Fedora Weekly News Issue 97

Thomas Chung tchung at fedoraproject.org
Mon Jul 23 07:17:41 UTC 2007


= Fedora Weekly News Issue 97 =

Welcome to Fedora Weekly News Issue 97 for the week of July 15th
through July 21st 2007.

The latest issue can always be found here[2] and RSS Feed can be found here[3].

To join or give us a feedback, please visit our project join page[4].

[1] http://fedoraproject.org/wiki/FWN/Issue97

[2] http://fedoraproject.org/wiki/FWN/LatestIssue

[3] http://fedoranews.org/cms/FWN/feed

[4] http://fedoraproject.org/wiki/NewsProject/Join

   1. Announcements
         1. fedorapeople.org is now available
         2. Smolt, Open Invitation
   2. Planet Fedora
         1. Ohio Linux Fest Keynote Address
         2. GNOME Cookbook
         3. Repoview-0.6.0
         4. Mascots and Fedora. Do we need one? Do we want one?
   3. Marketing
         1. Volunteers needed for GITEX (8-12 September)
         2. New in Fedora: Jack Aboutboul
         3. Proposed Fedora 8 Features
         4. Smolt to be a Linux Thing
   4. Developments
         1. Plans for tickless kernel for x86_64 architecture in Fedora 8
         2. 'Allo 'Allo Wot's This 'Ere License?
         3. Yum Integration For Applications
         4. Java Based Web Interface To Fedora Repositories?
         5. Sysklogd Replaced With Rsyslogd in Fedora 8
         6. Presto-digitation
         7. Seahorse: Reducing The Number Of Passphrase And Password Challenges
         8. Nodoka Theme: Clean, Easy On The Eyes, Featured in Fedora 8
         9. RUM RHUM RHUME REDRUM OPIUM OPYUM: Offline Fedora Package Manager
        10. Another GNOME Conspiracy Unmasked: ShowOnlyIn
   5. Infrastructure
         1. Fedorapeople.org is up
   6. Security Week
         1. Computer Viruses are 25 Years old
         2. Serious Security Issues in Samsung Linux Drivers
         3. Firefox 2.0.0.5 Released
   7. Daily Package
         1. Krecipes - Recipe manager
         2. Pulseaudio - Next-generation audio server
         3. Crontab
         4. Hwbrowser - Display hardware info
         5. Ri-li - Run a wooden train
   8. Advisories and Updates
         1. Fedora 7 Security Advisories
         2. Fedora Core 6 Security Advisories
   9. Events and Meetings
         1. Fedora Board Meeting Minutes 2007-07-17
         2. Fedora Ambassadors Meeting 2007-07-19
         3. Fedora Documentation Steering Committee 2007-07-17
         4. Fedora Engineering Steering Committee Meeting 2007-07-19
         5. Fedora Extra Packages for Enterprise Linux Meeting 2007-07-18
         6. Fedora Infrastructure Meeting (Log) 2007-07-19
         7. Fedora Packaging Committee Meeting 2007-07-17
         8. Fedora Release Engineering Meeting 2007-07-16
         9. Fedora Translation Project Meeting 2007-07-17
  10. Extras Extras
         1. LiveCD for Red Hat High

== Announcements ==

In this section, we cover announcements from various projects.

Contributing Writer: ThomasChung

=== fedorapeople.org is now available ===

SethVidal announces in fedora-announce-list[1],

"What is fedorapeople.org[2]?:

It is a site where fedora contributors can upload files for sharing
out with the world. It is perfect for uploading specfiles, srpms,
patches, etc, etc. Each fedora contributor has 150M of quota-controlled
space. Users can upload using scp, sftp or rsync. Once uploaded into the
users public_html directory the files are available via http at:
http://your_username.fedorapeople.org/. To connect to fedorapeople.org
just use the ssh key you uploaded to your fedora account and then you
can login via ssh to: fedorapeople.org"

[1] https://www.redhat.com/archives/fedora-announce-list/2007-July/msg00009.html

[2] http://fedorapeople.org/

=== Smolt, Open Invitation ===

MikeMcGrath announces in fedora-announce-list[1],

"Smolt[1] will reach 75,000 profiles in the next 24 hours and with
that news I'm excited to announce functional clients that work in
SuSE, Debian, and Ubuntu. With the help of the Linux community at
large we could start to better understand what is out there. Look to
changes in the near future like a ratings system, better reporting
tools and other such improvements."

[1] https://www.redhat.com/archives/fedora-announce-list/2007-July/msg00007.html

[2] http://smolt.fedoraproject.org/

== Planet Fedora ==

In this section, we cover a highlight of Planet Fedora - an
aggregation of blogs from world wide Fedora contributors.

http://fedoraproject.org/wiki/Planet

Contributing Writers: ThomasChung

=== Ohio Linux Fest Keynote Address ===

MaxSpevack points out in his blog[1],

"I've just purchased a plane ticket to Ohio Linux Fest[2], which is on
Saturday September 29th. Joe Brockmeier is one of the primary
organizers, and he asked me today if I would be willing to give one of
the two keynote addresses. On behalf of all of Fedora, I am both
flattered and excited to be given this opportunity."

[1] http://spevack.livejournal.com/23470.html

[2] http://www.ohiolinux.org/

=== GNOME Cookbook ===

JohnPalmieri points out in his blog[1],

"A little birdy reminded me that GNOME's 10 year anniversary is coming
up and I thought it would be nice to do something a little bit unusual
to commemorate the creativity and passion which exemplifies our
members.   Since I have been talking about cooking classes and so many
people in the GNOME community have also expressed their love for the
culinary arts I thought it would be nice to publish a Creative Commons
Attribution-ShareAlike 3.0[2] licensed cook book full of recipes from
members of the GNOME community."

[1] http://www.j5live.com/?p=392

[2] http://creativecommons.org/licenses/by-sa/3.0/

=== Repoview-0.6.0 ===

KonstantinRyabitsev points out in his blog[1],

"Repoview[2] version 0.6.0 is available and should make life much
easier -- this version introduces state tracking, so now repoview is
aware of changes between runs. This means that it only generates and
writes the files that have actually changed, which makes it extremely
fast for small changes and also makes it rsync-friendly."

[1] http://mricon.livejournal.com/379633.html

[2] http://mricon.com/trac/wiki/Repoview

=== Mascots and Fedora. Do we need one? Do we want one? ===

NicuBuculei points out in his blog[1],

"Back in the release cycle for Fedora 7 we had an initiative: create
an open process where anyone can play and see if we can come with a
Mascot for Fedora[2]. It generated a lot of long talks on mailing
lists with strong supporters and opponents of the idea but also a
number of contributions (about which I planned to blog but never came
to it until now, shame on me!)."

[1] http://nicubunu.blogspot.com/2007/07/mascots-and-fedora-do-we-need-one-do-we.html

[2] http://fedoraproject.org/wiki/Artwork/Mascot

== Marketing ==

In this section, we cover Fedora Marketing Project.

http://fedoraproject.org/wiki/Marketing

Contributing Writer: ThomasChung

=== Volunteers needed for GITEX (8-12 September) ===

JohnBabich reports in fedora-marketing-list[1],

"I am doing my best to get a Fedora  presence in the Red Hat EMEA
booth at GITEX[2], being held this year on 8-12 September."

"I can use all the help I can get to man the booth, answer questions,
produce and distribute live CDs, etc. If you are attending GITEX this
year and can spare some time to help out, I think it will be a
productive and fun time for all involved."

[1] https://www.redhat.com/archives/fedora-marketing-list/2007-July/msg00033.html

[2] http://fedoraproject.org/wiki/FedoraEvents/GITEX

=== New in Fedora: Jack Aboutboul ===

RahulSundaram reports in fedora-marketing-list[1],

"Jack Aboutboul talks about what's new and interesting in Fedora in a
Linux World podcast[2] with Don Marti. Why does the core/extras merge
matter, custom spins of Fedora, relationship between Fedora and OLPC,
KVM and virt-manager virtualization, does user space in Linux still
suck like Dave Jones says it did, boot up speed and much more..."

[1] https://www.redhat.com/archives/fedora-marketing-list/2007-July/msg00026.html

[2] http://www.linuxworld.com/podcasts/linux/2007/062507-linuxcast.html

=== Proposed Fedora 8 Features ===

RahulSundaram reports in fedora-marketing-list[1],

"A pretty good look with screenshots and short descriptions though the
list of features[2] are a bit premature to say at this point. I think
we can do something similar to officially while announcing the list of
features for Fedora 8 which will happen when we hit feature freeze
during the development cycle."

[1] https://www.redhat.com/archives/fedora-marketing-list/2007-July/msg00025.html

[2] http://linuxupdate.blogspot.com/2007/07/proposed-fedora-8-features.html

=== Smolt to be a Linux Thing ===

MarcWiriadisastra reports in fedora-marketing-list[1],

"Smolt, the Linux hardware profiler that was introduced by the Fedora
project for automatically reporting installed hardware and other system
attributes, reached a new milestone last week and is in the process of
another. Last week, Smolt reached 75,000 profiles for Fedora after being
introduced back in January of this year. At the time of writing, there
are now over 78,300 profiles.[2]"

[1] https://www.redhat.com/archives/fedora-marketing-list/2007-July/msg00023.html

[2] http://www.phoronix.com/?page=news_item&px=NTg5Ng

== Developments ==

In this section, we cover the problems/solutions,
people/personalities, and ups/downs of the endless discussions on
Fedora Developments.

http://www.redhat.com/mailman/listinfo/fedora-devel-list

Contributing Writer: OisinFeeley

=== Plans for tickless kernel for x86_64 architecture in Fedora 8 ===

(Editor's Note: This news beat was written by ThomasChung)

WarrenTogami reports to FWN,

"Hi Dave, Could you write up a paragraph describing Fedora's plan for
x86_64 dyntick?"

"We plan on releasing F8 with 2.6.23. Upstream seems against the idea of
merging the 64bit tickless patches just yet, so will probably wait until
2.6.24 As a result of this, we'll carry patches in F8 to ship this
feature early.

Right now, as the 2.6.23 merge window is open, the tree is changing a
lot, so adding patches at this stage would involve a lot of rediffing,
so we'll remain without the tickless patches until things calm down
when 2.6.23-rc1 is released.

The plan of putting 64bit tickless in FC6/F7 updates has been put on
hold until it's stabilised in rawhide, and may even wait until after
F8 has been released, depending on how well testing goes.

-- DaveJones"

=== 'Allo 'Allo Wot's This 'Ere License? ===

Following on from the Thursday, July 19th FESCo meeting[1] a request
was posted[2] by BillNottingham to remind maintainers of the
importance of keeping everyone informed about changing licenses.

[1] http://fedoraproject.org/wiki/Extras/SteeringCommittee/Meeting-20070719

[2] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01096.html

The request noted that even changes to license versions were important
and that maintainers should ensure that the Fedora Project was
notified about them via either of the lists: @fedora-devel-announce or
@fedora-devel.  Questions should be directed to FESCo.

JakubJelinek wanted to know[3] whether the "License:" tags should be
updated to reflect their exact versions now.  JoshBoyer and
BrianPepple answered that something such as the scheme which Jakub was
proposing had been discussed in the FESCo IRC meeting[1].  That
discussion was concerned with the technical aspects of how to provide
license combinations in a compact, searchable space within current RPM
strictures and TomCallaway (spot) expressed an objection to writing
License tags of the form "License:GPL|MPL|BSD|X11|KitchenSink".  There
seemed to be plenty of practical objections to most of the suggestions
and the meeting cohered around the proposal above, and also
recognizing that much further work needed to be done.  Dark murmurings
about using a packagedb to hold the licenses were heard!

[3] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01098.html

A slightly different answer was given by BillNottingham[4], who said
that it was up to the Packaging Committee to standardize some naming
convention and RalfCorsepius stated[4] that the Packaging Committee
had already rejected versioned licensing due to considering the
"License:" tag to be merely informative and not a legal statement, and
to versioned licences introducing too much overhead.

[4] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01154.html

Ralf followed up[5] on this with a strongly-worded riposte to Bill's
original announcement, asking whether FESCo was now going to be the
"Fedora license police".  JefSpaleta thought[6] that Ralf's negativity
was getting a bit too consistent and suggested the more positive
construction which saw the development as a way of making sure that
those that depend on particular packages aren't suddenly blindsided by
a change to a license.  Ralf gave further depth[7] to his objections,
arguing that ignorance on the legal issues and a bureaucratic burden
would hamper the Fedora Project's efforts to give substance to these
proposals, he also dismissed GPLv3 as a consideration.  JoshBoyer
specifically countered[8] the latter point.  ToshioKuratomi (abadger)
agreed[9] that exotic licenses introduced complications, that the
Packaging Committee had rejected guidelines for "License:" tags, but
drew attention to the audience (end users) which had been considered
in those deliberations.

[5] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01156.html

[6] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01157.html

[7] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01167.html

[8] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01170.html

[9] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01177.html

=== Yum Integration For Applications ===

Ignacio Vazquez-Abrams proposed [1] rewriting some system tools (e.g.
''authconfig'', ''system-config-network'', and ''desktop-effects'') to
access ''system-install-packages'' so that they could install other
packages "on the fly" to enable missing functionaility.

[1] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00990.html

There was a muted reaction to the proposal.  JochenSchmitt
expressed[2] disquiet with the idea of doing something as intrusive as
automatically installing a package on a running system without the
explicit consent of an administrator.  JesseKeating thought[3] that
what was meant by "automatic" in this context was "automatically
launch Pirut which would of course prompt for the root password."
Further discussion between Jesse, Jochen, and Ignacio clarified that
Ignacio was interested in using s-i-p with a Text User Interface
instead of Pirut.

[2] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00995.html

[3] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00997.html

JefSpaleta asked[4] whether a hand-created listing of packages for
each tool would need to be made or if the process could be abstracted.
Ignacio answered that s-i-p would be able to work exactly like yum in
resolving needed packages and dependencies.

[4] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01003.html

An alternate approach using "soft dependencies" (also discussed in the
last paragraph of FWN#92 "Yelping Over Bloated Firefox And Flash"[4a])
was preferred[5] by KevinKofler. Kevin noted that this approach would
avoid lock-in to yum/s-i-p.

[4a] http://fedoraproject.org/wiki/FWN/Issue92#head-c93cd512fdf8e965869b3db1ff4bc7e152ef26ea

[5] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01025.html

MattMiller suggested[6] that a yum-plugin that allowed users to
install what he termed "user level" applications using their own
credentials would be useful.  SethVidal was dubious, arguing that
there was no easy distinction between user-level or other software.  A
detailed discussion[7] between HorstVonBrand and Matt over the dangers
of Matt's suggestion versus the advantages of just using sudo followed
and provided much food for thought.  BennyAmorsen thought[8] that due
to the difficulty of stopping users on UNIX systems making their own
programs that the level of security which Horst wanted was already
compromised.

[6] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01035.html

[7] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01082.html

[8] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01134.html

=== Java Based Web Interface To Fedora Repositories? ===

Recalling the use of repoview in the past, ThorstenLeemhuis
wondered[1] what were the plans for a similar interface in the new
merged Fedora and drew attention to a new project[2] named "Repowatch"
run by RichardKörber (Shred).

[1] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00954.html

[2] http://repowatch.fedorablog.de/

KonstantinRyabitsev (icon) responded[3] that he was completing work on
a rewrite of repoview that had major speed-ups due to state-tracking.
Icon pointed out that one advantage of repoview was that it did not
require an engine to view the repository, being instead browsable
simply as a collection of static pages. JesseKeating liked the sound
of this and volunteered[4] to integrate into mash[4a] or pungi[4b].

[3] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00960.html

[4] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00976.html

[4a] Mash is a tool to query the koji buildsystem for particular RPMs
and create a repository of them.

[4b] Pungi is a set of python libraries that can be used to build
composition tools.  It is also a means of producing ISO images and/or
installation trees.

A response from the author/developer of repowatch clarified[5] that it
was not a replacement for repoview, but instead provided a method to
monitor data from sources such as repoview.  RahulSundaram suggested
requesting some Fedora Project resources officially (helpfully
pointing to the place to do this) and ThorstenLeemhuis also
encouraged[6] this, adding that repowatch could provide an easy way
for users to find the latest versions of packages.

[5] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00963.html

[6] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01018.html

JesseKeating noted[7] that it was possible to examine Koji to see what
packages were available (see also FWN#88 "Making Koji A Complete
rpmfind Replacement"[8]), but ThorstenLeemhuis was prepared for this
and pointed back[9] to his earlier mail emphasising the need to cater
to users.

[7] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01051.html

[8] http://fedoraproject.org/wiki/FWN/Issue88#head-25047e8f0c3a56912a6f251d72c6cf3512b6bbf5

[9] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01068.html

Wishing to move things along practically, DavidTimms asked[10] whether
Fedora Infrastructure could provide any parameters for Shred before he
commenced a rewrite. Shred's response detailed his use of Tomcat
leading to a negative reaction[11] from JesseKeating, who made it
clear that Java apps (or PHP which was not under discussion here) were
not something which he personally welcomed within the Fedora Project's
essential infrastructure.  A brief discussion of his reasons for this
led Shred to decline[12] to enter the shopworn arguments about Java's
performance and to conclude that there was no point in pursuing
resource support within the Fedora Project.  Jesse backed off from
this conclusion and emphasized[13] that he had been merely expressing
his own opinion.

[10] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01072.html

[11] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01078.html

[12] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01081.html

[13] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01084.html

An interesting conclusion to the thread was provided[14] by
NicolasMailhot who noted that the advent of Free Java and the
importance of JBoss made it important for Fedora to be able to mount a
credible working alternative to Microsoft's .NET stack and that Fedora
Infrastructure should work with Red Hat/JBoss to mitigate any problems
such as the ones Jesse claimed.

[14] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01093.html

=== Sysklogd Replaced With Rsyslogd in Fedora 8 ===

A replacement of the "sysklogd" kernel logging daemon was announced[1]
by PeterVrabec.  The reason[2] for this change is that sysklogd is no
longer under active development.  Very quickly there was disagreement
over how this transition should be handled, with specific objections
resting on the issues of what to call the the configuration files and
whether the new daemon should be automatically started.

[1] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00941.html

[2] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01040.html

MattMiller suggested that using rsyslog.conf instead of syslog.conf as
the name of the configuration file replicated one of the problems
which had been identified with syslog-ng. PeterVrabec thought that a
simple ''cp syslog.conf rsyslog.conf'' took care of that problem, but
ChuckAnderson pressed home[3] the point that a drop-in replacement
ought to use the exact same names for configuration files.

[3] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01048.html

A refinement of this point was made[4] by SethVidal who emphasized
that it wasn't simple a replacement, but actually packaged as an
"obsoletes". A direct response[5] from SteveGrubb (SteveG) stated that
this had indeed been the original intent and that a sysconfig option
had been originally present.  SteveG also detailed some complicated
hackery to conditionally use either of the filenames depending on the
existence of sysconf.conf. There were some strong objections[6] from
TomasMraz and KarelZak citing the simplicity of just settling on one
name, using the ReleaseNotes to inform users of the change, and
avoiding the use of a configuration file with a different base name to
its daemon.  LeszekMatok disagreed with the latter and posted[7] some
examples during an exchange with RahulSundaram. MattMiller made a
similar point elsewhere with a different example.

[4] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01052.html

[5] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01053.html

[6] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01073.html

[7] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01133.html

The proposal to simply standardize on a new name was not congenial to
DavidLutterkort who noted[7a] that it would require modification of
all scripts which relied on the old names. SethVidal agreed and
suggested[7b] a transition that would delay the final full switch
until F9.

[7a]  https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01123.html

[7b] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01128.html

RahulSundaram[8] and SethVidal[8a] voiced the other major objection:
the case of users that upgrade using '''yum'''.  Peter's announcement
had made it clear that an '''anaconda''' upgrade to F8 would start the
new rsyslogd daemon automatically, but otherwise an update would cause
the old sysklogd to be erased and the new rsyslogd would need a ''su
-c; /sbin/service rsyslogd start''.  ManuelWolfshant thought[9] that
leaving the system without a logger was enough of a problem to make an
exception to packaging recommendations and start the daemon
automatically from the %post section of the package.  JeremyKatz
objected[10] that this should only be done if sysklogd had been
running previously or else there were negative effects for initing
chroots, creating live-images, and installing some systems.

[8] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00942.html

[8a] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00952.html

[9] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00944.html

[10] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00964.html

In response to ThorstenLeemhuis' suggestion to test whether sysklogd
was running, JeremyKatz provided[11] an overview of how other scripts
currently use a ''condrestart'' in %post but thought there would be
problems depending on whether the sysklogd package had been removed
before any tests could be run.  BillNottingham amplified[12] this
response, pointing out to MikeChambers that the PID file is what is
examined.

[11] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00971.html

[12] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00994.html

ManuelWolfshant concluded[13] that although there were potential
problems for admins running other logging daemons for testing
purposes, the proposed original scheme seemed mostly workable with the
service starting after a reboot, and separately[14] JeffOllie noted
that even in the case of "yum upgrade" from F7->F8 a reboot would be
needed to use the new kernel and libraries anyway.

[13] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01021.html

[14] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00967.html

=== Presto-digitation ===

"Nodata" recalled[1] the discussion on including Presto (a way to
reduce the amount of downloaded package data during updates by using
diffs of RPMs) and wondered what was happening now, noting that the
integration hadn't happened due to a lack of testing then and that the
same thing seemed to happening again.

[1] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00889.html

This summary was corrected[2] by DanHorák, who noted that contrary to
Nodata's assertion there were Presto-enabled repositories in existence
for FC6, F7, and Rawhide (the development branch). The generally
favorable and pro-active approach of the Fedora Project to Presto had
also been documented in FWN#93[3] and earlier.

[2] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00891.html

[3] http://fedoraproject.org/wiki/FWN/Issue93#head-be4027a212fef872b9d408a95126bb6684cfec12

JeremyKatz added[4] that JonathanDieter (main Presto developer with
AhmedKamal) had taken some patches from Jeremy and that the automatic
generation of deltarpms into the buildsystem was being worked on.

[4] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00896.html

Separately FESCo supported[5] the idea of fully integrating Presto
into Fedora 8, with some minor worries being expressed as to whether
fedora-infrastructure would be able to make the necessary changes in
time for the Test1 freeze, and the clarification that as long as it
made it by Test2 then it would make the cut.

[5] http://fedoraproject.org/wiki/Extras/SteeringCommittee/Meeting-20070719

A positive user experience with the existing Presto repositories was
reported[6] by YuanYijun, with the caveat that a couple of errors
needed to be worked around. FlorianLaRoche posted[7] an interesting
link to an alternate GPL-licensed implementation of the binary-delta
generating algorithm.

[6] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00927.html

[7] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01070.html

=== Seahorse: Reducing The Number Of Passphrase And Password Challenges ===

Following up on an earlier discussion, JesseKeating asked[1] whether
it was possible to cut down the number of prompts for passphrases by
managing ssh-agent passphrases within gnome-keyring.

[1] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00876.html

RalfEtzinger explained[2] that OpenSSH currently uses a bundle of
helpers (in openssh-askpass) and it ought to be easy to add a new one
for gnome-keyring-ssh-askpass.

[2] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00881.html

A suggestion[3] by ToddZullinger to use the pam_ssh module[4] provoked
some minor debate as Todd admitted that this approach required the
password entered to GDM (the display manager) to be the same as the
SSH passphrase. JonathanUnderwood was opposed to the idea, but Todd
argued[5] that enabling gnome-keyring to do what Jesse wanted would
provide a similarly weak security model also compromisable at one
single point.

[3] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00884.html

[4] http://pam-ssh.sourceforge.net/

[5] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00897.html

AlexanderDalloz thought that "keychain" might be useful but wouldn't
eliminate initial onetime password requests.  This and the pam_ssh
discussion led Jesse to clarify[6] that he envisioned a key storing
application accessed by a single password which was different from
each of the stored passwords/passphrases.  GawainLynch pointed[7] out
a Gentoo HOWTO and JonathanUnderwood advertised[8] SethVidal's
Seahorse packages which apparently provide exactly the integration
which Jesse had been seeking.

[6] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00909.html

[7] http://gentoo-wiki.com/HOWTO_Use_gnome-keyring_to_store_SSH_passphrases

[8] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01089.html

=== Nodoka Theme: Clean, Easy On The Eyes, Featured in Fedora 8 ===

An announcement[1] of a new graphics theme for Fedora named "Nodoka"
was posted by MartinSourada.  Along with DanielGeiger, Martin aims[2]
to provide a non-intrusive, consistent look throughout the desktop
(exclusive of wallpaper which is release-dependent) using the "Echo"
icons.

[1] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00863.html

[2] http://fedoraproject.org/wiki/Artwork/NodokaTheme

Martin provided links to RPMs for those that wish to provide feedback
and also sought further help in hosting the project.  RahulSundaram
followed up[3] on previous help he had given to Martin and suggested
that the best course was to contact fedora-infrastructure to ask for
resources.

[3] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00904.html

It seems[4] that the theme will only be usable for GTK2 (as opposed to
GTK1) applications (which hopefully are nearly eliminated at this
stage) and KevinKofler wondered[5] whether someone was working to make
this work usable with KDE as an alternative to Bluecurve/Quarticurve.
Martin responded[6] that volunteers to do so were welcome.

[4] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00879.html

[5] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00917.html

[6] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00923.html

The proposal that Nodoka be included in Fedora8 was later approved[7] by FESCo.

[7] http://fedoraproject.org/wiki/Extras/SteeringCommittee/Meeting-20070719

=== RUM RHUM RHUME REDRUM OPIUM OPYUM: Offline Fedora Package Manager ===

(Editor Note: See http://fedoraproject.org/wiki/DebarshiRay/rum#Naming
for 'Naming Blues')

One of the Google SoC projects was reported[1] to yield some usable
results by Fedora users according to DebarshiRay (Rishi).  Rishi has
been working on a way to allow Fedora users without internet
connections to benefit from the package management infrastructure
already developed around yum.  The result has been a tool[2]
tentatively named "RUM", which exists to allow users to update a
bandwidth poor machine by hooking it up to another machine that has
updated packages on it.

[1] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00795.html

[2]  https://fedoraproject.org/wiki/SummerOfCode/2007/DebarshiRay

There was a certain amount of discussion about the name, with
RahulSundaram drawing attention[3] to a conflict in namespace and
querying some of the implementation choices, such as the use of
uncompressed tar archives.  Rishi seemed to settle[4] for "OPYUM" as
the name.  "Jima" commented[5] that as the contents of rpms were
already compressed anyway there was probably not much gain in further
compression.

[3] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00842.html

[4] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00935.html

[5] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00873.html

A mild amount of skepticism about the value of this particular
approach was expressed, especially by MikeChambers, who wondered[6]
why Rishi couldn't just integrate his changes into Pirut.  Rishi
re-iterated[7] that the goal of the project was to allow even the
extreme case of completely networkless machines being updated with a
CD containing a "yumpack" specially built for them, and also explained
that Pirut-maintainer JeremyKatz wasn't receptive to the idea so far.

[6] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00977.html

[7] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00999.html

In response to Mike's wish for the ability of yum to update simply
from a local network, ThomasSpringer provided[8] the exact command:

'''su -c; yum update --disablerepo=\* --enablerepo=local-network'''

[8] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg00982.html

=== Another GNOME Conspiracy Unmasked: ShowOnlyIn ===

An upset ChristopherStone asked[1] why so many applications were
setting "ShowOnlyIn=GNOME" in their ''.desktop'' files and wondered if
it was ''Fedora *trying* to cripple KDE or what⁈''

[1] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01103.html

RexDieter pointed out[2] the flaw in Christopher's approach and
AlanCox suggested[3] that simple imitation of a flawed example rather
than malice was a better working hypothesis and asked Christopher to
file bugs if necessary.  ToddZullinger posted[4] a revised grep, which
indicated that GNOME users were actually victims of a KDE instigated
desktop-cleansing campaign.

[2] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01106.html

[3] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01107.html

[4] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01108.html

The plight of Xfce users was raised[5] by AndyShevchenko as they are
affected by the preferential setting of the flag for both GNOME and
KDE.

[5] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01159.html

"TarekW" explained[6] that the advantage of the current setup is that
it provides a sane default for non-power-users, shielding them from
the potential bloat of having both desktops load their dependencies
into memory.  Power-users have the option to tweak ShowOnlyIn on a
case-by-case basis.

[6] https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01176.html

== Infrastructure ==

In this section, we cover the Fedora Infrastructure Project.

http://fedoraproject.org/wiki/Infrastructure

Contributing Writer: JasonMatthewTaylor

=== Fedorapeople.org is up ===

SethVidal and others have been working on the fedorapeople.org site
for a while and their work is now available for use[1].

[1] https://www.redhat.com/archives/fedora-infrastructure-list/2007-July/msg00134.html

== Security Week ==

In this section, we highlight the security stories from the week in Fedora.

Contributing Writer: JoshBressers

=== Computer Viruses are 25 Years old ===

I ran across this story this week.

http://www.sciam.com/article.cfm?chanId=sa003&articleId=C0C3AC3C-E7F2-99DF-39AA1A7175A11775

The computing world is still suffering from computer viruses.  They're
a serious problem that waste a great deal of time and money.  Given
past trends, it's very likely that computer viruses will see their
50th birthday.

=== Serious Security Issues in Samsung Linux Drivers ===

This story is absolutely amazing

http://it.slashdot.org/article.pl?sid=07/07/18/0319203

It seems that by installing certain Samsung Linux drivers modify
numerous applications on the local system, setting a number of them
setuid-root.
It's easy to claim open source produces higher quality software, this
is a fine example of this.  If the source is being scrutinized by the
community at large, someone is likely to send a patch which can fix a
plain stupid bug such as this.  It's also quite likely that a
developer will be more willing to "do it right" if the source is going
to be available for the whole world to see.

=== Firefox 2.0.0.5 Released ===

A new version of the Mozilla products (Firefox, Seamonkey,
Thunderbird) were released this week.

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5

It's rather important you ensure you've installed this update as the
browser is certainly the most abused application these days.  If you
run Fedora, this update has been available via yum for several days.

== Daily Package ==

In this section, we recap the packages that have been highlighted as a
Fedora Daily Package.

http://dailypackage.fedorabook.com/

Contributing Writer: ChrisTyler

=== Krecipes - Recipe manager ===

''Productive Mondays'' highlight a timesaving tool. This Monday[1] we
covered Krecepies[2]:

"Krecipes is a KDE recipe manager. It will store, seach for, and
resize recipes, rate their nutritional content, and manage shopping
lists. Recipes can be stored in plan files for personal access, or in
MySQL or PostgreSQL databases for shared access (or very large recipe
collections)"

[1] http://dailypackage.fedorabook.com/index.php?/archives/98-Productive-Monday-Krecipes-Recipe-manager.html

[2] http://krecipes.sourceforge.net/

=== Pulseaudio - Next-generation audio server ===

''Artsy Tuesdays'' highlight a graphics, video, or sound application.
This Tuesday[1] PulseAdudio[2] was featured:

"PulseAudio is a next-generation audio server designed to be a 'Compiz
for audio'. It enables you to start multiple audio applications (with
different output systems) and direct each playback stream to the sink
(destination) of your choice, even changing the destination
on-the-fly, and to adjust the level of each individual channel."

[1] http://dailypackage.fedorabook.com/index.php?/archives/97-Artsy-Tuesday-Pulseaudio-Next-generation-audio-server.html

[2] http://pulseaudio.org/

=== Crontab ===

The ''Wednesday Why'' article[1] took a look at the ways that Fedora
packages interact with the cron execution scheduler:

"Packages that requires scheduled execution of jobs can be configued
in either of two ways: they can include a crontab file which will be
placed in /etc/cron.d (the approach used by the smolt package), or
they can include a script file which will be placed in
/etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, or
/etc/cron.monthly (which is the approach used by cups)."

[1] http://dailypackage.fedorabook.com/index.php?/archives/99-Wednesday-Why-Crontab.html

=== Hwbrowser - Display hardware info ===

''GUI Thursdays'' highlight a software that provides, enhances, or
effectively uses a GUI interface. This Thursday[1], hwbrowser was
discussed:

"Hwbrowser is a very simple tool that provides read-only access to
hardware information."

[1] http://dailypackage.fedorabook.com/index.php?/archives/100-GUI-Thursday-Hwbrowser-Display-hardware-info.html

=== Ri-li - Run a wooden train ===

''Friday Fun'' highlights fun, interesting, and amusing programs. This
Friday[1], we took a look Ri-li[2]:

"Do you remember having a wooden train set when you were little? Ri-li
is a neat little amusement that will remind you of those days."

[1] http://dailypackage.fedorabook.com/index.php?/archives/101-Friday-Fun-Ri-li-Run-a-wooden-train.html

[2] http://ri-li.org/

== Advisories and Updates ==

In this section, we cover Secuirity Advisories and Package Updates
from fedora-package-announce.

Contributing Writer: ThomasChung

=== Fedora 7 Security Advisories ===

 * [SECURITY] blam-1.8.3-5.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1157
 * [SECURITY] bochs-2.3-5.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1153
 * [SECURITY] centericq-4.21.0-13.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1160
 * [SECURITY] chmsee-1.0.0-0.20.beta2.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1159
 * [SECURITY] clamav-0.90.3-1.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1154
 * [SECURITY] devhelp-0.13-9.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1143
 * [SECURITY] epiphany-2.18.3-2.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1138
 * [SECURITY] epiphany-extensions-2.18.3-2 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1155
 * [SECURITY] firefox-2.0.0.5-1.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1142
 * [SECURITY] galeon-2.0.3-10.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1145
 * [SECURITY] gimp-2.2.17-1.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1099
 * [SECURITY] kernel-2.6.22.1-27.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1130
 * [SECURITY] liferea-1.2.19-3.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1146
 * [SECURITY] nginx-0.5.28-1.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1158
 * [SECURITY] seamonkey-1.1.3-1.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1181
 * [SECURITY] thunderbird-2.0.0.5-1.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1180
 * [SECURITY] yelp-2.18.1-5.fc7 -
http://fedoraproject.org/wiki/FSA/F7/FEDORA-2007-1144

=== Fedora Core 6 Security Advisories ===

 * [SECURITY] firefox-1.5.0.12-4.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-642
 * [SECURITY] gimp-2.2.17-1.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-627
 * [SECURITY] thunderbird-1.5.0.12-2.fc6 -
http://fedoraproject.org/wiki/FSA/FC6/FEDORA-2007-641

== Events and Meetings ==

In this section, we cover event reports and meeting summaries from
various projects.

Contributing Writer: ThomasChung

=== Fedora Board Meeting Minutes 2007-07-17 ===

 * https://www.redhat.com/archives/fedora-advisory-board/2007-July/msg00102.html

=== Fedora Ambassadors Meeting 2007-07-19 ===

 * https://www.redhat.com/archives/fedora-ambassadors-list/2007-July/msg00063.html

=== Fedora Documentation Steering Committee 2007-07-17 ===

 * https://www.redhat.com/archives/fedora-docs-list/2007-July/msg00067.html

=== Fedora Engineering Steering Committee Meeting 2007-07-19 ===

 * https://www.redhat.com/archives/fedora-devel-list/2007-July/msg01092.html

=== Fedora Extra Packages for Enterprise Linux Meeting 2007-07-18 ===

 * https://www.redhat.com/archives/epel-devel-list/2007-July/msg00182.html

=== Fedora Infrastructure Meeting (Log) 2007-07-19 ===

 * https://www.redhat.com/archives/fedora-infrastructure-list/2007-July/msg00145.html

=== Fedora Packaging Committee Meeting 2007-07-17 ===

 * No Meeting

=== Fedora Release Engineering Meeting 2007-07-16 ===

 * No Meeting

=== Fedora Translation Project Meeting 2007-07-17 ===

 * No Meeting

== Extras Extras ==

In this section, we cover any noticeable extras news from various
Linux Projects.

Contributing Writer: ThomasChung

=== LiveCD for Red Hat High ===

RobinNorwood reports in fedora-livecd-list[1],

"Last week, we held the second annual Red Hat High[2] here in Raleigh.
 I helped with the software side of things, and used the livecd tools
to do it."

"In a nutshell, it's a technology camp for incoming high school
freshmen, using all open source software."

"For the classrooms, we used lab space donated by NCSU.  However, a
couple of the labs were being used for NCSU classes during the week of
the camp, so we couldn't just format the drives and install Fedora.
Our solution was to use a live cd[3]."

[1] https://www.redhat.com/archives/fedora-livecd-list/2007-July/msg00132.html

[2] http://www.redhat.com/redhathigh/

[3] http://people.redhat.com/rnorwood/rhh-livecd/

-- 
Thomas Chung
http://fedoraproject.org/wiki/ThomasChung




More information about the fedora-announce-list mailing list