- 1 Fedora Weekly News Issue 88
- 1.1 Announcements
- 1.2 Planet Fedora
- 1.3 Marketing
- 1.4 Developments
- 1.4.1 New Suspend Quirks Functionality of F7 Explained
- 1.4.2 XChat Package Maintenance: First Post-Merge Co-Maintenance?
- 1.4.3 PowerTOP Release Opens Up New Directions In Power Saving
- 1.4.4 Massive size increase in some packages
- 1.4.5 Rawhide Report 17 May 2007:Liberated Fonts, Corrupt Metadata
- 1.4.6 Making Beagle Optional
- 1.4.7 Legality of Fedora In Some Jurisdictions Contd.
- 1.4.8 Making Koji A Complete rpmfind Replacement
- 1.5 Maintainers
- 1.6 Documentation
- 1.7 Infrastructure
- 1.8 Artwork
- 1.9 Security Week
- 1.10 Security Advisories
- 1.11 Events and Meetings
- 1.12 Feedback
Fedora Weekly News Issue 88
Welcome to Fedora Weekly News Issue 88 for the week of May 13th through May 19th, 2007. The latest issue can always be found here and RSS Feed can be found here .
In this section, we cover announcements from various projects.
Deep Freeze coming for Fedora 7
JesseKeating announces in fedora-maintainers ,
"We're planning on entering "Deep Freeze" this Thursday. From that point on we'll only be accepting build tag requests for builds that are fixing release blockers. See Fedora Release Criteria for current release criteria."
Announcing fedora-cs-list for Czech and Slovak Fedora users
MarekMahut announces in fedora-ambassadors-list ,
"Let me introduce you our new mailing list  for Czech and Slovak Fedora users. If you are speaking one of those languages, feel free to join."
Fedora Rawhide Live Images (20070517)
JeremyKatz announces in fedora-test-list ,
"First set of post-merge rawhide live images. These are based off of yesterday's rawhide (packages tagged f7-final in koji).
You can get the torrent file from Fedora Project Torrent . Available images are i386, x86_64, i386 KDE and also an x86_64 KDE image. Note that the x86_64 images require DVD media, the i386 images will fit on 700 meg CD media. Please file any issues against product Fedora Core, version devel and against the relevant component or LiveCD if you're unsure."
In this section, we cover a highlight of Planet Fedora - an aggregation of blogs from world wide Fedora contributors.
Summary from the Red Hat Summit
ChristopherBlizzard points out in his blog ,
"We announced a pile of things at the Red Hat Summit . Lots of confusing articles have been written. Lots of press releases have been sent out filled with warnings about forward looking statements. Maybe you just want the run down on all the things that happened. This is your simple cheat sheet. Here’s the list:.."
F7 Firstboot and EULA
MaxSpevack points out in his blog ,
"In an attempt to have some transparency and no surprises, I've sent an email to Fedora Advisory Board that details some of the changes we've made to firstboot and the EULA in Fedora 7. My personal opinion is that the changes are good for Fedora, and also relatively innocuous."
'Play Ogg': FSF launches free audio format campaign
ThomasChung points out in his blog
"The Free Software Foundation (FSF) today launched Play
Ogg.org , a campaign to encourage use of the patent- and license-free standard Ogg Vorbis as an ethically, legally and technically superior audio alternative to the proprietary MP3 format."
In this section, we cover Fedora Marketing Project.
OLPC on CBS 60 Minutes
ThomasChung reports in fedora-marketing-list ,
"CBS 60 Minutes will air OLPC story on Sunday, May 20, 2007 (7PM ET/PT)"
"ONE LAPTOP PER CHILD – MIT Prof. Nicholas Negroponte's dream is to put a laptop computer into the hands of every child as an educational aid. Lesley Stahl reports on his progress in Cambodia and Brazil. Catherine Olian is the producer."
UPDATE: The video is now available from CBS News Video archive . You may need to install Real Player .
Here is the transcript for the entire show . You may need to click on 'Print' button from main page.
In this section, we cover the problems/solutions, people/personalities, and ups/downs of the endless discussions on Fedora Developments.
New Suspend Quirks Functionality of F7 Explained
A "heads up" was announced by RichardHughes with regard to the changes in power management and HAL for Fedora 7, which would probably affect suspension  . Richard summarised the implications as "Some machines that suspended in FC6 might not work in F7; Lots of machines that did not suspend in FC6 might work in F7".
These changes are as a result of trying to make suspend and resume Just Work by using a modular hal-info DMI whitelist which is being updated regularly.
Explaining this on a separate page  Richard noted that the ability to share specific rules for specific hardware allows one user to figure out the "quirks" and then share the appropriate rule with other users that have the exact same hardware.
This page explains how to see what quirks exist for your laptop, and how to help in creating an fdi file to share with other users.
JefSpaleta wanted to know  at what point this had all happened so that he could investigate the actual effect that it had on his machines. PeterJones was able to answer very specifically  that the code had entered the tree on March 13, but had some problems until April 25th (pm-utils-0.99.2-1, hal-0.5.9-0.git20070304).
In further testing Jef was isolated an unwanted interaction between NetworkManager and gnome-power-manager which RichardHughes and PeterJones agreed could be easily eliminated  .
ThorstenLeemhuis suggested  that Richard's webpage for gathering user data should also ask about the proprietary ATI driver "fglrx" and that it should solicit information as to whether the user selected a plain vga console or a framebuffer, both of which suggestions Richard willingly incorporated.
XChat Package Maintenance: First Post-Merge Co-Maintenance?
A discussion was initiated, by an apparently testy  KevinKofler, around the apparent radio-silence of XChat-maintainer ChristopherAillon to Kevin's bug reports, which asked for X-Chat to be kept in sync with upstream. Kevin was willing to become co-maintainer, but pointed out [1a] that a lot of good work had already been done by RemiCollet. Kevin wondered if the AWOL-maintainers policy [1b] would be applied post-merge.
A few things transpired from this: first, Chrisopher noted that the upstream Xch at developers are apparently unresponsive  to patches; second, that Xchat-gnome may have responsive upstream developers  .
Additionally WarrenTogami noted  that there are problems with XChat's ability to use multilinugal input methods such as SCIM or IM  .
A brief exchange over the respective merits of Xchat-gnome  versus Xchat  saw both groups of believers unshaken in their faith, although CallumLerwick revealed himself as an apostate heretic user of Irssi.
The upshot of all this was that RemiCollet expressed interest  in being a co-maintainer and wondered if this could be a paradigm for The Merge.
PowerTOP Release Opens Up New Directions In Power Saving
Reporting on his work on decreasing power wastage on laptops, ArjanvandeVen (ex-Red Hat, now Intel) suggested that we might want to try  his new tool that allows individual analysis of power consumption.
JoshBoyer was excited enough to want to package it  , but AdamJackson (ajax) had already done that.
After DominikMierzejewski (Rathann) and "Dragoran" reported a lack of functional ity on AMD64 and x86_64 (Intel Core 2 Duo) repectively, JesseBarnes pointed out  that x86_64 tickless support in the kernel is an essential pre-requisite and this is not yet available in the rawhide kernels, necessitating a manual patch by anyone interested.
DavidTimms wanted to know  if it would help in finding out what was causing disk-accesses. Arjan replied that this was a frequent request which he was going to attempt to accomodate in the next version, possibly using blktrace. BillNottingham cautioned  that blktrace was not currently shipped in Fedora.
ThorstenLeemhuis followed up  on DavidTimms' question with some general queries about how Fedora, and more specifically gnome-power-manager, handles spinning down inactive hard-drives. Thorsten remembered RichardHughes' 2005 attempts to get a patch into HAL to allow similar functionality to that which WinXP was alleged to have.
Richard answered  that Fedora does not currently spin down drives by default and that one had to balance a significantly increased spin-up power drain compared to that saved by spinning down.
Thorsten wondered [7a] whether or not the new Robson/TurboMemory and hybrid drives would change that equation.
JonathanUnderwood shifted the focus  to considering drive longevity, worrying that attempts to save power by spinning up-and-down would shorten drive life. Richard agreed, and AndyGreen provided some figures  which suggested that laptop drives (2.5") could be power spun 6 times per hour, whereas server (3.5") drives could only do 1 times per hour if one estimated a 5 year lifespan.
TomLondon posted some early observations  , in which PowerTOP revealed that if Firefox were displaying GMail there were about 60 wakeups-per-second, but that activating the "Gmail Talk" pushed the rate to 300 wakeups-per-second. NicolasMailhot responded that this was AJAX at work.
MartinSourada was puzzled  by what appeared to be an unnaturally low power usage of 1.2W reported by PowerTOP, compared to an expected 16W reported by the /proc subsystem. JonBurgess explained that what was being reported was "present rate" in milliamperes (e.g. current) and showed how to calculate the power in Watts from that. TillMaas thought  that some notebooks actually reported the present rate in mW instead of mA.
In a discussion of the packaging PatriceDumas suggested that the spec file be modified to preserve timestamps. AdamJackson wondered why  and ThorstenLeemhuis answered that it was necessary for multilib  and would make things easier for presto. MatthiasClasen agreed with DavidWoodhouse that including timestamps in file identity tests was not a good idea  . MichaelSchwendt and "nodata" thought that in contrast that it was nice to know when a file was several years old especially for documentation and scripts  . AdamJackson (ajax) said  that it wasn't a multilib package, but "sure why not".
Massive size increase in some packages
The eagle eyed OrionPoplawski maintains python-numarray, and in the course of rebuilding the package from its Fedora Extras 6 version to Fedora 7 spotted  that the size had increased by an order of magnitude. He also noted that a subsequent rebuild now, produced packages of a normal size. Further investigation revealed by Orion suggested that this was due to the shared libraries, and a comparison of FE6 to FE-devel turned up some other candidates which had increased in size by at least a factor of two.
The first possible culprit was guessed to be debug symbols by BillNottingham who asked  whether debug packages had been turned off for these builds, but Orion reported that he'd just done a straightforward rebuild.
Orion posted an objdump  which showed that although the shared-object files appeared to have been stripped, the large one was possibly including the whole of the libpython shared-object instead of linking it dynamically at runtime, which might explain the bloat. A diff of the two objdumps appeared to also show different glibc versions  .
One conclusion drawn from this  was that all non-arch python packages built within the timeframe of Dec 8th 2006 to Jan 6th 2007, (or prior to python-2.5.3-8) should be rebuilt. Another conclusion was drawn by AxelThimm, who revisited  the mass-rebuild debate (reported in FWN84  , ) and argued that this backed up his viewpoint that mass rebuilds were useful.
Rawhide Report 17 May 2007:Liberated Fonts, Corrupt Metadata
On Thursday 17th May 2007, the rawhide report  listed 5 new packages: gsm, kde-settings, liberation-fonts, mcpp and php-pear-HTML-QuickForm-ElementGrid. The Liberation-fonts package is a result of Red Hat contracting Ascender Corp. to develop replacements for proprietary Microsoft fonts, including but not limited to Times New Roman, Arial and Courier New.
MilesLane was first off the block to report  that "yum update" was not picking up an updated version of control-center, but that it could be seen to be present at its URL in the repository. The usual "yum clean all" had been tried first. RoddClarkson reported related problems  , which indicated to JeremyKatz  that the something was misaligned with the tree.
NicolasMailhot suspected  proxies as the problem, but NigelJones refuted this possibility with some data  . MattDomsch suggested that the frequently-updated content at mirrors.fedoraproject.org was a better argument to mirrorlist than fedora.redhat.com, but this still didn't help Miles.
The was identified by BillNottingham  as a partially synced tree (primary.xml.gz was the only thing missing) and BrendanConoboy added  that repomd.xml needed to be regenerated too.
Making Beagle Optional
In response to frequent bugs in Beagle (a desktop search tool) causing CPU and memory stress, AlexanderLarsson made it optional  in the default install. While regretting that this was a regression in terms of features he pointed out that Beagle was still available for those who wanted it. There was a mild amount of satisfaction expressed in response to the decision.
DavidNielsen thought  that Tracker was superior because Beagle consumed 100% CPU without tweaking. KevinKofler mentioned that Strigi would be part of KDE4, which will ship in Fedora 8, and worried about multiple desktop search daemons. David pointed out the Xesam Project  from Freedesktop which may mitigate this, and noted that there was a real need for desktop improvements using the technology which weren't simply replacements of the search dialog.
In response to Alexander's proposal JesseKeating reported  that the Release Team agreed with this late regression, with the caveat that Beagle must be in the manifest of the "Fedora" spin of F7 so that upgraders from FC6 to F7 will not suffer.
A few people were disappointed. DavidNielsen pointed out  that hard testing and stabilization would ensure that Beagle would return in F8, and AlexanderLarsson pointed to some specific bugs that those with an interest in running Beagle on Fedora could help  to fix. JefSpaleta expanded on the rationale behind why Beagle had to be removed due to failing QA, but could still be installed from a repository  .
RahulSundaram and DejiAkingunola  re-emphasized that Beagle was being removed from the default-install, not removed altogether, and that it is still in the official Fedora repositories for those who like it.
In response to a suggestion by MatejCepl that Beagle was not greatly admired due to being built on Mono  , Alexander hastened to clarify  that this was not the reason and that the problems on display were going to be faced by any indexer. In fact, Alexander thought that Mono might have advantages by being (as all managed runtimes are) harder to crash. DavidNielsen was largely in agreement with this and also pointed out that Beagle had excellent documenation  .
Legality of Fedora In Some Jurisdictions Contd.
Last week's discussion  of the need to be able to show a "Certificate of Authenticity" to the IP police in some countries, continued  with RalfCorsepius arguing forcefully that it was necessary to have a specific limitation on what language was acceptable for software packaged by Fedora.
JoshBoyer thought that Ralf should make a proposal about this to the Packaging Committee as he is a member, but Ralf thought  that responsibility was split between FESCo and GregDeKoenigsberg. Josh pointed out that no rule existed to say that Ralf shouldn't do this, and that he appeared to have a good understanding of the issue  , and that something along these lines would need to augment the packaging guidelines in the future anyway.
Rahul also agreed with Ralf that bugs should be filed against packages with non-English licenses  , but disagreed that non-English licenses were unreadable. Rahul sought further non-English examples from Ralf. One that had been previously discussed was "mecab", maintained by MamoruTasaka. Mamoru mentioned  that he had sent a translation of a Japanese license for another package to TomCallaway who had then queried the FSF and was awaiting a reply from them. Mamoru had unsuccesfully requested the developer to use the GPL and had previously followed the same process  of going through TomCallaway and the FSF.
AndrewHaley thought that license translation wasn't the FSF's job, but Rahul pointed out that they had done so whenever asked in the past  .
NicolasMailhot took exception  to the idea that English was more blessed than other languages and an exchange between Rahul and Nicolas followed which revolved around the US (hence English speaking) nature of Fedora (via Red Hat), the need to define what is an official translation, and the cost burden of producing these translations.
SimoSorce thought  that placing the onus on non-English speaking developers to provide English translations of their licenses to Fedora was burdensome. He also argued  that mere translation to English was not enough, but rephrasing to take account of the local legal context was essential. At this point the conversation appeared to return to a familiar place, where Rahul argued that non-US contributors would need to accept a US legal framework  , or else the Fedora Project would have to regretfully decline their code.
Making Koji A Complete rpmfind Replacement
During the blip with syncing rawhide, NicolasMailhot explored one of Koji's less appreciated abilities. Koji  is a package build system developed for the Fedora Project , but Nicolas pointed out that with a little work  it could also fill the functional role that rpmfind fills on the web, making it easier for users to find specific RPMs.
Agreeing with Nicolas that adding resolution of dependency links and display of rpm metadata, NigelJones added  that it would be nice to also see build-requires, so that packagers could contact other affected maintainers. In response MikeBonnet pointed to where this information appeared to be already provided by Koji  and asked for some more information. Nicolas advised looking at rpmfind.net to see what he meant.
An offer of help  was received from OliverFalk, who had explored similar ideas, and JoshBoyer noted that "patches [were] welcome"!
In this section, we cover Fedora Maintainers, the group of people who maintain the software packages in Fedora
Why Not Build For EPEL Too?
ThorstenLeemhuis sent out a start signal this week to let Fedora contributors know they can also help out with EPEL, or Extra Packages for Enterprise Linux. The invitation was made by Thorsten for Fedora packagers to build their packages for EPEL, which will allow RHEL and CentOS users (and other RHEL-based distributions) access to the vast array of packages found in the Fedora repository.
Fedora 7 Deep Freeze
This past Thursday, May 17, marked Fedora 7 entering a deep freeze . With this period now in effect, only build tag requests for builds that fix release blockers will be permitted until the May 31st launch of Fedora 7.
Help Wanted: Package Co-maintainers
JochenSchmitt has put out a request for co-maintainers on a variety of different packages from blender to luma. If you have some time to help out another Fedora contributor, check out his message for a list of packages needing another maintainer.
Improving Fedora Package Documentation
JonathanUnderwood has also put out a request, but this time it's for improving the Fedora packaging documentation . The packaging documentation is in need of rewriting and then making it known and easy to find, and Underwood is initiating a movement to fix this area in despair.
In this section, we cover the Fedora Documentation Project.
Fedora Documentation Steering Committee Meeting
The FDSCo meeting was rescheduled last week and took place on Tuesday 15th May . The meetings log was posted to the docs-list .
The idea of creating a Welcome Wizard was submitted to the docs-list . Following discussions it was decided that if such an addition were to be made to Fedora it would be best suited as its own piece of software, separate from the First Run Wizard .
Hardware Solutions Knowledge Base
A long desired addition to the Fedora Project is a community contributed database of hardware compatibility and solutions. It is thought that a knowledge base solution would be most appropriate but the best method for implementation remains undiscovered . Some people believe that integration with Smolt will be possible to an extent, helping to automate the creation of much of the content . Anybody interested in seeing this become a reality should post a message to the docs-list.
In this section, we cover the Fedora Infrastructure Project.
Fedora Mirror System
Thanks to MattDomsch for following news contribution .
Fedora is fortunate to have nearly 200 volunteer mirror sites globally which helps distribute CD and DVD images, OS installs and updated packages to nearly 3 million systems  . Managing the list of mirror sites and their content had been a tedious manual process. In late October 2006, the Fedora Infrastructure team recognized the need to automate managing the mirror list. In January 2007, MattDomsch started working on code in earnest with the goal of being in production by the Fedora 7 release. With help from the entire Infrastructure team, especially ToshioKuratomi, MikeMcGrath, SethVidal, and LukeMacken, that system is now in place.
Mirrormanager is licensed under the MIT/X11 license and is written
using the Turbo
Gears web application framework. It includes:
- a database of mirror sites, individual mirror hosts, content carried such as Core, Extras, EPEL, and soon the Fedora Releases. Mirrors may choose to carry whichever subsets of the whole tree they wish.
- an administration web app for mirror admins to manage detail about their own site.
- a web crawler that crawls each mirror site several times a day updating the database with what they carry
- the yum mirrorlist handler which tells yum the list of mirrors to try.
With this system in place, users should begin to see faster yum downloads, from a mirror in your country if possible. You can see the whole list of mirrors by country and content .
We're always looking for additional mirrors. If you would like to provide a public Fedora mirror, please see  .
Troubles with new system should be reported to
fedora-infrastructure-list redhat com or #fedora-admin on Free
Koji (buildsystem software) was upgraded this week to a new version and moved to heavier duty hardware. The upgrade went well, though the outage lasted longer than initially anticipated. MikeMcGrath has more here .
The proxy servers were upgraded this week to RHEL 5. All went well and no outages were reported.
In this section, we cover Fedora Artwork Project.
Ambassador Program Banner
After a posting to the art-list requesting a new banner for the Ambassador Program's websites , one was quickly forwarded and is now part of the Ambassador's websites.
The Ambassadors are still looking for some print banners , however, for LinuxTag Germany, and work is underway but new contributions are always welcome.
Shutdown and Logout Icons
A discussion was prompted about the usability of Fedora's current approach to logging out and shutting down, the functions respective icons and menu locations .
In this section, we highlight the security stories from the week in Fedora.
Last week a round of Samba flaws were fixed :
This update fixed three security flaws, all of which could allow a remote attacker to execute arbitrary code with the same permissions of the Samba server. Some of these flaws are especially dangerous as they allow an anonymous attacker on the network to compromise the Samba server. The anonymous part is what makes the flaws the most scary. If an attacker has to be authenticated against the Samba server, you have a known number of attackers. If anyone attached to the network is able to attack Samba, there can be a near infinite number of attackers depending on the network setup.
The lesson one should take away from this, is that proper network setup is important. Sane firewall rules can go a long way. If you only need one machine to talk to the Samba server, you should only allow that machine access, not the whole network. Spending some time thinking about your network needs can make a big difference when a security flaw is found.
In this section, we cover Security Advisories from fedora-package-announce.
Fedora Core 6 Security Advisories
- 2007-05-15 nfs-utils-1.0.10-10.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-510
- 2007-05-14 [SECURITY] freeradius-1.1.3-2.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-499
- 2007-05-14 [SECURITY] php-5.1.6-3.6.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-503
- 2007-05-14 [SECURITY] samba-3.0.24-5.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-507
- 2007-05-14 [SECURITY] squirrelmail-1.4.10a-1.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-505
- 2007-05-14 firefox-220.127.116.11-6.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-500
- 2007-05-14 foomatic-3.0.2-39.5.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-446
- 2007-05-14 logrotate-3.7.4-13.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-504
- 2007-05-14 openldap-2.3.30-2.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-467
- 2007-05-14 procps-3.2.7-10.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-495
- 2007-05-14 ypbind-1.19-7.fc6 - http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-502
Fedora Core 5 Security Advisories
- 2007-05-14 [SECURITY] samba-3.0.24-5.fc5 - http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-506
- 2007-05-14 openldap-2.3.30-2.fc5 - http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-468
- 2007-05-14 procps-3.2.7-2.fc5 - http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-494
- 2007-05-14 SDL-1.2.9-6 - http://fedoraproject.org/wiki/FSA/FC5/FEDORA-2007-498
Events and Meetings
In this section, we cover event reports and meeting summaries from various projects.
Fedora Release Engineering Meeting 2007-05-14
Fedora French Ambassadors Meeting 2007-05-13
Fedora Engineering Steering Committee 2007-05-10
This document is maintained by the Fedora News Team . Please feel free to contact us to give your feedback. If you'd like to contribute to a future issue of the Fedora Weekly News, please see the Join page to find out how to help.