From Fedora Project Wiki

< FWN

Fedora Weekly News Issue 113

Welcome to Fedora Weekly News Issue 113 for the week of December 10th. http://fedoraproject.org/wiki/FWN/Issue113

In Announcement, we have "Samba Security Updates For FC6", "GPG Keysigning at FUDCon"

In Planet Fedora, we have "Talks with Mark: RHM Video", "F8 on the PS3", "Back from India: FOSS.in", "A good flip-flop: FUDCon Raleigh 2008", "Re-spinning Fedora" and "Succession Planning"

FWN will take two weeks off for Christmas and New Years Holidays. The next issue will resume on January 7th 2008.

On behalf of Fedora News Team, Happy Holidays!

To join or give us your feedback, please visit http://fedoraproject.org/wiki/NewsProject/Join.


Announcements

In this section, we cover announcements from Fedora Project.

https://www.redhat.com/mailman/listinfo/fedora-announce-list

Contributing Writer: ThomasChung

Samba Security Updates for FC6

SimoSorce announces in fedora-announce-list[1]

"Fedora 7 and 8 packages are being released but as you may know FC6 has reached EOL just recently.

As I think this is an important security problem I decided to release new packages for FC6[2] so that people that have not yet finished their migration to newer supported Fedora releases can buy some more time.

This is a one off service I felt compelled to release to help people, I am not going to do regular releases for FC6."

[1] https://www.redhat.com/archives/fedora-announce-list/2007-December/msg00003.html

[2] http://simo.fedorapeople.org/samba/

GPG Keysigning at FUDCon

MattDomsch announces in fedora-devel-list[1] ,

"I'm volunteering to run a GPG keysigning party at the FUDCon[2] in Raleigh in January. Keysignings are good ways to get to meet people face-to-face (with a government-issued photo ID to boot!), and serves to extend the GPG Web of Trust."

[1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00720.html

[2] http://barcamp.org/FUDConRaleigh2008

Planet Fedora

In this section, we cover a highlight of Planet Fedora - an aggregation of blogs from world wide Fedora contributors.

http://fedoraproject.org/wiki/Planet

Contributing Writers: ThomasChung

Talks with Mark: RHM Video

MarkCox points out in his blog[1] ,

"Late last month I spent a day with the Red Hat Magazine team talking about vulnerability response. The first video is now available and talks about the role of Red Hat in dealing with vulnerabilities in third party software. The video was shot in my home office which explains the calming green paint; it's hard to get too stressed in a pale green room."

[1] http://www.awe.com/mark/blog/200712162208.html

F8 on the PS3

JoshBoyer points out in his blog[1] ,

"There was a last minute regression on the PS3 for the F8 installer that causes a traceback in anaconda when looking for the video driver. This is worked around by specifying "xdriver=fbdev" on the command line. After that, it booted the F8 DVD just fine, and is currently installing in text mode on my standard definition TV."

[1] http://jwboyer.livejournal.com/18688.html

Back from India: FOSS.in

LennartPoettering points out in his blog[1] ,

"FOSS.in was one the best conferences I have ever been to, and a lot of fun. The organization was flawless and I can only heartily recommend everyone to send in a presentation proposal for next year's iteration. I certainly hope the commitee is going to accept my proposals next year again. Especially the food was gorgeous."

[1] http://0pointer.de/blog/photos/india.html

A good flip-flop: FUDCon Raleigh 2008

PaulFrields points out in his blog[1] ,

"MaxSpevack posted to fedora-devel-announce that we might swap days on the FUDCon schedule, splitting the hackfest days — Friday and Sunday — with the BarCamp day on Saturday. This potentially could turn out to be a great routine arrangement for FUDCon. since now the Saturday sessions can benefit from being informed by a prior day of hacking. FUDCon sessions now can be just as much about showing off work completed the day before, like a progress report for a code sprint, or the results of brainstorming and prototyping sessions."

[1] http://marilyn.frields.org:8080/~paul/wordpress/?p=882

Re-spinning Fedora

JeroenVanMeeuwen points out in his blog[1] ,

"Here's a brief overview of what it takes to seriously Re-Spin Fedora. Fedora Unity has done so for a long time now, and not just for home use, but to distribute amongst a larger audience. The reasons we started and continue to do so are obvious, amongst others:"

"The number of updates available to any freshly installed system (from officially released media) increases over time and rises up to 2 GiB. We believe there is no reason why anyone shouldn't be able to have these updates on the installation media already, thus decreasing the amount of updates available immediately after installation. This is a matter of convenience, as well as bandwidth and data traffic; bandwidth and/or data traffic in some locations in the world isn't as cheap as you might think, and some of us do not even have internet -those usually get a Re-Spin via the FreeMedia program or get it from a friend."

[1] http://kanarip.blogspot.com/2007/12/re-spinning-fedora.html

Succession Planning

MaxSpevack points out in his blog[1] ,

"After two years and four releases of Fedora, I would like to be able to do some other things related to Fedora and/or Red Hat while allowing someone else to assume the "Fedora Project Leader" responsibilities."

[1] http://spevack.livejournal.com/39464.html

Marketing

In this section, we cover Fedora Marketing Project.

http://fedoraproject.org/wiki/Marketing

Contributing Writer: ThomasChung

lwn.net: The search for a new Fedora leader

RahulSundaram reports in fedora-marketing-list[1] ,

"MaxSpevack, who has led the Fedora project through a period of great change and improvement, has announced that the time has come to move on to other (Fedora-related) challenges. So the project is looking for a new leader. "The Fedora Project Leader is a full-time Red Hat position, and so we need to go through a full interview process, etc. None of this is being done ad-hoc or randomly. The Fedora Board is part of the process, as is Red Hat's CTO and other managers within the engineering organization and human resources."

[1] https://www.redhat.com/archives/fedora-marketing-list/2007-December/msg00045.html

oreillynet.com: Fedora Core 6 No More

ThomasChung reports in fedora-marketing-list1[1] ,

"As of this last Friday, December 7th Fedora Core 6 is no more. With it goes the last release the Fedora Project had seen the split between "Community" (Extras) and Red Hat sponsored (Core). Those not intimately involved in Fedora might be interested to learn that when the merge happened it was the core packages that ended up having to follow the former "Extras" packaging guidelines and not the other way around. Yet another testament to the power of community."

[1] https://www.redhat.com/archives/fedora-marketing-list/2007-December/msg00037.html

Developments

In this section, we cover the problems/solutions, people/personalities, and ups/downs of the endless discussions on Fedora Developments.

http://www.redhat.com/mailman/listinfo/fedora-devel-list

Contributing Writer: OisinFeeley

How Should PulseAudio Work?

PekkaSavola sought[1] details about how PulseAudio worked after sound stopped working on his Fedora 8 system following a re-installation. PulseAudio had worked prior to this reinstallation and Pekka wondered whether it was a daemon which needed to restarted. KellyMiller confirmed[2] that it was a daemon which is started in the background by the desktop.

[1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00755.html

[2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00757.html

A detailed explanation[3] by WillWoods outlined how access to the sound devices is managed by the desktop environment using HAL, ConsoleKit and PulseAudio. Will suggested that an upgraded system might need to use sudo yum groupupdate sound-and-video gnome-desktop kde-desktop with either of "gnome-desktop" or "kde-desktop" being omittable if desired.

[3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00758.html

Some concern was expressed[4] about the latency that results from redirecting ALSA-using applications through PulseAudio, which in turn then communicates with alsad, which in turn communicates with the hardware. DenisLeroy had noticed the lag in some games. CallumLerwick recalled that this was because these applications were built using SDL and OpenAL (common libraries in game programming) and they were unable to work with PulseAudio directly, so SDL had been hacked to use ESD which in turn talked to PulseAudio. WillWoods confirmed[5] this and noted that last April a preliminary driver had been written to allow SDL to communicate with PulseAudio without any ESD intermediary. Fedora 9 was mentioned as a possible deadline for this native support of PulseAudio by SDL.

[4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00765.html

[5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00776.html

CallumLerwick rebuilt[6] a version of SDL with the PulseAudio patch and reported[7] that Second Life and OpenArean worked well, but that Quake3 displayed some stuttering due to its sampling rate. LeszekMatok suggested[8] a possible fix for the latter by choosing 44.1KHz sampling rate. There also appeared to be an OpenAL dependency on SDL-devel which needed to be fixed.

[6] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00780.html

[7] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00788.html

[8] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00790.html

NicolasMailhot had to report[9] serious problems playing video streams. These seemed directly attributable to PulseAudio. See FWN#101 "PulseAudio Enabled By Default"[10] and FWN#110 "PulseAudio CPU Usage"[11] for previous coverage of PulseAudio.

[9] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00793.html

[10] http://fedoraproject.org/wiki/FWN/Issue101#head-0d315a00a73ee5ed98c6be6aea97d76e8b515d24

[11] http://fedoraproject.org/wiki/FWN/Issue110#head-e00db32c1de9fc07afffbdefa8977262ac9d33c4

PekkaSavola responded[12] to WillWoods that it appeared that the problem was that he was using XFCE which was not starting either PulseAudio, or the ESD compatibility wrapper. Will encouraged[13] Pekka to use one of the startup scripts and deprecated the idea of packaging up scripts to do this instead of fixing ALSA's configuration files to only use PulseAudio as the default when PulseAudio has been confirmed to be actually running.

[12] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00764.html

[13] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00767.html


Two RFCs For Smolt

A request from YaakovNemoy presented[1] for community consideration a Privacy Policy in Smolt (the opt-in hardware profiler) and the integration of kerneloops with Smolt.

[1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00739.html

After it was clarified that smolt was the client program and smoon was the server which gathered the data StephenSmoogen suggested[2] that an improved plugin system would help to allow users choose the amount of data which they wished to share. A basic minimum would be collected and could be augmented with plugins to collect additional information. Discussion moved[3] on to whether a simple set of booleans configurable on both the smoon server and the smolt client was preferable to this plugin architecture.

[2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00783.html

[3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00812.html

CallumLerwick expressed[4] a wish for more detailed CPU information and ChristopherBrown wished[5] that anaconda would not prompt multiple times to query whether people really wanted to enable Smolt. In response to the latter point Yaakov commented that he had not received many complaints and would like to wait before disabling the confirmation screen.

[4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00742.html

[5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00748.html

[6] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00787.html

EricSandeen requested filesystem information and Yaakov agreed[7] that this was a desirable piece of information.

[7] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00787.html

KDE4: Removable Media Mounting Refused Under GDM

A problem with mounting a USB drive while using the new KDE4 was posted[1] by LexHider. Lex had reported the problem to @kde-core-devel and been informed that the problem lay on Fedora's end.

[1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00727.html

KevinKofler described[2] some possible interactions between PolicyKit, ConsoleKit and HAL to help interpret the slightly sparse error messages. It was unclear as to whether the two error messages reported by Lex were the same, but Kevin suggested that ck-list-sessions would help to debug the problem. It turned out[3] that Lex was actually using GDM instead of KDM (see also FWN#108 "KDE Flamewar Warms Up Night Of Final Freeze"[4] ) and that using KDM obviated the problem.

[2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00729.html

[3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00733.html

[4] http://fedoraproject.org/wiki/FWN/Issue108#head-ed1d4f0d923619912c7df2f7a5d4043ce98aa981

A note from RexDieter drew attention[5] to the work the KDE SIG have been doing upstream to integrate KDM with ConsoleKit.

[5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00747.html

Color Management With Argyll

A happy collaboration between NicolasMailhot and FrédéricCrozat (of Mandriva) was reported[1] by Nicolas. Apparently the Argyll monitor color calibration system is coded idiosyncratically and Nicolas had done a lot of work re-working it to use standard build tools. Unfortunately he ran out of steam. Fortunately he published his work on his "fedorapeople" blog and Frédéric picked up where Nicolas had left off. Nicolas had been inspired to build on Frédéric's work and add some more features. He requested friendly reviews especially with regard to PAM, Hal and udev functionality.

[1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00706.html

DanielBerrange mentioned[2] that he too had found it hard to package Argyll and promised to look over the packages. NicolasChauvet (kwizart) was also interested[3] as he had previously submitted the xcalib and oyranos packages. Nicolas noted that both of these depended on argyll for ICC[5] profile creation and hoped that reviewer attention would fall on NicolasChauvet's packages once argyll was sorted out.

[2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00707.html

[3] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00722.html

[4] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00723.html

[5] International Color Consortium. See http://en.wikipedia.org/wiki/Color_management

Multilib Fun With Group* Commands

The recurring problem of i386 packages being installed on x86_64 systems got an airing when ChristopherWickert wondered[1] why an attempt to yum groupinstall XFCE pulled in i386 versions of Thunar (an XFCE file manager) and xprintf and consequently a sizable number of other i386 packages in order to satisfy dependencies.

[1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00676.html

DavidWoodhouse replied[2] that this was because of bug 235756[3] which was planned to be fixed in Fedora 9, see FWN#103 "YUM To Get Configurable Multilib Behavior In Fedora 9 ?"[4] .

[2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00700.html

[3] https://bugzilla.redhat.com/show_bug.cgi?id=235756

[4] http://fedoraproject.org/wiki/FWN/Issue103#head-68881a9792d1712cc947c99407845a771d1c1422

DominikMierzejewski (rathann) asked[5] if yum install yum-basearchonly solved the problem, but Christopher demonstrated[6] that he had no XFCE i386 packages installed and yet the former command attempted to install i386 packages. He summed up the situation as "the whole group process seems really broken." SethVidal asked[7] for a full list of all installed i386 packages and commented that "groupcommands increase the weirdness since they offer no arch specification at all"

[5] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00710.html

[6] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00734.html

[7] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00735.html

Policies For Creating SIGs

In the pursuit of creating an Erlang SIG PeterLemenkov asked[1] what needed to be done to form a SIG. HansdeGoede replied[2] that it was not necessary to pass any formal procedure other than a simple declaration that the SIG existed. He cautioned that enforcing packaging guidelines was a completely different matter however.

[1] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00601.html

[2] https://www.redhat.com/archives/fedora-devel-list/2007-December/msg00603.html

Erratum

In FWN#112 "Heads Up: OpenSSL, OpenLDAP Changed In Rawhide"[1] , we indavertently attributed to JesseKeating a suggestion from AlexLancaster that OpenSSL and OpenLDAP packages should be built in a systematic way, starting with Core packages. This has been corrected in the archived version.

[1] http://fedoraproject.org/wiki/FWN/Issue112#head-acc8e6ca4162e9ff6e9c81d98fdda48c250eabd4

Advisory Board

In this section, we cover discussion in Fedora Advisory Board.

https://www.redhat.com/mailman/listinfo/fedora-advisory-board

Contributing Writer: MichaelLarabel

Fedora Project Leader Succession Planning

This past week on the fedora-advisory-board, MaxSpevack, the Fedora Project Leader since early 2006, announced that they've begun planning for someone else to take the reigns of Fedora. Max is very much still interested in doing work for Red Hat and Fedora, but is looking for someone else to take the role as the Fedora Project Leader. If you're interested in finding out more about the succession planning, check out his e-mail announcement[1] .

[1] https://www.redhat.com/archives/fedora-advisory-board/2007-December/msg00010.html

Documentation

In this section, we cover the Fedora Documentation Project.

http://fedoraproject.org/wiki/DocsProject

Contributing Writer: JohnBabich

FDSCo Election In Progress

The election for the Fedora Documentation Steering Committee (FDSCo) is now under way.

The election runs from 14 December until 23:59 UTC on 24 December 2007.

The self-selected nominees for the election are listed at http://fedoraproject.org/wiki/DocsProject/SteeringCommittee/Nominations.

The rules governing the election are at http://fedoraproject.org/wiki/DocsProject/Policy/FDSCoElections.

Here is a short summary of the voting rules:

  • Voting is open to all contributors in the Documentation Project who have joined the 'cvsdocs' group in the Fedora Account System.
  • Contributors have up to three votes they can cast for the slate of nominees, with one vote per nominee.
  • The four top vote receivers serve on FDSCo for 12 months, the next three vote receivers serve for 6 months.
  • Following this initial election, regular elections are every six months. Half of the seats are up for voting each election, first three seats, then four seats, and so on.
  • We are using the Fedora standard voting software.

If you have not done this, there is still time to get your account so you can vote:

1. Go to the account edit page at https://admin.fedora.redhat.com/accounts/userbox.cgi. 1. Under Add new membership at the bottom of the page, put yourself in the cvsdocs group

The actual voting takes place at https://admin.fedoraproject.org/voting.

Security Week

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

Squirrelmail Compromise

It seems that some of the squirrelmail 1.4.11 and 1.4.12 releases have been compromised. The problem only exists in their releases, not in CVS, which is good. This is still a rather scary scenario though.

http://marc.info/?l=squirrelmail-announce&m=119757931707501&w=2

We looked through the version being shipped in Fedora and didn't find the backdoor, but we will still upgrade to version 1.4.13 for peace of mind and to reduce confusion.


Linux Virus Scanner

And what better to end 2007 with than a story about virus scanners on Linux:

http://www.informationweek.com/blog/main/archives/2007/12/would_we_need_a.html


The Top 5 Most Overlooked Open Source Vulnerabilities for 2007

This story is most interesting, but a little confusing if you don't understand what Palamida does.

http://www.palamida.com/node/513

Palamida specializes in inspecting source repositories and finding embedded source. A good example of this is projects that like to include source copies of zlib, rather than linking against a system version. It's no secret that there are significant benefits to using system libraries rather than including your own. Any project that includes a copy of an upstream library, needs to track the security flaws that affect that source. Most do not do this, which ends up leaving their users vulnerable.

Advisories and Updates

In this section, we cover Security Advisories and Package Updates from fedora-package-announce.

https://www.redhat.com/mailman/listinfo/fedora-package-announce

Contributing Writer: ThomasChung

Fedora 8 Security Advisories

Fedora 7 Security Advisories

Events and Meetings

In this section, we cover event reports and meeting summaries from various Projects and SIGs.

Contributing Writer: ThomasChung

Fedora Board Meeting Minutes 2007-12-04

Fedora Ambassadors EMEA Meeting 2007-12-12

Fedora Documentation Steering Committee 2007-MM-DD

  • No Report

Fedora Engineering Steering Committee Meeting 2007-MM-DD

  • No Report

Fedora Infrastructure Meeting 2007-12-13

Fedora Localization Meeting 2007-MM-DD

  • No Report

Fedora Marketing Meeting 2007-MM-DD

  • No Report

Fedora Packaging Committee Meeting 2007-MM-DD

  • No Report

Fedora Quality Assurance Meeting 2007-MM-DD

  • No Report

Fedora Release Engineering Meeting 2007-12-10

Fedora SIG EPEL Meeting Week 2007 Week 50

Fedora SIG KDE Meeting Week 2007-12-11

Fedora SIG Store Meeting 2007-MM-DD

  • No Report
Retrieved from "https://fedoraproject.org/w/index.php?title=FWN/Issue113&oldid=96845"