voice against too much bureaucracy was that of [[RichardHughes]] who queried[10] "Surely the maintainer in question knows the package well enough to decide whether to merge patches? For instance, I might push a patch upstream and hold off applying it to fedora as it's trivial and will get updated at the next version bump of my package in a few weeks" to which [[KevinPage]] replied that there were examples where the timeframe was closer to numerous months. [[JeffSpaleta]] pushed[11] the idea of putting "packages under the purview of maintainer teams who are comfortable working with each other and care about the packages in question regardless of who the primary owner of a package is. SIGs are the obvious construct here[.]"


===  puppet and git  ===
[10] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01004.html


Mike McGrath writes for fedora-infrastructure-list [1]
[11] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01008.html


Mike suggested that we have been doing puppet wrong. Not really wrong but there's a
Refinement of the policy was carried out between [[RahulSundaram]] and [[ToshioKuratomi]]. Toshio wanted[12] to make it possible for a co-maintainer to be added in egregious cases to help ease the burden on the original maintainer.
better way now using modules [2]. So Mike and probably kanarip, will start converting some stuff  to the more module format.


[12] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00918.html


[1] https://www.redhat.com/archives/fedora-infrastructure-list/2008-July/msg00015.html
The emphasis on orphaning packages aggressively over a short time-period was questioned[13] by [[DanielBerrange]]. He suggested that adding co-maintainers would be a better strategy. [[RichardJones]] added[14] the disturbing spectre of "Wikipedia-style deletionism" occurring.


[2] http://reductivelabs.com/trac/puppet/wiki/PuppetModules
[13] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00946.html


=== Cron <postgres@db2> /var/lib/pgsql/vacstat.py check ===
[14] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00982.html


Toshio Kuratomi writes for fedora-infrastructure-list [3]
Some balance was added by a post made[15] by [[KevinPage]] which conveyed the perspective of frustrated bugzilla posters who find their easy fixes ignored. Kevin explained his experience with trying to get his patches applied and wondered whether it was a consequence of the new emphasis on pushing bugfixes upstream. He finished with "One conclusion from this thread is that it's accepted that some maintainers don't follow bugzilla. Not condoned, but accepted as a reality. That's clearly incompatible with asking users to report their problems in bugzilla."


Since the plan is to move koji to db3 within the week Toshio proposed  that he would like to hold off on this. The dump and reload to move to the new server should be more effective than a manual vacuum.  
[15] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01005.html


 
{{Anchor|Artwork}}
[3] https://www.redhat.com/archives/fedora-infrastructure-list/2008-July/msg00033.html


== Artwork ==
== Artwork ==
Line 556: Line 438:
Contributing Writer: [[NicuBuculei]]
Contributing Writer: [[NicuBuculei]]


=== Continual Echo Icon development ===
=== The End of Round 1 for Fedora 10 Themes is Near ===


Martin Sourada, the Echo icon theme maintainer, published[1] a new release, 0.3.2:
On the Fedora Art list, [[MairinDuffy]] proposed [1] the end for the first round of the theme named "battle" [2] for Fedora 10:
"as you might know, we've recently published our first release on fedora hosted (0.3.2) and I'll probably mark the update for F8/9 as stable tomorrow or in Monday. Also being it first release of echo using the new git layout + git branches, there are some little issues which I'll address in 0.3.2.1"
"We've an overwhelming number of proposals for F10 now. Should we close new proposals for F10 so we don't have our focus spread across too many ideas?
Also, we should probably go through the proposals missing the requirements and remind the proposers to fully fill them out or pull them."


[1] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00071.html
And for Ian Weller's proposal [3], a deadline is set for July 21st, enough time for people to prepare their proposals.


He also laid some plans for the next release, 0.3.3:
[1] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00182.html
"I've decided that one of the most important places to create icons in the menus for now are the System sub-menus, where there are many icons using neither echo nor gnome style and some of them are even blurry."


In related icon development, both Martin and Luya Tshimbalanga created a number of new icons, with character map[2], firewall[3] and date preferences[4] being a few examples.
[2] http://fedoraproject.org/wiki/Artwork/F10Themes#List_of_Submissions


[2] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00081.html
[3] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00183.html


[3] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00099.html
=== Icons for applications and a web application ===


[4] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00106.html
[[RobinNorwood]] introduced [1] an amazing web application [2] which allows users to search for, browse, comment on, and rate software applications available for Fedora and asks a series of questions about application icons:
"So I've been looking at importing the icons for applications for the Fedora Applications web site [2]. We'd like to show an icon next to a given application, preferably the one the user would see in the menus after installing said app. This is, of course, complicated.  I can currently look for icons inside each rpm in Fedora, specifically the rpm providing the application we're interested in, and the various *-icon-theme rpms."


When creating one of the icons, Martin Sourada commented[5] "I used some gimp tricks in order to look more smooth on LCDs for the PNGs", a practice questioned[5] by Nicu Buculei "[...] his way the binary (PNG) can't be built directly from source and would make the life harder for derivatives"
And a little later he added [3] more details about how it will work, identifying the user's icon theme and using matching icons:
"To do the actual package install, we'll be using a browser plugin (probably) which will probably send us some limited information - like what version of Fedora the user is running, for instance.  It might be possible to include the current theme in this info."


[5] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00104.html


=== Mist icons in high resolution ===
[1] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00171.html


Andreas Nilsson, the maintainer of the Mist icon set, which is currently used in Fedora 9 and Fedora 8, announced on the art mailing list the introduction of a few icons with really large size, needed by some applications:
[2] https://fedorahosted.org/amber/
"As there are requirements for large size icons in apps like GNOME Do and Elisa, I recently started working on Mist icons with a bigger, 256x256 canvas. With some assistance from Kalle Persson and Hylke Bons, I now I have something that is usable and will try to merge these into gnome-themes trunk next week if everything goes well."


[1] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00062.html
[3] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00198.html


=== More desktop theme proposals for Fedora 10 ===
=== Plans for an Improved Nodoka in F10 ===


Still in the Round 1 stage for creating a new desktop theme for the upcoming Fedora 10[1] two new proposals were added: Klaatu and Gort proposed[2] "LiberaProgramo"[3], "A futuristic / sci-fi theme. The idea here is, literally, computing 'with no strings attached'....or, translated into Esperanto: Libera Programaro" and Guilherme Razgriz proposed[4] "Simetrical Freedom"[5], which "concept is the perfection that simmetry can offer with the freedom power of the possibilities of forms and states that it can take and reborn inside the same thing".
[[MartinSourada]] revealed [1] his plan for an improved Nodoka GTK2 theme engine in Fedora 10:
"I am thinking about improving the nodoka gtk engine looks in the next release and adding some configuration options. Therefore I am asking here, if you have ideas, requests, ... what I might implement. Today I started sketching new nodoka gradient (used in e.g. buttons), which is basically an evolvement of the current one which will be available as a
configuration option."


[1] http://fedoraproject.org/wiki/Artwork/F10Themes
He asked for ideas and outlined the hard work needed, with the caveat of the job having a slight probability of not making Fedora 10:
"As you can see it's rather a lot of work, and thus there is a possibility it will not be in Fedora 10, though certainly I make it in time for Fedora 11 (I promise :-p)."


[2] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00078.html
[1] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00211.html
 
[3] http://fedoraproject.org/wiki/Artwork/F10Themes/liberaProgramaro
 
[4] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00128.html
 
[5] http://fedoraproject.org/wiki/Artwork/F10Themes/simmetricalfreedom
 
Guilherme's proposal was accompanied by an interesting tutorial[6] (written in Portuguese, but easy to understand by anyone thanks to its suggestive screenshots) illustrating the implementation in GIMP.
 
[6] http://razgrizbox.wordpress.com/2008/07/11/line-breakers/


{{Anchor|SecurityWeek}}
== Security Week ==
== Security Week ==


Line 609: Line 485:
Contributing Writer: [[JoshBressers]]
Contributing Writer: [[JoshBressers]]


=== DNS flaw ===
=== Security Circus ===
 
By far the most entertaining story from last week was Linus giving a few choice quotes[1].


A serious flaw in the way most DNS requests are made was announced[1] last weekIt is expected that the details of this issue will be known later this month when Dan Kaminsky presents at Black HatIn the meantime, if you run a DNS server, be sure to get an update from your vendor.
He does get some things right, but there's still the very real fact that security flaws let people do things they shouldn't be able to do.  This adds a certain amount of danger and does require more attention than some other flawsA nice comparison is automotive recallsIf there are two problems, one is a broken cup holder, the second makes the car explode, which do you think they'll do a recall for?


[1] http://www.kb.cert.org/vuls/id/800113
[1] http://news.cnet.com/Torvalds-attacks-IT-industry-security-circus/2100-1007_3-6243900.html


On a side note about this issue, newer Linux kernels have a feature where the source port of UDP requests is randomized.  That means that as long as the requesting application has random transaction IDs, it doesn't need additional logic to ensure random UDP source ports.
=== Principle of Least Privilege ===


=== Package Manager Flaw? ===
Steve Grubb has a nice interview up on SearchEnterpriseLinux.com[1].


A report came out[1] last week titled: Attacks on Package Managers.  The actual details of this are quite a bit less interesting than the reporter makes it sound.  It's basically the same problem as using an out dated mirror.
It offers some hints into some of the intresting things that have happened and can be expected in the SELinux space.


[1] http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html
[1] http://searchenterpriselinux.techtarget.com/news/article/0,289142,sid39_gci1321374,00.html


{{Anchor|SecurityAdvisories}}
== Security Advisories ==
== Security Advisories ==


Line 632: Line 511:


=== Fedora 9 Security Advisories ===
=== Fedora 9 Security Advisories ===
* WebKit-1.0.0-0.11.svn34655.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html
*epiphany-extensions-2.22.1-3.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00658.html
* seamonkey-1.1.10-1.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
*xulrunner-1.9.0.1-1.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00656.html
* sipp-3.1-2.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00318.html
*firefox-3.0.1-1.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00657.html
* bind-9.5.0-33.P1.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html
*epiphany-2.22.2-3.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00659.html
*yelp-2.22.1-4.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00660.html
*devhelp-0.19.1-3.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00661.html
*seamonkey-1.1.11-1.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00672.html
*python-formencode-1.0.1-1.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00607.html
*clamav-0.93.3-1.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00606.html
*phpMyAdmin-2.11.7.1-1.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00590.html
*php-pecl-apc-3.0.19-1.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00582.html
*newsx-1.6-9.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00565.html
*wireshark-1.0.2-1.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html
*drupal-6.3-1.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
*java-1.6.0-openjdk-1.6.0.0-0.16.b09.fc9  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00467.html


=== Fedora 8 Security Advisories ===
=== Fedora 8 Security Advisories ===
 
*kazehakase-0.5.4-2.fc8.3  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00689.html
*seamonkey-1.1.10-1.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
*Miro-1.2.3-3.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00687.html
*sipp-3.1-2.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00311.html
*liferea-1.4.15-3.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00686.html
*WebKit-1.0.0-0.10.svn34655.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html
*openvrml-0.17.6-6.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00688.html
*moodle-1.8.5-1.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html
*ruby-gnome2-0.17.0-0.3.rc1.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00685.html
*java-1.7.0-icedtea-1.7.0.0-0.20.b21.snapshot.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00453.html
*chmsee-1.0.0-3.31.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00684.html
*bind-9.5.0-28.P1.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html
*epiphany-2.20.3-6.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00682.html
*galeon-2.0.4-4.fc8.3  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00683.html
*gnome-web-photo-0.3-12.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00681.html
*blam-1.8.3-17.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00680.html
*gnome-python2-extras-2.19.1-16.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00677.html
*yelp-2.20.0-11.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00678.html
*firefox-2.0.0.16-1.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00679.html
*seamonkey-1.1.11-1.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00672.html
*gtkmozembedmm-1.4.2.cvs20060817-22.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00674.html
*devhelp-0.16.1-9.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00675.html
*epiphany-extensions-2.20.1-9.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00676.html
*cairo-dock-1.6.1.1-1.fc8.1 - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00673.html
*phpMyAdmin-2.11.7.1-1.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00652.html
*clamav-0.92.1-3.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html
*drupal-5.8-1.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
*php-pecl-apc-3.0.19-1.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00548.html
*newsx-1.6-8.fc8  - https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00485.html

Revision as of 12:15, 21 July 2008

Fedora Weekly News Issue 135

Welcome to Fedora Weekly News Issue 135 for the week ending July 19, 2008.

http://fedoraproject.org/wiki/FWN/Issue135

Fedora Weekly News keep you updated with the latest issues, events and activities in the fedora community.

If you are interested in contributing to Fedora Weekly News, please see our 'join' page. Being a Fedora Weekly News beat writer gives you a chance to work on one of our community's most important sources of news, and can be done in only about 1 hour per week of your time.

We are still looking for beat writers to cover the highlights of Fedora Marketing each week and to summarize the Fedora Events and Meetings that happened during each week.

http://fedoraproject.org/wiki/NewsProject/Join

Announcements

In this section, we cover announcements from the Fedora Project.

https://www.redhat.com/mailman/listinfo/fedora-announce-list

https://www.redhat.com/mailman/listinfo/fedora-devel-announce

Contributing Writer: Max Spevack

FESCo Elections open on July 15th

Brian Pepple announced[1]:

"Elections for the Fedora Engineering Steering Committee (FESCo) open at 0001 UTC on 15 July 2008 -- or about 1 hour from the time of this message. The voting system is available at: https://admin.fedoraproject.org/voting

The voting system uses the range voting method: http://en.wikipedia.org/wiki/Range_voting

Any Fedora Account System (FAS) account holder who has completed the CLA, and has an addition account (like ambassadors, art, cvs*, fedorabugs, l10n-commits, web, etc.) in the FAS is eligible to vote. Voting is open until Monday, July 21st, 2008 23:59 UTC. Election results will be announced shortly afterward."

[1] https://www.redhat.com/archives/fedora-announce-list/2008-July/msg00005.html

FUDCon Brno 2008

Max Spevack announced the details of FUDCon Brno 2008[1]:

"The next FUDCon will take place in Brno, Czech Republic, from September 5 - 7, 2008.

The main conference day and social event will be on Saturday (to attract the most people), with hackfest days on Friday and Sunday. FUDCon is always free to attend, no matter where in the world it is located. "

[1] https://www.redhat.com/archives/fedora-announce-list/2008-July/msg00006.html

Release Engineering Email Trac Queue Disabled

[[JesseKeating|Jesse Keating] announced[1]:

"Until further notice the email to trac gateway for rel-eng has been disabled. We've been unable to cope with the spam attacks and the subsequent mail loops that have been created, and thus we have disabled the gateway.

For the time being if you need release engineering to do something for you, please use the web UI to file a ticket."

[1] https://www.redhat.com/archives/fedora-devel-announce/2008-July/msg00004.html

Planet Fedora

In this section, we cover the highlights of Planet Fedora - an aggregation of blogs from Fedora contributors worldwide.

http://planet.fedoraproject.org

Contributing Writer: Max Spevack

Fedora at RoboCup

Tim Niemueller reported from China[1]:

"As you can see on the photo we have put Fedora stickers at prominent places on our robots (there is one at the back side as well). It fostered some interest. I was talking to a member of the executive committee for the RoboCup@Home league. He liked the idea of a LiveCD with robotics software on it. A few other guys were asking "what is that T-Shirt about?"... Quite cool, hope to spawn more interest in Fedora in the RoboCup community."

[1] http://www.niemueller.de/blog/show.php?id=226

FUDCon Brno

Sandro "red" Mathys posted on his blog[1]:

"The FUDCon Brno 2008 in Brno, CZ has been announced a while ago (previously as being located in Prague, though). But only just yesterday, some basic facts were confirmed, after a short planning meeting on last Tuesday.

So, the facts so far are:

  • It will take place from Friday, 2008-09-05 to Sunday, 2008-09-07. Saturday, 2008-09-06 being the most important day, since people will probably travel there/back on Friday/Sunday.
  • It will take place at some university in Brno, CZ and we’ll have a hotel near the university which we’re told will not be very expensive.

That’s not much yet, but I think the most important things are fixed: When to travel and where to travel."

[1] http://blog.sandro-mathys.ch/2008/07/17/fudcon-brno-2008-in-the-czech-republic/

Privacy policy update

Paul Frields discussed the need to update Fedora's privacy policy on his blog[1]:

"Thankfully, we have a proposal from Tom ’spot’ Callaway that will fix some of these gaps, and improve the transparency of our project. The new policy, and FAS, will continue to keep absolutely private your vital personal information, like address and phone number. And the FAS will provide “opt-out” capabilities for any project member who does not want to share their other data.

The fedora-advisory-board mailing list has a thread to discuss the policy. After a discussion period over the next several days, the intention is to submit it to the Board for a vote."

[1] http://marilyn.frields.org:8080/~paul/wordpress/?p=1063

Beat writers needed

Paul Frields put out the call for writers[1]:

"As we approach the Fedora 10 Alpha release, the Docs team finds our list of beat writers for the Release Notes is sadly outdated. We need to get it updated with people who are willing to write information on Fedora 10 changes."

[1] http://marilyn.frields.org:8080/~paul/wordpress/?p=1066

Workarounds

Chris Tyler posted[1]:

"Some workarounds and fixes for annoyances I've recently encountered in Fedora:

  • Fedora Planet display problems in Firefox 2 (F8) and 3 (F9)
  • Unable to boot from a CD using KVM"

[1] http://blog.chris.tylers.info/index.php?/archives/127-Workarounds.html

Python dictionary optimizations

Luke Macken wrote[1]:

"In my recent journey through the book Beautiful Code, I came across a chapter devoted to Python's dictionary implementation. I found the whole thing quite facinating, due to the sheer simplicity and power of the design. The author mentions various special-case optimizations that the Python developers cater for in the CPython dictionary implementation, which I think are valuable to share."

[1] http://lewk.org/blog/python-dictionary-optimizations.html

SELinux and Security in the 2.6.26 Kernel

James Morris discussed SELinux in the 2.6.26 kernel on his blog[1].

"What's new and exciting with SELinux and security in the new 2.6.26 kernel?"

[1] http://james-morris.livejournal.com/31714.html

Steampunk photography - a GIMP tutorial

Nicu Buculei posted on his blog[1]:

"Now I can proceed to writing a GIMP tutorial about turning a regular photo intro "steampunk photography" effectively photos that would fit my Gears theme proposal for Fedora 10. (note: those photos are intended as additional graphics, not as a default wallpaper, I am not a big fan of photographic wallpapers as default and I can see no way of adding some blue to it, to make it look like Fedora).

Those familiar with my graphic tutorials probably know that I use to address the beginners, showing some techniques as simple as possible (and only pre-built filters), followed by some pointers about advanced usage and also letting it open, with a lot of optional steps and alternative ways, so I will try to do the same this time."

[1] http://nicubunu.blogspot.com/2008/07/steampunk-photography-gimp-tutorial.html

Marketing

In this section, we cover the Fedora Marketing Project.

http://fedoraproject.org/wiki/Marketing

Contributing Writer: Pascal Calarco

Cirgon Will Ship a Fedora Linux HTPC - Encore Media Server

Paul Frields reposted [1] an article [2] detailing the planned August 2008 release of a new Fedora Linux-based $2000 home theatre personal computer (HTPC), Encore Media Server, from Cirgon [3].

[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00105.html

[2] http://www.ehomeupgrade.com/2008/07/14/cirgon-will-ship-a-fedora-linux-htpc-encore-media-server/

[3] http://www.cirgon.com/index.html

Open Source in Brazil's Supreme Court

Teseu [1] publicized that the Supreme Court in Brazil is starting to initially replace Microsoft Office for OpenOffice in the Supreme Court offices there [2]. This will hopefully expand to other software applications as well, he indicates.

[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00112.html

[2] http://teseu.wordpress.com/2008/07/16/o-primeiro-passo-para-um-mundo-maior/

Improved audio from Paul Frields' 2008 FudCon talk

Valent Turkovic reported [1] that he enhanced the audio on Paul Frields' FudCon 2008 talk [2] that is available on FedoraTV [3], and posted how he did it. Jeff Spaleta remarked that "[y]ou just validated what we are trying to do here by having everything openly licensed and publicly available." [4]

[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00115.html

[2] http://herlo.fedorapeople.org/files/fudconf10paulfrields.ogg

[3] https://miroguide.com/channels/6891

[4] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00120.html

#1 Supercomputer in the World Runs Fedora

Rahul Sundaram shared [1] his posting on OSNews [2] documenting that the $100 million IBM Roadrunner [3], the current fastest supercomputer in the world, runs Fedora Linux.

[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00122.html

[2] http://osnews.com/story/20054/_1_Supercomputer_in_the_World_Runs_Fedora

[3] http://www.top500.org/system/9485

July 17th Marketing Meeting: A new Fedora Brand Motto

Michael Beckwith posted [1] the log of the July 2008 Marketing meeting. One of the major topics of the meeting was the Fedora brand of "infinity / freedom / voice" vs. the motto of "friends / freedom / features / first", developed earlier this year. Paul Frields later posted [2] that these new "four foundations" need to come to the front and become the new motto for Fedora. He invites ideas to express the four foundations graphically, and is going to be moving the request into the Artwork project queue.

[1] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00141.html

[2] https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00142.html

Ambassadors

In this section, we cover Fedora Ambassadors Project.

http://fedoraproject.org/wiki/Ambassadors

Contributing Writer: JeffreyTadlock

FUDCon Brno

Max Spevack posted [1] a link to the FUDCon Brno 2008 wiki page. This FUDCon is being held September 5 - 7, 2008 in Brno, Czech Republic. Additional details and sign-ups are available [2].

[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00211.html

[2] https://fedoraproject.org/wiki/FUDCon/FUDConBrno2008

More FrOSCon 2008 Information

Robert Albrecht posted [1] to the ambassador mailing list asking ambassadors who are attending to update the wiki page [2], let him know about hotel arrangements and to remind people of the social event.

[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00223.html

[2] http://fedoraproject.org/wiki/FedoraEvents/FrOSCon/FrOSCon2008


Help Wanted - Dharan Workshop

Tushar Neupaney asked for help [1] for a workshop being held in Dharan. The date has not been determined, but if you are in the area and can help please check the post for additional details.

[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00214.html


FAD EMEA 2008 Request for Comments

Sandro Mathys posted [1] a request for feedback in regards to FAD EMEA 2008. The email contains additional information and there is a wiki page [2] for the event.


[1] https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00209.html

[2] https://fedoraproject.org/wiki/FAD/FADEMEA2008

Developments

In this section the people, personalities and debates on the @fedora-devel mailing list are summarized.

Contributing Writer: Oisin Feeley

Kerneloops for SELinux

The last furore[1] over SELinux contained a positive contribution from StewartAdam, who proposed[2] to improve the interaction between users and SELinux by means of a "kerneloops-like plugin [which] would allow for statistics on where denials occur most and that way the policy could be modified accordingly." DanWalsh commented[3] that JohnDennis had written the setroubleshoot tool[4] to include the ability to send messages to an upstream collector. Dan was worried that he would be chosen as "the upstream infrastructure to handle all the messages" but optimistic that "the XML data [could be] run through some tools to see if the AVC was fixed by a newer version of policy". RobinNorwood thought[5] this would be easily solved using TurboGears[6] and Stewart concurred[7].

[1] http://fedoraproject.org/wiki/FWN/Issue133#SELinux.Eats.Babies.2C.Confines.Wives.2C.Gives.Birth

[2] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01081.html

[3] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01085.html

[4] The setroubleshootd daemon listens for AVC denials and passes them through a series of plugins to analyze the audits and report what has been prevented. Suggestions are made on how to fix denials. On the client side sealert provides either a GUI or plain CLI interface which can connect to either the local machine or to a remote setroubleshootd. The daemon can be configured to send email alerts. Making changes to system policy can be done in a variety of ways. The aforementioned sealert often suggests a simple CLI sequence to run. The older CLI audit2allow and audit2why tools respectively generate fixes based on the audit logs and explain them. semanage allows changes to be made on the fly to SELinux policies and system-config-selinux also allows boolean selection among pre-written policy options and the easy changes of ports or filecontexts.

[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01087.html

[6] A web framework written in Python which is widely used in Fedora Project infrastructure.

[7] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01093.html

A substantial chunk of the rest of the discussion hovered around the topic of whether some button(s) should be added to make it easier for the user to ignore the problem. Similar ideas had been floated (see AlanCox's and JamesMorris's comments in FWN#133, ref 7&8 [8]) earlier and AhmedKamal made[9] a good summary of them. He suggested that an AVC denial would present two buttons: "AutoFix" would try to enact the recommended fix stored in the database; and an "Exempt" button which would allow the offending application to run unrestricted. The latter especially was intended to prevent users from just switching off SELinux entirely. ArthurPemberton and StewartAdam thought[10] that this was exactly the wrong approach, with Arthur being reminded of MS Vista users automatically clicking "allow" and Stewart commenting "The idea of this is to get users to report what's going wrong and get it fixed in the policy instead of exempt/disable which defeats the purpose and trains the user to hit "Exempt" without reading anything." Ahmed took the point and made the modification that the "Exempt" button would only work once-per-launch. He argued this would allow the user to get work done but still preserve the incentive to get the problem fixed. DaveAirlie appeared[11] somewhat upset at the idea, arguing that this was "NO NO NO ... DOING IT WRONG."! Taking a cue from the implicit messages of the iMac vs. Windows television advertisements and the successful model of kerneloops he insisted that users should "[never be involved] in the mess other than asking for opt-in [...] The user is not going to have a freaking clue wtf exempting means." Instead he suggested that pinging a remote server to ask for an updated policy would be superior.

[8] http://fedoraproject.org/wiki/FWN/Issue133#SELinux.Eats.Babies.2C.Confines.Wives.2C.Gives.Birth

[9] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01089.html

[10] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01092.html

[11] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01101.html

Replying specifically to the idea of an "Exempt" DanWalsh noted[12] that there were such policies (called "permissive domains") now available in Rawhide. He went on to restate the problem that "Teaching people to press a button to tell SELinux to disable protection [because of AVCs that don't really block anything will get them to disable it when a real attack comes along." Instead the SELinux developers are concentrating on eliminating many of the false AVCs and one of the recent changes towards this end is the addition of a new access permission "open". JamesMorris added[13] that he had written about this work, as implemented by EricParis, in his livejournal: "Until now, opening a file under SELinux invoked the same permission checks as the intended operation on the file, such as read, write, execute and append. There was no separate "open" check: opening a file for write, for example, was considered by SELinux policy as equivalent to actually writing to the file. Experience has shown that this approach is not ideal for handling cases such as IO redirection via the shell, because policy writers cannot usefully guess where users will send redirected output."

[12] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01091.html

[13] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01170.html

DanWalsh, in response to questions from ArthurPemberton, listed[14] the private information contained in an AVC denial as "Hostname, filename, potentially username, rpm information. What apps they are running."

[14] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01132.html

Dan was also concerned that any new upstream reporting only occurred when setroubleshoot had been unable to find a suggested fix in its database. He reported that many bugzilla entries filed against him appeared to indicate that users did not even attempt the actions indicated as potential fixes by setroubleshoot. ArjanvandeVen suggested[15] that setroubleshoot should just make those changes. DavidTimms wondered whether suggesting such "let this happen anyway" actions to users should be considered risky and not dissimilar to Ahmed's "Exempt" and "FixMe" buttons. He also listed several means by which he considered SELinux could be improved. DanWalsh replied[16] that many of these desired capabilities were already present in SELinux but appeared to ignore the behavioral similarities argued by David.

In response to further questions from ArthurPemberton it seemed[17] that the preferred mode for such a tool would be to suggest installation of any available updated policies either via PackageKit offering to install them or a "yum update".

[15] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01193.html

[16] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01138.html

[17] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01151.html

Process Wakeups and Energy Efficiency

UlrichDrepper posted[1] a systemtap script which revealed a list of applications which cause wakeups due to timeouts. He noted that "Programs should be woken based on events. They shouldn't poll data (which is what usually happens after a timeout)" and requested that package maintainers for the programs in the list try to help solve the issue. The Flash npviewer was clearly the worst offender. The creator of the PowerTOP program, ArjanvandeVen wondered[2] why this work could not have been done using PowerTOP.

[1] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00921.html

[2] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00931.html

MatthewGarrett thought[3] that polling was inevitable for many applications but that the Glib timer function g_timeout_add_seconds[4], which allows a function to be called at repeated intervals until it is automatically destroyed, could be used to do this at low frequency. It turned out[5] that this was exactly the approach which ArjanvandeVen had taken. HaraldHoyer thought that this was non-ideal as it did not sync globally and while Matthew agreed that kernel support would be needed DavidWoodhouse speculated[6] that tackling the problem per-thread instead of per-event might be possible.

[3] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00938.html

[4] http://library.gnome.org/devel/glib/stable/glib-The-Main-Event-Loop.html#g-timeoutadd-seconds

[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00962.html

[6] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00968.html

NilsPhilippsen added[7] that it should be possible to use IMAP IDLE to fix mail clients and servers that polled too frequently.

[7] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01032.html

RichardHughes quickly jumped[8] in to report a fix for his PackageKit problem but was less sanguine that GNOME Power Manager could be fixed quite so easily, although there was an expectation that Xorg would fix things by sending out a notification of changed DPMS state.

[8] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00948.html

DanielBerrange provided[9] some evidence that the apparent problem with libvirtd was actually due to DBus sending unrequested signals every six seconds. When DanWilliams took a look[10] at NetworkManager's contributions and explained some problems were due to the ipw2200 drivers waking up all WEXT listeners every four seconds and others were due to the presence of bogus rfkill switch events in HAL Daniel connected[11] the dots and said "Ahhh, so that's probably what's causing /usr/libexec/hal-ipw-killswitch-linux to be run every 6 seconds, which in turns causes any app connected to DBus system bus to be send a signal every 6 seconds and thus causes all the hits against libvirtd - and a fair number of other apps in that list too." DanWilliams responded that it was possible, but that it might be worth checking to see if D-Bus signal filtering was being done properly. The forthcoming 2.6.27 kernel was also said to contain the appropriate patches for rfkill which would help solve the problem.

[9] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00973.html

[10] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00976.html

[11] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00978.html

Problems with PulseAudio were guessed by LennartPoettering to be due to the aforementioned Flash player npviewer opening audio streams and never closing them which in turn caused PulseAudio to keep the device open. Again there was a promise of future improvement as Lennart mentioned that the version of PulseAudio in rawhide should not generate any wakeups when completely idle.

It would seem that Ulrich's initiative may yield some useful improvements.

Nodoka Notification Theme a Fedora 10 Feature

MartinSourada asked[1] for help determining whether his plan to provide a beautiful new notification theme for Fedora 10 counted as a "Feature" (see FWN#135 "New RPM Sparks Exploded Source Debate refs 10-20 for recent discussion of the Feature process.) The notification daemons are responsible for popping up small, dismissable windows informing the user that certain events have occurred[2][3].

[1] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00842.html

[2] http://freedesktop.org/wiki/Specifications/systemtray-spec

[3] http://developer.gnome.org/doc/guides/platform-overview/platformoverview.html#notification-area

Martin stated that the public test release had been available for three months and no issues had been reported. He explained how to obtain the new theme from Koji and how to make it available to the system. After encouragement from RahulSundaram that such a visible change should be considered a feature Martin created a feature[4] page in the wiki. Further feedback from Rahul resulted[5] in the addition of screenshots and a Test Plan section.

[4] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00901.html

[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00908.html

WillWoods wrote[6] a concise and informative overview of what was expected from Test Plans.

[6] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00912.html

Mono Beta

PaulJohnson announced[1] that a new beta of mono was about to hit the servers and would probably break a number of things. Also of note was the change of license to MIT for Mono-2.0.

[1] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01123.html

DavidNielsen was excited and wondered if this would be pushed into Fedora 8 and Fedora 9 once any obvious breakage had been fixed. BillNottingham did not think 2 that "breaking the entire ABI and licensing of mono in released distros is a *good* thing. Especially Fedora 8." David expressed the advantages of pushing out one big update with a completely revamped stack to which WillWoods replied[3] that it made more sense to wait for Fedora 10's release in three months' time. David returned[4] to the idea that "having the same Mono throughout our releases is easier to maintain [and] pushing newer versions of the stack will enable us to support applications more widely across the stack." He suggested shipping a Fedora 9 preview release and drew a parallel to the situation with KDE-4.1 and their QT libraries. KevinKoffler disputed[5] the parallel as "Qt-4.4 and KDE-4.1 aren't breaking binary compatibility[.]"

[2] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01156.html

[3] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01158.html

[4] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01160.html

[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01163.html

PaulJohnson explained[6] that until all the breakage had subsided only Rawhide would see the new beta "To me, rawhide is there for exactly this purpose - a testing ground to see how much is broken before pushing to stable." JeffSpaleta wondered[7] what the purpose of "updates-testing" was in that case.

[6] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01189.html

[7] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01195.html

Policy On Non-Responsive Maintainers

The issue of non-responsive maintainers was aired[1] when PatriceDumas suggested a new policy designed to force maintainers to answer "easy fix" bugs or orphan packages. While Patrice worried that it might look rude he emphasized that the intent was to spread co-maintainership and obtain quicker bugfixes. While most contributors acknowledged the intent behind this they saw myriad problems.

[1] https://www.redhat.com/archives/fedora-devel-list/2008-July/thread.html#00796

EricSandeen quickly raised[2] the problem of defining an "easy bug". AndrewBartlett thought[3] that this was potentially just "a stick to hit a stressed developer with - and surely developers under external stresses, who do not maintain Fedora packages as their day, job will be the ones most likely to have this stick waved at them. Their re-action may not be the one they or you want in the short and long term."

[2] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00745.html

[3] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00845.html

The issue of whether or not a fix had to, or could be, determined as correct was also seen[4] as a problem by BillNottingham and JesseKeating.

A very detailed and thoughtful response from MichaelSchwendt to MatejCepl outlined[5] the problem of increasing the volume of bureaucracy and email dealt with by maintainers. It's worth reading to understand the stresses mentioned by other posters including AdamJackson and NigelJones who described[6] typical volumes of email which they faced. Adam added that anyone was welcome to help him fix bugs. Michael suggested instead that there be "a policy for package maintainers to respond to specially marked tickets from fellow fedora contributors in a timely manner. And if that results in tickets which are still not answered, timeout periods can be applied and give contributors the opportunity to prepare a test update (and only a test update!)." JesseKeating liked[7] the idea and added that SIG meetings could help to triage bugs.

[4] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00894.html

[5] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00937.html

[6] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00856.html

[7] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00939.html

HansdeGoede thought[8] that it would be better to address the problem of how to allow others to help make easy fixes. He argued that it ought to be possible to use ACLs to allow "easy fixes" to be committed by anyone with CVS extras permissions if a developer has allowed it. Patrice replied[9] that the cases which he was concerned about were not owned by maintainers who would allow such changes.

[8] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00757.html

[9] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00764.html

Another voice against too much bureaucracy was that of RichardHughes who queried[10] "Surely the maintainer in question knows the package well enough to decide whether to merge patches? For instance, I might push a patch upstream and hold off applying it to fedora as it's trivial and will get updated at the next version bump of my package in a few weeks" to which KevinPage replied that there were examples where the timeframe was closer to numerous months. JeffSpaleta pushed[11] the idea of putting "packages under the purview of maintainer teams who are comfortable working with each other and care about the packages in question regardless of who the primary owner of a package is. SIGs are the obvious construct here[.]"

[10] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01004.html

[11] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01008.html

Refinement of the policy was carried out between RahulSundaram and ToshioKuratomi. Toshio wanted[12] to make it possible for a co-maintainer to be added in egregious cases to help ease the burden on the original maintainer.

[12] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00918.html

The emphasis on orphaning packages aggressively over a short time-period was questioned[13] by DanielBerrange. He suggested that adding co-maintainers would be a better strategy. RichardJones added[14] the disturbing spectre of "Wikipedia-style deletionism" occurring.

[13] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00946.html

[14] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg00982.html

Some balance was added by a post made[15] by KevinPage which conveyed the perspective of frustrated bugzilla posters who find their easy fixes ignored. Kevin explained his experience with trying to get his patches applied and wondered whether it was a consequence of the new emphasis on pushing bugfixes upstream. He finished with "One conclusion from this thread is that it's accepted that some maintainers don't follow bugzilla. Not condoned, but accepted as a reality. That's clearly incompatible with asking users to report their problems in bugzilla."

[15] https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01005.html

Artwork

In this section, we cover the Fedora Artwork Project.

http://fedoraproject.org/wiki/Artwork

Contributing Writer: NicuBuculei

The End of Round 1 for Fedora 10 Themes is Near

On the Fedora Art list, MairinDuffy proposed [1] the end for the first round of the theme named "battle" [2] for Fedora 10: "We've an overwhelming number of proposals for F10 now. Should we close new proposals for F10 so we don't have our focus spread across too many ideas? Also, we should probably go through the proposals missing the requirements and remind the proposers to fully fill them out or pull them."

And for Ian Weller's proposal [3], a deadline is set for July 21st, enough time for people to prepare their proposals.

[1] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00182.html

[2] http://fedoraproject.org/wiki/Artwork/F10Themes#List_of_Submissions

[3] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00183.html

Icons for applications and a web application

RobinNorwood introduced [1] an amazing web application [2] which allows users to search for, browse, comment on, and rate software applications available for Fedora and asks a series of questions about application icons: "So I've been looking at importing the icons for applications for the Fedora Applications web site [2]. We'd like to show an icon next to a given application, preferably the one the user would see in the menus after installing said app. This is, of course, complicated. I can currently look for icons inside each rpm in Fedora, specifically the rpm providing the application we're interested in, and the various *-icon-theme rpms."

And a little later he added [3] more details about how it will work, identifying the user's icon theme and using matching icons: "To do the actual package install, we'll be using a browser plugin (probably) which will probably send us some limited information - like what version of Fedora the user is running, for instance. It might be possible to include the current theme in this info."


[1] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00171.html

[2] https://fedorahosted.org/amber/

[3] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00198.html

Plans for an Improved Nodoka in F10

MartinSourada revealed [1] his plan for an improved Nodoka GTK2 theme engine in Fedora 10: "I am thinking about improving the nodoka gtk engine looks in the next release and adding some configuration options. Therefore I am asking here, if you have ideas, requests, ... what I might implement. Today I started sketching new nodoka gradient (used in e.g. buttons), which is basically an evolvement of the current one which will be available as a configuration option."

He asked for ideas and outlined the hard work needed, with the caveat of the job having a slight probability of not making Fedora 10: "As you can see it's rather a lot of work, and thus there is a possibility it will not be in Fedora 10, though certainly I make it in time for Fedora 11 (I promise :-p)."

[1] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00211.html

Security Week

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

Security Circus

By far the most entertaining story from last week was Linus giving a few choice quotes[1].

He does get some things right, but there's still the very real fact that security flaws let people do things they shouldn't be able to do. This adds a certain amount of danger and does require more attention than some other flaws. A nice comparison is automotive recalls. If there are two problems, one is a broken cup holder, the second makes the car explode, which do you think they'll do a recall for?

[1] http://news.cnet.com/Torvalds-attacks-IT-industry-security-circus/2100-1007_3-6243900.html

Principle of Least Privilege

Steve Grubb has a nice interview up on SearchEnterpriseLinux.com[1].

It offers some hints into some of the intresting things that have happened and can be expected in the SELinux space.

[1] http://searchenterpriselinux.techtarget.com/news/article/0,289142,sid39_gci1321374,00.html

Security Advisories

In this section, we cover Security Advisories from fedora-package-announce.

https://www.redhat.com/mailman/listinfo/fedora-package-announce

Contributing Writer: DavidNalley

Fedora 9 Security Advisories

Fedora 8 Security Advisories