FWN 136: Ready to push out

Pascal Calarco pcalarco at nd.edu
Mon Jul 28 13:55:35 UTC 2008


Folks, I am going to push this out now to fedora-announce-list.  If we 
need to tweak the plaintext we can do so as we go forward.  Thanks!

   - pascal

Pascal Calarco wrote:
> Morning all,
> 
> With a little fiddling, I'm able to get the plaintext full FWN issue to 
> look like this, suitable for e-mail. It is the printable version of the 
> page, grabbing the text right off the browser. This produces better 
> results than 'Saving as' the plaintext version in the browser, which 
> still retains some wiki links.
> 
> I did have to strip out the [edit] from the top of each section, but 
> this is a simple replace of all instances of [edit] with ===. More 
> manual than it should be, less than it could be.
> 
> Oisin, does this look ok to you?
> 
> - pascal
> 
> -----
> === Fedora Weekly News Issue 136
> 
> Welcome to Fedora Weekly News Issue 136 for the week ending July 26, 2008.
> 
> http://fedoraproject.org/wiki/FWN/Issue136
> 
> Fedora Weekly News keep you updated with the latest issues, events and 
> activities in the fedora community.
> 
> If you are interested in contributing to Fedora Weekly News, please see 
> our 'join' page. Being a Fedora Weekly News beat writer gives you a 
> chance to work on one of our community's most important sources of news, 
> and can be done in only about 1 hour per week of your time.
> 
> We are still looking for a beat writer to summarize the Fedora Events 
> and Meetings that happened during each week.
> 
> http://fedoraproject.org/wiki/NewsProject/Join
> 
> === Contents
> 
> * 1 Fedora Weekly News Issue 136
> o 1.1 Announcements
> + 1.1.1 FESCo Election Results
> + 1.1.2 Cast your vote for the Fedora 10 Codename!
> + 1.1.3 Fedora 10 Alpha Freeze
> + 1.1.4 Announcing the Fedora OLPC Special Interest Group
> + 1.1.5 Fedora Unity releases updated Fedora 9 Re-Spin
> + 1.1.6 Feature Process Improvements
> + 1.1.7 FUEL opens up collaborative standardization of localization terms
> o 1.2 Planet Fedora
> + 1.2.1 Shameless Recruiting Pitch
> + 1.2.2 Intel's Moblin moves to Fedora
> + 1.2.3 Events
> + 1.2.4 Tech Tidbits
> + 1.2.5 Other Interesting Posts
> o 1.3 Marketing
> + 1.3.1 Linus Torvalds' personal Linux distro? Fedora 9, of course
> + 1.3.2 Asus Eee PC Fedora Respin
> + 1.3.3 Zimbra changes license to address Fedora concerns
> + 1.3.4 Seneca College teams with FOSS projects for hands-on learning
> + 1.3.5 Intel's Moblin switches from Ubuntu in favor of Fedora
> + 1.3.6 Fedora launches OLPC group
> + 1.3.7 Ring. Ring. It's Fedora calling
> + 1.3.8 Linux Symposium Proceedings Available
> + 1.3.9 Video: Fedora Live
> o 1.4 Ambassadors
> + 1.4.1 FAD EMEA 2008 - Date & Location Determined
> + 1.4.2 Planning for Fedora 10 Release Parties
> + 1.4.3 Event Reports Reminder
> o 1.5 Planet Fedora
> + 1.5.1 Erratum: FWN#133 "Shark" is a JIT not a VM
> + 1.5.2 New libraw1394 Rebuild Exposes Closed ACLs
> + 1.5.3 XULRunner Security Update Breakage Stimulates Bodhi Discussion
> + 1.5.4 Broken Upgrade Paths Due to NEVR
> + 1.5.5 Application Installer "Amber" Provides Browser Interface to 
> Packages
> + 1.5.6 RPM Inspires Intel Moblin2 Shift From Ubuntu
> o 1.6 Artwork
> + 1.6.1 Nodoka development
> + 1.6.2 Gathering feed-back about Fedora 10 theme proposals
> + 1.6.3 A possible Bluecurve revival
> o 1.7 Security Advisories
> + 1.7.1 Fedora 9 Security Advisories
> + 1.7.2 Fedora 8 Security Advisories
> 
> 
> 
> === Announcements
> 
> In this section, we cover announcements from the Fedora Project.
> 
> https://www.redhat.com/mailman/listinfo/fedora-announce-list
> 
> https://www.redhat.com/mailman/listinfo/fedora-devel-announce
> 
> Contributing Writer: Max Spevack
> 
> === FESCo Election Results
> 
> Brian Pepple announced the results of the Fedora Engineering Steering 
> Committee election[1]:
> 
> "The results of the Fedora Engineering Steering Committee (FESCo) 
> election are in: Bill Nottingham, Kevin Fenzi, Dennis Gilmore, Brian 
> Pepple, and David Woodhouse have been elected to full two-release terms, 
> and Jarod Wilson, Josh Boyer, Jon Stanley and Karsten Hopp have been 
> elected to a one-release term."
> 
> [1] 
> https://www.redhat.com/archives/fedora-announce-list/2008-July/msg00010.html 
> 
> 
> === Cast your vote for the Fedora 10 Codename!
> 
> Josh Boyer reminded folks to vote[1]:
> 
> "As long as you have signed the CLA and belong to one additional group 
> in the Fedora Account System, you can cast your vote.
> 
> Voting will end and be tallied at 23:59:59 28 July 2008 UTC."
> 
> [1] 
> https://www.redhat.com/archives/fedora-announce-list/2008-July/msg00011.html 
> 
> 
> === Fedora 10 Alpha Freeze
> 
> Jesse Keating announced[1]:
> 
> "We have our first development freeze of the Fedora 10 cycle tomorrow. 
> This is the alpha freeze, which is non-blocking. Release Engineering 
> will be making a freeze inside the buildsystem of tomorrow's rawhide 
> content. This will be the basis of the Fedora 10 Alpha release."
> 
> [1] 
> https://www.redhat.com/archives/fedora-devel-announce/2008-July/msg00008.html 
> 
> 
> === Announcing the Fedora OLPC Special Interest Group
> 
> Greg DeKoenigsberg announced[1]:
> 
> "Thus, I am proud to announce the formation of the Fedora OLPC Special 
> Interest Group. Our mission: to provide the OLPC project with a strong, 
> sustainable, scalable, community-driven base platform for innovation.
> 
> Immediate Goals:
> 
> 1. To identify and take responsible ownership of as many OLPC base 
> packages as possible.
> 
> 2. To maintain an excellent Sugar environment for Fedora, including a 
> dedicated Sugar spin.
> 
> 3. To identify useful opportunities for collaboration (infrastructure, 
> localization, etc.)"
> 
> [1] 
> http://www.redhat.com/archives/fedora-announce-list/2008-July/msg00009.html
> 
> === Fedora Unity releases updated Fedora 9 Re-Spin
> 
> Jeroen van Meeuwen informed us[1]:
> 
> "The Fedora Unity Project is proud to announce the release of new ISO 
> Re-Spins (DVD) of Fedora 9.
> 
> These Re-Spin ISOs are based on the officially released Fedora 9 
> installation media and include all updates released as of July 18th, 
> 2008. The ISO images are available for i386 and x86_64 architectures via 
> Jigdo starting Sunday, July 20th, 2008."
> 
> [1] 
> http://www.redhat.com/archives/fedora-announce-list/2008-July/msg00007.html
> 
> === Feature Process Improvements
> 
> John Poelstra had some excellent news on the feature front[1]:
> 
> "I was recently talking with Paul Frields about how to make the feature 
> process more accessible... this combined with feedback in the rpm thread 
> have led to a (hopefully) clearer presentation of how the feature 
> process works."
> 
> [1] 
> http://www.redhat.com/archives/fedora-devel-announce/2008-July/msg00009.html 
> 
> 
> === FUEL opens up collaborative standardization of localization terms
> 
> FUEL (Frequently Used Entries for Localization) aims at solving the 
> problem of inconsistency and lack of standardization in computer 
> software translation across the platform for all Languages. It will try 
> to provide a standardized and consistent look of computer for a language 
> computer users.
> 
> https://fedorahosted.org/fuel
> 
> === Planet Fedora
> 
> In this section, we cover the highlights of Planet Fedora - an 
> aggregation of blogs from Fedora contributors worldwide.
> 
> http://planet.fedoraproject.org
> 
> Contributing Writer: Max Spevack
> === Shameless Recruiting Pitch
> 
> We begin this week's summary of Planet Fedora with a recruitment pitch 
> for Fedora Weekly News beat writers, scribed by Karsten Wade.
> 
> === Intel's Moblin moves to Fedora
> 
> The topic that took Planet Fedora by storm on Friday and Saturday was 
> the announcement of Intel's Moblin moving from Ubuntu to Fedora as its 
> base OS. Yaakov Nemoy, John Palmieri, Seth Vidal, and Karsten Wade all 
> weighed in with their thoughts.
> 
> === Events
> 
> A number of event reports were posted on Planet Fedora this week.
> 
> * LUG Radio Live UK, attended by Max Spevack.
> * Ottawa Linux Symposium (day 1), as reported by Dennis Gilmore.
> * LTSP Hackfest (day 1), which included hackers from numerous Linux 
> distros, and Fedora's own Warren Togami.
> * A GUADEC trip report (including pictures) from Dimitris Glezos.
> * A second place finish in the 2008 RoboCup World Championships, with a 
> report from Tim Niemueller.
> 
> In other event news:
> 
> * Sandro "red" Mathys has posted details about the upcoming Fedora 
> Ambassador Day EMEA.
> * James Morris shared his Ottawa Linux Symposium paper with us, which is 
> a detailed update on SELinux.
> 
> === Tech Tidbits
> 
> Transifex 0.3 has been released. "Transifex 0.3 is a major release, 
> including a lot of under-the-hood changes. We’ve added full i18n 
> support, and now in addition to the templates, per-module information 
> stored in the database, such as names and descriptions, can be 
> translated as well," explains project lead Dimitris Glezos.
> 
> Lorenzo Villani is working on adding the ZYpp stack into Fedora. He 
> explains, "It seems that with the latest releases of sat-solver, libzypp 
> and zypper, the whole stack has become more stable on Fedora, 
> especially, in the past few weeks I wasn’t able to update packages due 
> to various resolver’s problems, but now it seems that 'zypper up' does 
> its job smoothly."
> 
> Fedora Electronics Lab now has its own mailing list, and there has been 
> lots of discussion about this particular respin on Planet Fedora over 
> the past few days.
> 
> Red Hat Magazine has a great article about NetworkManager, written by 
> Kyle Gonzales.
> 
> === Other Interesting Posts
> 
> Nicu Buculei gave us a detailed look at the first round of themes that 
> have been developed by the Art Team for Fedora 10.
> 
> David Nalley authored what might be the first in a four part series 
> about Fedora's new "Freedom, Friends, Features, First" marketing focus. 
> This post focuses on the Freedom topic.
> 
> === Marketing
> 
> In this section, we cover the Fedora Marketing Project.
> 
> http://fedoraproject.org/wiki/Marketing
> 
> Contributing Writer: Pascal Calarco
> 
> === Linus Torvalds' personal Linux distro? Fedora 9, of course
> 
> Larry Cafiero reported[1] that the creator of Linux, Linus Torvalds, 
> currently uses Fedora 9 "on most of his computers" as reported in a 
> recent interview[2]. "I've used different distributions over the years 
> ... Fedora had fairly good support for PowerPC back when I used that, so 
> I grew used to it. But I actually don't care too much about the 
> distribution, as long as it makes it easy to install and keep reasonably 
> up-to-date," Torvalds added.
> 
> [1] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00150.html 
> 
> 
> [2] 
> http://www.simple-talk.com/opinion/geek-of-the-week/linus-torvalds,-geek-of-the-week/ 
> 
> 
> === Asus Eee PC Fedora Respin
> 
> Valent Turkovic asked[1] if there was interest in working on a Fedora 
> spin for the Eee PC. Clint Savage reported[2] that his kickstart for the 
> Eee is working almost perfectly, and Mathieu Bridon pointed[3] to the 
> [EeePc wiki page] for this activity.
> 
> [1] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00156.html 
> 
> 
> [2] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00164.html 
> 
> 
> [3] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00160.html 
> 
> 
> === Zimbra changes license to address Fedora concerns
> 
> Rahul Sundaram reported[1] that Yahoo has responded[2] to the suggestion 
> that the license language for Zimbra be modified to allow it to be 
> consonant with the Fedora project, which now paves the way for Zimbra to 
> be made available in Fedora. "Our colleagues in the Fedora community 
> were concerned that the old version of 6.2 did not give licensees enough 
> certainty that they could keep exercising their license, even if they 
> followed its requirements. We thought this change was a reasonable 
> request, and we were very pleased that we were able to respond to the 
> Fedora community in the way they asked. Many thanks to our Fedora 
> friends for their input," the Yahoo spokesman explained. Jeroen Van 
> Meeuwen added[3] that efforts are already underway to package Zimbra for 
> Fedora.
> 
> [1] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00147.html 
> 
> 
> [2] 
> http://www.zimbra.com/forums/announcements/19581-license-5-0-7-foss.html
> 
> [3] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00172.html 
> 
> 
> === Seneca College teams with FOSS projects for hands-on learning
> 
> Rahul Sundaram shared[1] a feature[2] from Linux.com detailing the 
> growth of the free and open source software program at Seneca College in 
> Toronto, Canada. Beginning this fall, thanks to Fedora, it will add the 
> graduate-level Linux/Unix System Administration program. The article 
> continues with Greg DeKoenigsberg, Fedora's liaison with Seneca, saying, 
> "There's a lot of knowledge that's just not taught that you need [in 
> order] to participate in an open source project. There's a difference in 
> how open source is approached [compared to] traditional software, and 
> it's not like you can learn it in a book. It's very much an 
> apprenticeship model."
> 
> [1] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00176.html 
> 
> 
> [2] http://www.linux.com/feature/140097
> 
> === Intel's Moblin switches from Ubuntu in favor of Fedora
> 
> Rahul Sundaram shared[1] news reported in the UK's Register that Intel 
> has shifted from use of Ubuntu to Fedora. "Under the changes, the 
> existing Ubuntu-based kernel is out and Fedora is in, along with a set 
> of Gnome-compatible mobile components that updates Moblin's previous 
> Gnome implementation." Intel's director of Linux and open-source 
> strategy explained that "there was no falling out with Ubuntu, but the 
> move to Fedora was a technical decision based on the desire to adopt RPM 
> for package management." Rahul followed up with more information on this 
> development[3], reported later in heise open source[4].
> 
> [1] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00185.html 
> 
> 
> [2] http://www.theregister.co.uk/2008/07/23/moblin_reworked/
> 
> [3] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00205.html 
> 
> 
> [4] 
> http://www.heise-online.co.uk/open/Intel-switches-from-Ubuntu-to-Fedora-for-Mobile-Linux--/news/111166 
> 
> 
> === Fedora launches OLPC group
> 
> Rahul Sundaram forwarded[1] news[2] that the Fedora Project has started 
> a Open Laptop per Child[3] Special Interest Group to help with the 
> educational computing effort. Fedora will offer increased help with 
> package maintenance for OLPC, "maintain an excellent Sugar environment 
> for Fedora, including a dedicated Sugar spin; to identify opportunities 
> for collaboration on things such as infrastructure and localisation." A 
> discussion list has also been established[4] for this, and all are 
> welcome to join these efforts.
> 
> [1] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00186.html 
> 
> 
> [2] http://www.tectonic.co.za/?p=2647
> 
> [3] http://www.laptop.org/
> 
> [4] https://www.redhat.com/mailman/listinfo/fedora-olpc-list
> 
> === Ring. Ring. It's Fedora calling
> 
> Rahul Sundaram shared[1] a story in CNET News[2] this week about Fedora 
> Talk[3], a VOIP project that "allows Fedora contributors to use any 
> standard VoIP hardware or software to sign into the Fedora system and 
> make and receive calls to other Fedora contributors." CNET added, "It's 
> an intriguing way for the Fedora community to tighten the development 
> process by bringing developers together. IM, mailing lists, and e-mail 
> are great, but talking with someone is sometimes the best way to make 
> things happen."
> 
> [1] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00207.html 
> 
> 
> [2] http://news.cnet.com/8301-13505_3-9998526-16.html
> 
> [3] http://talk.fedoraproject.org/
> 
> === Linux Symposium Proceedings Available
> 
> Rahul Sundaram posted[1] that the 2001-2008 proceedings of the Linux 
> Symposium[3] were now freely-available[4], along with the GCC Summit 
> Proceedings.
> 
> [1] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00210.html 
> 
> 
> [2] http://ols.fedoraproject.org
> 
> [3] http://www.linuxsymposium.org/
> 
> [4] http://ols.fedoraproject.org/
> 
> === Video: Fedora Live
> 
> Rahul Sundaram shared[1] a recent article in Red Hat Magazine[2] 
> featuring the Fedora Project's Paul Frields talking with developer 
> Jeremy Katz "to discuss the Live USB feature debuted in Fedora 9 ... See 
> a live demo of the persistent desktop, and find out how to get more 
> involved in the next Fedora release."
> 
> [1] 
> https://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00188.html 
> 
> 
> [2] http://www.redhatmagazine.com/2008/07/23/video-fedora-live/
> 
> === Ambassadors
> 
> In this section, we cover Fedora Ambassadors Project.
> 
> http://fedoraproject.org/wiki/Ambassadors
> 
> Contributing Writer: Jeffrey Tadlock
> 
> 
> === FAD EMEA 2008 - Date & Location Determined
> 
> Sandro Mathys announced[1] that the data and location for FAD EMEA 2008 
> have been determined. It will take place in Basel, Switzerland from 
> 2008-11-14 to 2008-11-16. Additional information is available on the FAD 
> EMEA 2008 wiki page[2].
> 
> [1] 
> https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00304.html 
> 
> 
> [2] https://fedoraproject.org/wiki/FAD/FADEMEA2008
> 
> === Planning for Fedora 10 Release Parties
> 
> Francesco Ugolini posted[1] to the ambassadors list a request for 
> feedback for planning for Fedora 10 release parties. We had great 
> success with out Fedora 9 release parties - be sure to get your 
> suggestions in for planning Fedora 10 release parties in the future.
> 
> [1] 
> https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00328.html 
> 
> 
> === Event Reports Reminder
> 
> Max Spevack posted[1] a reminder that event reports are required if you 
> were the leader of an event. Event reports are also encouraged from 
> attendees of events as well. The event reporting guidelines page[2] 
> covers what should be included in an event report.
> 
> [1] 
> https://www.redhat.com/archives/fedora-ambassadors-list/2008-July/msg00326.html 
> 
> 
> [2] https://fedoraproject.org/wiki/FedoraEvents/ReportingGuidelines
> 
> === Planet Fedora
> 
> In this section the people, personalities and debates on the 
> @fedora-devel mailing list are summarized.
> 
> Contributing Writer: Oisin Feeley
> 
> === Erratum: FWN#133 "Shark" is a JIT not a VM
> 
> Gary Benson kindly corrected an error in FWN#133 "Java, So Many Free 
> Choices"[1] which reported on the work being done by Red Hat engineers 
> to expand the availability of a FOSS Java across more architectures. The 
> gist of the correction is that shark is not a Virtual Machine(VM) as 
> stated in the article. Gary explained that OpenJDK is composed of a VM 
> named HotSpot and a class library. HotSpot runs on a limited number of 
> architectures and so there have been two independent attempts to 
> increase VM coverage. One of these is named cacao and while it was a 
> promising project it was uncertain how well it would work. The other is 
> a Red Hat initiative to explicitly port HotSpot to more architectures by 
> providing an interpreter named zero. As zero is solely an interpreter it 
> is slow and in need of a JIT. This JIT could well end up being Shark. 
> Thanks to Gary for taking the time to clarify this point. We encourage 
> readers to correct important technical issues and misunderstandings and 
> can be contacted via "news at fedoraproject.org".
> 
> [1] http://fedoraproject.org/wiki/FWN/Issue133#Java.2C_So_Many_Free_Choices
> 
> === New libraw1394 Rebuild Exposes Closed ACLs
> 
> A simple warning made[1] by Jarod Wilson of a soname bump of libraw1394 
> (which among other things allows easy switching between juju and the 
> older drivers) revealed that Fedora's KDE maintainers are not using open 
> ACLs for their packages. The issue of whether open ACLs should be used 
> to allow any interested community member (e.g. with a FAS account) to 
> start making changes without bureaucracy has been visited several times 
> on @fedora-devel and has been argued[1a] to be one of the exciting 
> "post-merge" aspects of the FedoraProject. Objections have included 
> those based on security (see FWN#112 "Open By Default: New FAS Groups 
> Proposed"[1b]) and the logistics of co-ordinating such open access (see 
> FWN#91 "Community Control And Documentation Of New Workflows"[1c]). At 
> times it has appeared that those who were non-Red Hat employees and 
> contributing to the pre-merge "Extras" repository were the strongest 
> advocates for open ACLs.
> 
> [1] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01159.html
> 
> [1a] http://lwn.net/Articles/237700/
> 
> [1b] 
> http://fedoraproject.org/wiki/FWN/Issue112#Open_By_Default:_New_FAS_Groups_Proposed 
> 
> 
> [1c] 
> http://fedoraproject.org/wiki/FWN/Issue91#Community_Control_And_Documentation_Of_New_Workflows 
> 
> Jarod provided a short list of affected packages including kdebase and 
> kdebase3 and wondered whether he should "do a fancy chainbuild[2], or 
> just let rawhide be busted for a day?" Following advice received[3] 
> offlist he decided that the procedure would be to first bump and tag 
> each of the packages, and then from within the devel-branch of a 
> dependent package issue a:
> 
> [jwilson foo fedora-cvs/pkg11/devel]$ make chain-build CHAIN="libraw1394 
> pkg1 ... pkg10"
> 
> [2] 
> http://fedoraproject.org/wiki/PackageMaintainers/UsingKoji#Chained.builds
> 
> [3] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01161.html
> 
> This eventually worked[4], but first Jarod had to contact maintainers 
> that disallowed commit access using open ACLs and get them to do the 
> bump and tag in order to use the above method.
> 
> [4] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01316.html
> 
> Early on in the chain of events Kevin Koffler noted[5] the necessity to 
> do this for the KDE packages. "Drago01" wondered why there were closed 
> ACLs to which Rex Dieter replied[6] that it was not necessary for 
> non-core development platform bits and he would try to change the ACLs 
> for them. Konrad Meyer defended[7] the choice on the basis that "KDE is 
> a major system component and the KDE team (which is something like 6-8 
> people) does a very good job of fixing things as soon as they need 
> fixing." Further probing for an actual reason by Rahul Sundaram resulted 
> in Konrad stating[8] that it was necessary to prevent people from making 
> mistakes and that the kernel package was handled similarly. Rahul was 
> unconvinced by this and Jon Stanley agreed[9] it should be possible, as 
> with GNOME, to use open ACLs to allow anyone to help.
> 
> [5] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01164.html
> 
> [6] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01192.html
> 
> [7] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01181.html
> 
> [8] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01223.html
> 
> [9] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01225.html
> 
> === XULRunner Security Update Breakage Stimulates Bodhi Discussion
> 
> After Michael Schwendt published[1] a summary of broken dependencies for 
> Fedora 9 it was noticed[2] by Martin Sourada that most of the problems 
> were due to a recent update of xulrunner which now provides gecko-libs 
> (see FWN#110[3].) Martin discovered that gxine, which was his particular 
> responsibility, did not depend on a specific version of gecko-libs and 
> thus removed the versioned dependencies. He suggested that a review by 
> carried out of the other affected packages to determine whether this was 
> also the case for them.
> 
> [1] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01175.html
> 
> [2] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01177.html
> 
> [3] 
> http://fedoraproject.org/wiki/FWN/Issue110#Gecko-libs.Now.Provided.By.Xulrunnerdevel 
> 
> 
> Martin was further concerned that the policies for pushing security 
> updates for a stable release be examined in the light of this particular 
> case because it would fail to install due to all the broken 
> dependencies. He suggested that it ought to be possible to use chain 
> builds (the Koji buildsystem allows packages to be grouped into sets 
> during the build process and to only report success if all the packages 
> complete perfectly) to ensure that such breakage does not occur. He also 
> wondered why the security update was not mentioned on the 
> "-devel(-announce) list?"
> 
> Nicolas Mailhot agreed[4] strongly wondering: "why the hell is this 
> stuff not tested in -devel first? [...] When the update process is not 
> streamlined in -devel, it's no surprise it bombs in -stable when 
> security updates are due." The answers to these questions came from Adel 
> Gadllah (drago01) who replied[5] that as it was a security fix it had to 
> go to updates-stable immediately instead of following the normal 
> procedure[6]. David Nielsen interjected[7] that this method did not 
> deliver a quick security fix because those using, for example, epiphany 
> failed to get the update because the dependencies had not been properly 
> handled. Michael Schwendt also made[8] the same point: "Doesn't matter. 
> It doesn't install at all if it breaks dependencies of *installed* 
> packages. Not even *skip-broken helps in that case." Adel clarified[9] 
> that he was explaining "why it was done, not that it was the right thing 
> to do. As I already said, bodhi should block updates that break deps."
> 
> [4] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01182.html
> 
> [5] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01183.html
> 
> [6] Generally bleeding-edge changes for the next version of Fedora are 
> published in the "fedora-rawhide" repository, which is derived from a 
> CVS branch named "-devel". The "fedora-updatestesting" repository 
> contains bleeding edge changes for the current maintained release, the 
> idea being that volunteers will test them and provide feedback before 
> they are pushed to the "fedora-updates" repository for general consumption.
> 
> [7] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01184.html
> 
> [8] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01185.html
> 
> [9] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01188.html
> 
> === Broken Upgrade Paths Due to NEVR
> 
> A report listing packages which failed to upgrade smoothly was 
> emailed[1] to the list on Mon 21st. This would appear[2] to be the 
> output of Jesse Keating's revamped version of the old Extras script 
> upgradecheck (previously discussed in FWN#108 "Package EVR Problems"[3]) 
> which examines Koji tags[4] to determine whether upgrades from one 
> package version to another will work.
> 
> [1] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01253.html
> 
> [2] 
> http://git.fedorahosted.org/git/?p=releng;a=blob;f=scripts/check-upgradepaths.py;hb=HEAD 
> 
> 
> [3] http://fedoraproject.org/wiki/FWN/Issue108#Package.EVR.Problems
> 
> [4] http://fedoraproject.org/wiki/Koji
> 
> Michael Schwendt noticed[5] that at least one reported failure, of 
> audacity to upgrade from "dist-f8-updates-testing" to "dist-f9-updates" 
> was a false positive because it omitted to take the possible 
> intermediate tag "dist-f9-updates-testing" into account. Jesse Keating 
> pondered[6] the idea and while admitting the possibility that someone 
> might "at one time [have] installed F8 testing updates, and then 
> upgraded to F9 + updates, but without F9 updates-testing. However, it's 
> more plausible that if they were using updates-testing on F8 that they 
> would upgrade to F9 + updates + updates-testing." He suggested that he 
> would break the testing down into two separate paths: "F8, F8-updates, 
> f9-updates" and "F8-updates-testing, F9-updates-testing" and also list 
> the person that built the broken instance instead of listing the owners 
> of the broken packages.
> 
> [5] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01296.html
> 
> [6] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01317.html
> 
> As the owner can change per branch Michael Schwendt suggested that the 
> pkgdb could be queried for branch-specific ownership data, but Jesse 
> thought that it was more interesting to know who built the package 
> rather than who owned it. He hoped that "the <pkg>-contact fedoraproject 
> org or some such gets created soon so that the script can just email 
> that + the person whom built the problematic package" and Seth Vidal 
> quickly implemented[7] this after Toshio Kuratomi made some changes to 
> pkgdb.
> 
> [7] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01489.html
> 
> === Application Installer "Amber" Provides Browser Interface to Packages
> 
> A description was posted[1] by Owen Taylor of a visual means to rate, 
> browse and install packaged applications in a repository. The discussion 
> around this revealed some differences over the advisability of providing 
> separate ways for ordinary end-users on the one hand and package 
> maintainers on the other to discover and discuss the software available 
> from the FedoraProject. Owen's post was to announce that he had hacked 
> up a web-browser plugin (a detailed README is available[2] which 
> includes discussion of security and cross-browser support) which used 
> PackageKit to allow the installation of packages selected from this 
> website. He had hopes that this would be "robust against inter-distro 
> differences in package names" and wondered "[w]hat do people think... 
> does this make sense as part of the PackageKit project?"
> 
> [1] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01433.html
> 
> [2] http://git.o/shsoup.net/cgit/packagekit-plugin/tree/README
> 
> Following a suggestion from Tom Callaway that it be integrated with 
> PackageDB (this is the central repository of meta-information on 
> packages and is currently targeted to the needs of package maintainers 
> and release-engineering[3] to track ownership and ACLs[4]) there were 
> questions from Jeff Spaleta about what that meant. Owen replied[5] with 
> more detail, and explained that the web application would take 
> information from PackageDB but that the plugin would use PackageKit (and 
> YUM and hence comps.xml) to display actual installable packages. He 
> listed other possible operations beyond simple installation of packages. 
> It would be possible to offer installation to any anonymous user, but 
> after authentication rating and commenting on packages could be 
> authorized for users in the FAS[6] class. Similarly, the ability to edit 
> package information could be authorized for package owners.
> 
> [3] https://admin.fedoraproject.org/pkgdb
> 
> [4] https://fedorahosted.org/packagedb/
> 
> [5] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01440.html
> 
> [6] https://admin.fedoraproject.org/accounts/
> 
> Jeff emphasized[7] that he would prefer to see Owen's interface replace, 
> or augment, the existing PackageDB one[8] in order to increase 
> user-maintainer communication by simplifying and reducing the number of 
> interfaces. Bill Nottingham wondered[9] "Does anyone actually use 
> packagedb to browse for available software?" and although there were a 
> couple of affirmative replies there was no aggregate data presented to 
> answer this question. Nicolas Mailhot replied[10] with some possible 
> uses for expanded meta-information based upon the experience of the 
> Fonts SIG.
> 
> [7] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01442.html
> 
> [8] https://admin.fedoraproject.org/pkgdb
> 
> [9] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01445.html
> 
> [10] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01474.html
> 
> Robin Norwood explained[11] to Jeff that the PackageDB was for one 
> audience "(mostly) targeted at people interested in the plumbing of 
> Fedora" while the new interface was "targeted at people who are looking 
> for applications to install and 'do stuff' with." He posted[12] a link 
> to the Feature page for this ApplicationInstaller. Work seems to have 
> progressed quite far with both the web-application side, which is 
> tentatively named "Amber" and is available for proof-of-concept 
> testing[13] and also with Owen's plugin.
> 
> [11] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01460.html
> 
> [12] http://fedoraproject.org/wiki/Features/ApplicationInstaller
> 
> [13] http://publictest10.fedoraproject.org/amber
> 
> Jeff re-iterated[14] his point that "driving users to a different site 
> than the package maintainers... and allowing them to comment [is] going 
> to cause a communication gap" and characterized this as "driveby 
> commenting and rating." Matthias Clasen did not accept that the use 
> cases and requirements were the same as those for PackageDB and argued 
> that "[t]his is not an effort to improve package quality or gain new 
> contributors. This is an effort to make life of users better. It is not 
> about packages, but about applications." Robin was[15] against Jeff's 
> idea of a "monolithic app" and emphasized that he was using existing 
> infrastructure to provide a new interface and also planning easy export 
> of the data. He envisioned this data as providing, for example, a feed 
> of comments about each package to PackageDB: "More of a semantic web 
> type idea than an isolated database or a 'one-stop shop'."
> 
> [14] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01472.html
> 
> [15] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01481.html
> 
> === RPM Inspires Intel Moblin2 Shift From Ubuntu
> 
> An excited Peter Robinson copied[1] a link to "The Register" to the 
> list. The article claimed that Intel's next version of "Moblin"[2] 
> (cunningly codenamed Moblin2) would be replacing the "Ubuntu-based 
> kernel" with the Fedora kernel and cited Dirk Hohndel. Specifically it 
> attributed a desire to "move to Fedora [as] a technical decision based 
> on the desire to adopt RPM for package management [and also that] having 
> a vibrant community push is the winning factor." The article has since 
> been rebuffed[3] by Hohndel in a comment on one of his blogs as "not 
> only low on detail, it's also high in content that's made up or blown 
> out of proportion" but he does confirm that "we decided to move to an 
> rpm based distribution as that gave us better build tools and most 
> importantly a better way to manage the licenses under which the 
> individual packages are released."
> 
> [1] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01381.html
> 
> [2] Moblin is a GNU/Linux-based software stack for Mobile Internet 
> Devices which includes Xorg,GStreamer,ALSA,the MatchboxWM, GTK, Cairo, 
> Pango, D-Bus, Avahi, Evolution Data Server and more. In order to make 
> life easy for developers a Moblin Image Creator makes it easy to create 
> a small 350-600MB binary image for a particular architecture. Moblin 
> explicitly aims to provide an alternative to GNOME and KDE. 
> http://www.moblin.org/resource.center.php
> 
> [3] http://www.hohndel.org/communitymatters/moblin/moblin-at-oscon/
> 
> Commentary on @fedora-devel tended to cautious optimism mixed with a 
> desire for a lot more information. Jeff Spaleta asked[4] whether the 
> idea was to have Moblin2 be a "part of the larger Fedora project or is 
> it going to be a downstream derived distribution that will include 
> components such that it can not carry the Fedora name?" and broached the 
> idea that Moblin2 might be a candidate for a Secondary Architecture (see 
> FWN#90[5] and FWN#92[6].) DavidWoodhouse (posting with an Intel.com sig) 
> also liked[7] the idea of a Moblin2 SIG producing a Fedora spin for MIDs 
> (Mobile Internet Devices.)
> 
> [4] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01386.html
> 
> [5] 
> http://fedoraproject.org/wiki/FWN/Issue90#Fedora.Secondary.Architectures.Proposal 
> 
> 
> [6] http://fedoraproject.org/wiki/FWN/Issue92#Secondary.Arch.Proposal.Cont
> 
> [7] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01417.html
> 
> While "yersinia" thought that the emphasis on RPM was interesting Hansde 
> Goede was intrigued[8] by the emphasis on community activity. Hans 
> suggested that Jeff Spaleta contact Dirk Hohndel to emphasize the 
> dynamic nature of the FOSS community behind Fedora. Jeff suggested that 
> Karsten Wade could meet with Dirk at this week's OSCON[9]. Ex-Red Hat 
> star employee Arjanvande Ven volunteered[10] to do what he could to help 
> make contact with Dirk, describing himself as "on the other side of a 
> cube wall" from him. In response to Rahul Sundaram's request for 
> concrete information from Intel Arjan responded[11] that he would do his 
> best to get the right people to make contact, but that much of the 
> speculation on @fedora-devel concerned topics which have an "eh we don't 
> know yet" answer. He also repeated cautions against believing anything 
> which journalists write.
> 
> [8] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01397.html
> 
> [9] http://en.oreilly.com/oscon2008/public/content/home
> 
> [10] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01447.html
> 
> [11] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01523.html
> 
> Paul Frields followed up[12] with details of a meeting at OSCON with 
> senior Fedora hackers. It seemed that the ability to use OpenSuSE's Open 
> Build System (which is based on RPM) was one of the main motivations 
> behind Intel's move. Apparently Koji (the Fedora Project's buildsystem) 
> lacks some specific functionality. Discussion between Paul Frields and 
> Jeff Spaleta centered[13] around whether the apparent Moblin2 plan of 
> acting as a downstream derivative of the Fedora kernel would allow them 
> to garner community contributions and whether this mattered anyway given 
> Intel's vast resources.
> 
> [12] 
> http://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00198.html 
> 
> 
> [13] 
> http://www.redhat.com/archives/fedora-marketing-list/2008-July/msg00214.html 
> 
> 
> Arthur Pemberton thought that this was a good opportunity to take on 
> some of the anti-RPM and anti-YUM misinformation which had been spread 
> about. David Nielsen thought it was best to merely demand proof from 
> those spreading FUD. Seth Vidal conceded[14] that perhaps not enough had 
> been done to publicize the improvements in YUM and RPM over the last few 
> years and cited[15] a particular case-study of a smartpm user comparing 
> it with YUM to the advantage of the latter.
> 
> [14] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01503.html
> 
> [15] 
> https://www.redhat.com/archives/fedora-devel-list/2008-July/msg01507.html
> 
> === Artwork
> 
> In this section, we cover the Fedora Artwork Project.
> 
> http://fedoraproject.org/wiki/Artwork
> 
> Contributing Writer: Nicu Buculei
> 
> === Nodoka development
> 
> After Martin Sourada laid out some plans last week for the Nodoka GTK2 
> theme engine development, he updated the Fedora Art list with news about 
> the topic: "Considering that the Feature freeze for F10 is nearing and I 
> haven't finished yet with the sketching, I'll push it for Fedora 11, 
> while in Fedora 10 we'll have new notification theme [1], maybe the Echo 
> icons and some minor improvements to the gtk theme/engine."
> 
> [1] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00217.html
> 
> === Gathering feed-back about Fedora 10 theme proposals
> 
> After the first round of the theme creation process for Fedora 10 ended, 
> Nicu Buculei started gathering[1] feed-back from the community (everyone 
> is invited to participated, including the Fedora Weekly News readers): 
> "Since the first round for F10 themes just ended, I wrote to my 
> (infamous) blog an article[2] listing all the proposals, including 
> thumbnails and descriptions and asked for feedback (noting that the 
> preferred way is this mailing list). Also posted about it on 
> FedoraForum[3]."
> 
> [1] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00222.html
> 
> [2] http://nicubunu.blogspot.com/2008/07/fedora-10-themes-round-1.html
> 
> [3] http://forums.fedoraforum.org/showthread.php?p=1050722
> 
> === A possible Bluecurve revival
> 
> Andy Fitzsimon shared[1] on the Fedora Art list a theme mockup "I didn't 
> design it specifically for fedora but I hope someone here finds it 
> useful for future mocks" and very quickly Hylke Bons expressed his 
> interest[2] and idea about using it in combination with his own 
> project[3] "I think this will fit well in my attempt to ressurect 
> Bluecurve" (Bluecurve is the venerable theme introduced in Red Hat Linux 
> 8 and used as a default until Fedora 6).
> 
> [1] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00225.html
> 
> [2] https://www.redhat.com/archives/fedora-art-list/2008-July/msg00226.html
> 
> [3] http://bomahy.nl/hylke/wip/bluetwist.png
> 
> === Security Advisories
> 
> In this section, we cover Security Advisories from fedora-package-announce.
> 
> https://www.redhat.com/mailman/listinfo/fedora-package-announce
> 
> Contributing Writer: David Nalley
> 
> === Fedora 9 Security Advisories
> 
> * mantis-1.1.2-1.fc9 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00801.html 
> 
> * dbmail-2.2.9-1.fc9 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01094.html 
> 
> * libetpan-0.54-1.fc9 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01093.html 
> 
> * php-5.2.6-2.fc9 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01021.html 
> 
> * ruby-1.8.6.230-1.fc9 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01016.html 
> 
> * gnutls-2.0.4-3.fc9 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00980.html 
> 
> * licq-1.3.5-2.fc9 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00879.html 
> 
> * perl-5.10.0-27.fc9 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00874.html 
> 
> * linuxdcpp-1.0.1-3.fc9 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01106.html 
> 
> * sipp-3.1-2.fc9 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01160.html 
> 
> 
> === Fedora 8 Security Advisories
> 
> * wireshark-1.0.2-1.fc8 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00798.html 
> 
> * asterisk-1.4.21.2-1.fc8 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html 
> 
> * mantis-1.1.2-1.fc8 - 
> https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00813.html 
> 
> _______________________________________________
> Fedora-news-list mailing list
> Fedora-news-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-news-list

-- 
------------------------------------
Pascal V. Calarco, MLIS
Head, Library Systems
University of Notre Dame/
Michiana Academic Library Consortium
Notre Dame, IN USA 46556
http://www.library.nd.edu
------------------------------------




More information about the Fedora-news-list mailing list