Fedora Weekly News #155

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Fedora Weekly News Issue 155

Welcome to Fedora Weekly News Issue 155 for the week ending December
7th, 2008.

http://fedoraproject.org/wiki/FWN/Issue155

FWN is pleased to announce the return of the Planet Fedora beat. Among
other items Adam Batkin lists some "Howtos and Tips" gleaned from blogs.
In Announcements the "Fedora 11" naming scheme is discussed. In
Developments "The PATH to CAPP" exposes disquiet with some security
infrastructure. Translation provides updates on the cancellation of
FLSCo elections. Artwork is again bursting at the seems with a "T-Shirt
Logo Design Tool" and "Improved Document Templates". SecurityAdvisories
lists this week's essential updates. Finally Virtualization continues to
race the shocking pace of developments including the "Release of libvirt
0.5.0 and 0.5.1" There's plenty more a mere mouse click away!

If you are interested in contributing to Fedora Weekly News, please see
our 'join' page[1].

FWN Editorial Team: Pascal Calarco, Oisin Feeley, Huzaifa Sidhpurwala

[0] http://fedoraproject.org/en/get-fedora

[1] http://fedoraproject.org/wiki/NewsProject/Join

   Fedora Weekly News Issue 155
          1.1 Announcements
                1.1.1 FUDCon Boston (F11)
                1.1.2 Fedora 11
                1.1.3 Other
          1.2 Planet Fedora
                1.2.1 General
                1.2.2 How-To and Tips
                1.2.3 FOSS.IN
          1.3 Developments
                1.3.1 The PATH to CAPP Audits
                1.3.2 The Looming Py3K Monster
                1.3.3 PackageKit Stealth Installations
                1.3.4 DNS Resolution Unreliable
          1.4 Translation
                1.4.1 FLSco Elections Cancelled
                1.4.2 Fedora-website Translation Repo Re-enabled
                1.4.3 Transifex version updated for
                translate.fedoraproject.org
                1.4.4 New Members in FLP
          1.5 Artwork
                1.5.1 Improved Document Templates
                1.5.2 Postprocessing in Icons
                1.5.3 FirstAidKit Artwork
                1.5.4 T-Shirt Logo Design Tool
          1.6 Security Advisories
                1.6.1 Fedora 10 Security Advisories
                1.6.2 Fedora 9 Security Advisories
                1.6.3 Fedora 8 Security Advisories
          1.7 Virtualization
                1.7.1 Enterprise Management Tools List
                     1.7.1.1 Enabling Builds of libvirt for Windows
                     1.7.1.2 Solaris Support in virtinst
                1.7.2 Fedora Xen List
                     1.7.2.1 Support for Fedora 10 DomU on F8 Dom0
                     1.7.2.2 Paravirt Ops Dom0 Feature Update
                1.7.3 Libvirt List
                     1.7.3.1 Release of libvirt 0.5.0 and 0.5.1
                     1.7.3.2 Allow Automatic Driver Probe for Remote TCP
                     Connections
                     1.7.3.3 Thread Safety for libvirtd Daemon and
                     Drivers
                     1.7.3.4 libvirt 0.5.0 and KVM Migration Support
                1.7.4 oVirt Devel List
                     1.7.4.1 Some Architecture Diagrams
                     1.7.4.2 Standalone Console Viewer for oVirt

== Announcements ==

In this section, we cover announcements from the Fedora Project.

http://www.redhat.com/archives/fedora-announce-list/

http://www.redhat.com/archives/fedora-devel-announce/

Contributing Writer: Max Spevack

=== FUDCon Boston (F11) ===

Paul Frields made a few announcements this week regarding FUDCon
Boston[1], which is January 9-11.

Paul mentioned[2] that the event will be held at MIT, he gives
information about the social event, and also reminds people to register
on the wiki and to make their hotel reservations before December 19th,
in order to secure the $99 hotel room rate.

[1] http://fedoraproject.org/wiki/FUDCon/FUDConF11

[2]
http://www.redhat.com/archives/fedora-announce-list/2008-December/msg00000.html

=== Fedora 11 ===

Josh Boyer wrote[3] about the process for selecting the Fedora 11 name.
"We're doing the name collection differently this year than in the past.
Contributors wishing to make a suggestion are asked to go to the F11
naming wiki page[4], and add an entry to the suggestion table found
there".

[3]
http://www.redhat.com/archives/fedora-announce-list/2008-December/msg00001.html

[4] https://fedoraproject.org/wiki/Name_suggestions_for_Fedora_11

Jon Stanley announced[5,6] the Fedora 11 freeze dates. The Alpha freeze
is currently scheduled for January 20, and the Final freeze for April
14.

[5]
http://www.redhat.com/archives/fedora-devel-announce/2008-December/msg00005.html

[6]
http://www.redhat.com/archives/fedora-devel-announce/2008-December/msg00006.html

Ignacio Vazquez-Abrams announced[7] that Python 2.6 is now in Rawhide.
For those of you who maintain Python packages, you'll want to read the
full announcement.

[7]
http://www.redhat.com/archives/fedora-devel-announce/2008-December/msg00007.html
Other

Finally, Paul Frields announced[8] that Chris Aillon has been
re-appointed to the Fedora Board, and will serve another two-release
term.

[8]
http://www.redhat.com/archives/fedora-announce-list/2008-December/msg00005.html

== Planet Fedora ==

In this section, we cover the highlights of Planet Fedora - an
aggregation of blogs from Fedora contributors worldwide.

http://planet.fedoraproject.org

Contributing Writer: Adam Batkin

=== General ===

Fabian Affolter posted[0] a nice graph showing the number of unique
fedoraproject.org visitors (progressively growing since 2006!)

[0]
http://fabaff.blogspot.com/2008/12/fedoraprojectorg-unique-visitors.html

Karsten Wade appealed[1] for information about configuring a misbehaving
Synaptic touchpad on Fedora 10, followed[2] shortly thereafter by a
solution.

[1]
http://iquaid.org/2008/11/30/synaptic-tapping-fail-is-there-a-good-fix/

[2] http://iquaid.org/2008/12/02/more-than-one-way-to-skin-a-touchpad/

Max Spevack wondered[3] whether there is a nice way to build a custom
Fedora mirror tailored specifically to one's installed package set.

[3] http://spevack.livejournal.com/69145.html

Thorsten Leemhuis critiqued[4] the Fedora Release Notes, providing some
suggestions for how to make the important bits stand out more.

[4]
http://thorstenl.blogspot.com/2008/12/read-same-paragraphs-every-half-year.html

A look ahead[5] at some of the innovations in the open source world that
we can look forward to during 2009

[5] http://liquidat.wordpress.com/2008/12/01/the-open-source-year-2009/

Luis Villa mused[6][7] on innovation in general and the Linux Desktop
(think Gnome and KDE) in particular.

[6] http://tieguy.org/blog/2008/12/05/the-linux-desktops-change-problem/

[7] http://tieguy.org/blog/2008/12/06/slight-innovation-followup/

Greg DeKoenigsberg wrote a few[8] posts[9] chronicling[10] his
experiences with Sugar

[8] http://gregdek.livejournal.com/40932.html

[9] http://gregdek.livejournal.com/41431.html

[10] http://gregdek.livejournal.com/41616.html

Apparently Luis Villa had[11] a similar idea

[11] http://tieguy.org/blog/2008/12/02/playing-with-sugar/

A video interview[12] with Paul W. Frields about the Fedora 10 release

[12] http://www.redhatmagazine.com/2008/12/02/video-fedora-10/

=== How-To and Tips ===

Tom Tromey wrote an 8-part (so far) series[13] on using a Python-enabled
GDB. The series is not just about debugging Python with GDB, but also
extending GDB using Python.

[13] http://tromey.com/blog/?p=494

Jeroen van Meeuwen provided some instructions for composing EL5 media on
Fedora 9 or 10 systems[14] by running Revisor inside mock

[14] http://kanarip.livejournal.com/6276.html

James Laska wrote a tutorial on how to automate a classroom/lab-type[15]
setup using tools such as Cobbler, Snake and Koan

[15] http://jlaska.livejournal.com/3696.html

Michael Stahnke had some problems (and solutions)[16] for getting Fedora
10 running as a Xen guest on EL5

[16]
http://www.stahnkage.com/blogs/index.php?/archives/482-F10-and-Xen-images.html

Dale Bewley wrote about expanding[17] an Encrypted Filesystem with LVM
and Fedora 10

[17] http://tofu.org/drupal/node/71

Steven Moix managed to get[18] iTunes music sharing working in Fedora 10

[18]
http://www.alphatek.info/2008/12/01/itunes-music-sharing-in-fedora-10/

Dave Jones had some tips[19] for making an ASUS Eee PC 900 (or any
generally underpowered UMPC with a solid state disk) happier under Linux

[19] http://kernelslacker.livejournal.com/132087.html

Harald Hoyer also provided some performance advice[20], this time to
help identify disk IO bottlenecks during bootup using SystemTap

[20] http://www.harald-hoyer.de/personal/blog/fedora-10-disk-io

=== FOSS.IN ===

A number of people wrote up their experiences and provided pictures from
FOSS.IN:

[21] http://james-morris.livejournal.com/36445.html

[22] http://james-morris.livejournal.com/36715.html

[23] http://soumya.dgplug.org/?p=33

[24] http://kushaldas.in/2008/12/02/through-my-lenses-fossin-2008/

[25] http://rahulpmb.blogspot.com/2008/12/pics-from-fossin.html

[26] http://www.tuxmaniac.com/blog/2008/12/07/fossin-2008-lots-of-fun/

== Developments ==

In this section the people, personalities and debates on the
@fedora-devel mailing list are summarized.

Contributing Writer: Oisin Feeley

=== The PATH to CAPP Audits ===

Some tough questioning about the purpose and usefulness of the Common
Criteria for Information Technology Security Evaluation (CC)[1] was
dished out to the maintainers of shadow-utils (the family of secure
utilities for manipulating user accounts and passwords) when it appeared
that the need to audit specific behaviors was causing some awkward
constraints in OS design. The CC certifications are an ISO standard
originally developed by the USA's National Security Agency to specify
the expected behavior of systems under certain strictly defined criteria
(so called Protection Profiles) to certain levels (Enterprise Evaluation
Levels). Red Hat Enterprise Linux (a downstream derivative of Fedora) is
able to boast several of them, including CAPP,LSPP and RBACPP to
EAL4+[2], enabling RHEL5 to be purchased for use in government programs
which require "assured information sharing." See[3][4] for further
information. In order to provide the auditing capabilities mandatory to
achieve such certifications Steve Grubb and others on his team have been
steadily committing changes to Fedora. The specific protection profile
under discussion in this case was the Controlled Access Protection
Profile (CAPP) and there has been a good deal of unease about the
usefulness of such certification in other forums[5].

[1] http://en.wikipedia.org/wiki/Common.Criteria

[2] http://www.redhat.com/solutions/government/commoncriteria/

[3] A good blog entry by Sun's Jim Laurent:
http://blogs.sun.com/jimlaurent/entry/faq.what.is.a.common

[4] https://www2.sans.org/reading.room/whitepapers/standards/1078.php

[5] http://www.schneier.com/blog/archives/2005/12/microsoft.windo.html

When Callum Lerwick noticed[6] that he could not run usermod as an
unprivileged user in order to get its help page he suggested that "[...]
it and all the other account tools have been changed to mode 750,
inaccessible to normal users" and erroneously attributed this to recent
changes made to accommodate changes to the PATH environment variable.
Earlier discussion of the addition of the sbin directories to users'
PATHs can be found in FWN#146[7]. Jon Stanley replied[8] "These
permissions have been in place for over 2 years, with valid reasoning.
Just because it's in your PATH doesn't mean you should be able to
execute it." Jon appended the 2006 log message which attributed the
change to "fix regression. Permissions on user* group* binaries should
be 0750, because of CAPP/LSPP certification." Callum posted a list of
all the account tools which had such permissions including the
shadow-utils account tools and the audit subsystem tools.

[6]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00489.html

[7]
http://fedoraproject.org/wiki/FWN/Issue146#PATH:.2Fsbin.Tab.Confusion

[8]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00495.html

Although the change was actually several years old it appeared to cause
surprise in many circles and prompted demands for information on what
CAPP was and whether it was of any use to the Fedora Project. Steve
Grubb responded[9] to the original query that "[...] you cannot do
anything with [the user* commands] unless you are root. Allowing anyone
to execute them would require lots of bad things for our LSPP/CAPP
evaluations" and suggested that man pages should be used instead of
running the tools with the --help argument.

[9]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00501.html

Jesse Keating probed what appeared to be a reliance on restricting
execution permissions for security. When Steve corrected[10] this to be
"[...] more to do with the fact that we have to audit all attempts to
modify trusted databases - in this case, shadow [...] if we open the
permissions, we need to make these become setuid root so that we send
audit events saying they failed" Jesse was even more perturbed[11] and
asked "Why would the binary have to be suid? Why can't the binary detect
that [the] calling user is not root, and just print out the usage and a
message saying that you have to be root? How would this action make it
any less auditable?" Later Chris Adams extended[12] the apparent logic:
"[...] cat will have to be setuid root so it can audit? What about echo,
bash, perl, etc.? This is absurd."

[10]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00513.html

[11]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00523.html

[12]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00575.html

>From this point onwards the confusion and questioning gained in volume
and intensity with several points being made to question the usefulness
of this particular (CAPP) certification. These included the points that
any user could obtain copies of the restricted binaries from outside of
the system[13] for nefarious testing purposes; and that there were
plenty of other tools[14] on the system which might allow violations of
the policy.

[13]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00514.html

[14]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00626.html

It would be fair to characterize most of the reactions as hostile. Some
of this was due to an apparent impatience with "security certifications"
which seemed to be of more interest to managers than achieving practical
security. Callum Lerwick suggested[15] "[...] just because RHEL has to
do stupid ignorant shit to appease certification authorities doesn't
mean Fedora has to do it too." Another part was undoubtedly due to
concern about who had made the decision to follow this path. Jesse
Keating expressed[16] some frustration and asked "Who's 'we'? Perhaps
'we' shouldn't piss on Fedora in order to meet some cert that I highly
highly doubt any Fedora install will find useful." When Seth Vidal and
Dominik Mierzejewski also wondered when, and by whom, the decision was
made Steve answered[17]: "By me after a group presented the options back
in 2005. Back in those days shadow-utils was in 'Core' and that was
maintained by Red Hat."

[15]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00528.html

[16]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00534.html

[17]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00584.html

Another part of the hostility seemed to originate in the novelty of the
certification requirements to many participants. Steve answered many
queries as they came in and suggested that it was necessary to take an
overview of how the whole process worked. He was pressed by Jeff Spaleta
for further details. This led[18] to an interesting quote from the CAPP
guidelines and the example of how they are applied to shadow-utils. The
guidelines make some assumptions which many will find unrealistic, such
as the "[t]he system administrative personnel are not careless,
willfully negligent, or hostile, and will follow and abide by the
instructions provided by the administrator documentation." While this
criticism obviously calls into question the practical usefulness of the
CAPP certification it is just one layer designed to perform a specific
function, other more apparently useful security can only be built on top
of these layers after they are implemented. Steve's post also contained
some interesting practical examples of how administrators can use the
audit tools to view information gained by instrumenting the shadow-utils
code. To see who has modified accounts, and how, one can:

#ausearch --start this-month -m ADD_USER

#ausearch --start this-month -m ADD_GROUP

A view of attempts to change accounts both through the approved
shadow-utils (restricted to root) or other non-approved tools can be
obtained with a

ausearch --start this-month -f /etc/shadow *raw -- aureport -x -i

[18]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00585.html

Enrico Scholz pointed out[19] that this seemed like security through
obscurity because there were other tools (vipw and ldapadd) which could
modify the trusted database and Steve responded[20] that vipw was
forbidden and that it would be possible to extend the auditing to ldap
if someone had the time. In response to Andrew Bartlett Jesse Keating
interpreted[21] this "forbidden" as "`forbidden by policy' in which
using anything /but/ the audit-able tools is `forbidden by policy'. If
you're expecting everybody to follow policy, why not just set policy
that says `don't hack this box'. That'll work right?"

[19]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00587.html

[20]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00588.html

[21]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00623.html

Callum Lerwick jumped[22] to what was for him the central point: "So I
guess this is what all this really comes down to: Do we care about
certification?" and asked whether the shadow-utils maintainer(s) would
care to put the permissions to a FESCo vote. Steve affirmed[23] that
certification was worthwhile with a detailed list of the positive
side-effects of the certification process which include: man pages for
each syscall, bug fixing and reporting, test suites, crypto work,
virtualization with strong guarantees of VM separation and more. It was
an impressive list which seemed to counter the dominant assumption that
certification was merely another item to be ticked off on a bureaucrat's
mindless list. Steve noted that "[a]s a result, Fedora is the ONLY
community distribution that actually meets certification requirements.
OpenSuse might be close for CAPP, but not LSPP/RSBAC, but that would be
the only one I can think of that might be getting close."

[22]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00560.html

[23]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00563.html

While this summary might make it seem as though certification is a
slamdunk (and your correspondent has to admit a strong bias in favor of
it) it has probably failed to convey the sense of unease expressed by
Fedora Project contributors that decisions have been taken without
discussion or consultation. Jesse Keating asked[24] Steve Grubb to
explain who was providing impetus to the shadow-utils/certification
team: "Where is this yelling going on? Where are the bug reports? Where
is the public discussion about supposed problems in our install
processes? Where is the discussion with domain knowledge experts
debating whether or not the complaint has merit? Where is the open and
frank discussion?"

[24]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00547.html

One possible route around what seems to be an impasse was suggested by
Jeff Spaleta. Jeff observed[25] that CAPP certification for putative
"appliance spins", but not the current set of spins, might make sense
and asked[26]: "could some of the restrictions like the permissions be
handled in a more modular way? Could for example, things be changed so I
could install a specialized fedora-CAPP package at install time which
tightens up aspects of the system to bring it into CAPP compliance,
instead of expressing those restrictions in the default settings of all
installs?"

[25]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00556.html

[26]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00625.html

=== The Looming Py3K Monster ===

Last week we reported that Ignacio Vazquez-Abrams was busy shepherding
Python-2.6 into Fedora. This week Michael DeHaan raised[1] the question
of what the plan for incorporating Python 3K will be. Michael worried
that Py3K's incompatibilities with Python-2.6 "[are] pretty bad for
someone who wants to keep a single codebase across EL 4 (Python 2.3) and
up, which I think a lot of us do. That gets to be darn impossible and we
have to double our involvement with code because we essentially have to
maintain a differently-compatible fork for each project." He asked: "Are
we looking at also carrying on with packaging 2.N indefinitely when we
do decide to carry 3, because as I know it, the code changes to make
something Python 3 compatible will be severe and that's a big item for
any release, and will probably result in some undiscovered bugs even
after the initial ports (if applied)."

[1]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00379.html

Although there was some optimism that the "from future import" syntax
would allow the use of python-3 features in python-2 Daniel P. Berrange
quashed[2] the idea that this was a simple fix because it "[...] isn't
much help if python 2.3, 2.4 and 2.5 don't support 'from future import'
and you care about shipping stuff that works on the 99% of deployed
Linux boxes today which don't have 2.6 let alone 3.0." Basil Mohamed
Gohar suggested[3] running the 2to3 tool on the Core packages to gain a
sense of what needs to be done.

[2]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00394.html

[3]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00438.html

Some strategies and their implications were detailed[4] by Toshio
Kuratomi in a post which comprehensively explains the options. Toshio
suggested avoiding maintaining separate python2 and python3 packages
within a single version of Fedora due to the resulting double work and
space. He suggested that "[...] this decision is only partially within
the powers of the Fedora Project to decide. If 80% of our upstream
libraries move to py3, we'll need to move to py3 sooner. If 80% refuse
to move off of py2, we can take our time working on migration code." In
later discussion with Arthur Pemberton he seemed[5] to favor the idea of
using python-2.6 while ensuring that all code is as compatible as
possible with python-3 and avoided estimating how hard this would be
until actual experience is gained with "[...] porting code to 2.6 with
3.x features turned on at some point."

[4]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00420.html

[5]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00437.html

James Antill was[6] skeptical that Py3K would be seen in Fedora any time
soon due to the massive changes required and the past history
(FWN#114[7])of votes on maintaining compatibility packages: "I'll put
money on python3k not being the default in Fedora 12. Hell, I'll even
put some money on it not being the default in Fedora 14, at this point.
My personal opinion is that we stay with 2.6.* for as long as possible,
giving everyone time to dual port and the problems to be found/fixed and
then it "should be easy" to have it as a feature and move for one
release. But I'll point out that Ignacio Vazquez-Abrams did .all. the
work for 2.6 in Fedora 11 ... so feel free to take this as just my
opinion."

[6]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00391.html

[7]
http://fedoraproject.org/wiki/FWN/Issue114#Policy.Proposal.For.New.Compatibility.Packages

=== PackageKit Stealth Installations ===

Robert Locke asked[1] how createrepo, anaconda-yum-plugins and
preupgrade had been installed without his permission on a fresh Fedora
10 install.

[1]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00431.html

An answer was posted[2] by Jesse Keating to the effect that this had
been done by PackageKit "[...] so that it could offer you the ability to
upgrade. We've moved that information to a public webserver rather than
being in the preupgrade package so that PK can get this information
without stealth installing packages." He added that while there were no
"[...] current guidelines that would have caught this [...] it does fall
into the `don't do that' category."

[2]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00448.html

In further answers Jesse explained[3]: "It was installed so that
PackageKit could have the appropriate information to check if there were
distro level upgrades (say 9 to 10) available for you. The upstream has
been asked to please not install any software in Fedora without a users
consent, so hopefully this scenario won't happen again, at least not
with PackageKit."

[3]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00505.html

=== DNS Resolution Unreliable ===

Previously in FWN#154[1] we reported on some strange name resolution
problems. Seth Vidal, as maintainer of the YUM package which looked as
though it might be implicated, requested[2] follow-up information.

[1]
http://fedoraproject.org/wiki/FWN/Issue154#Strange.Resolution.Problems

[2]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00246.html

Tim Niemuller replied that the problems persisted for him and were
probably not to do with YUM. He added failures with svn to the mix and
suggested[3] that "[...] yum is [not] the problem but there is a more
general problem related to DNS lookups. As a specialty I'm using
nss-mdns. But on F-8/F-9 this has never been a problem, so I suspect
this is not what is causing the problem, especially because others have
the same problem and I don't think nss-mdns is installed on many
machines."

[3]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00305.html

Jonathan Underwood posted[4] a link to a heavily commented bugzilla
entry opened by Tom Horsley on 2008-08-21. The gist of the comments
appears to be that with certain DNS servers there is a problem with
simultaneous IPv4 and IPv6 requests being sent. A reported[5]
work-around involved using a non-glibc resolver such as dnsmasq and was
added[6] to the Fedora Project wiki by Christopher Stone.

[4]
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg00308.html

[5] http://www.fedorafaq.org/f10/#dns-slow

[6]
https://fedoraproject.org/wiki/Common.F10.bugs#DNS.Resolver.not.Reliable

Jakub Jelinek prepared[7] a glibc update which temporarily disables the
simultaneous requests and Ben Williams promised that once the issue is
cleanly resolved the Fedora Unity team[8] will issue a Fedora 10
re-spin.

[7] https://bugzilla.redhat.com/show.bug.cgi?id=459756#c91

[8] http://fedoraunity.org/

== Translation ==

This section covers the news surrounding the Fedora Translation (L10n)
Project.

http://fedoraproject.org/wiki/L10N

Contributing Writer: Runa Bhattacharjee

=== FLSco Elections Cancelled ===

The mid-term elections for Fedora Localization Steering Committee
(FLSCo) were cancelled and the Fedora Localization Project decided to go
ahead with the current Committee for another release[1][2].

[1]
https://www.redhat.com/archives/fedora-trans-list/2008-December/msg00011.html

[2]
https://www.redhat.com/archives/fedora-trans-list/2008-December/msg00018.html

=== Fedora-website Translation Repo Re-enabled ===

The main repository for the Fedora Website translation was re-enabled
post Fedora 10 release and the intermediate test repository is now
disabled[3]. As reiterated by RickyZhou, any updations to Fedora Website
content are to be submitted to the main repository[4].

[3]
https://www.redhat.com/archives/fedora-trans-list/2008-December/msg00003.html

[4]
https://www.redhat.com/archives/fedora-trans-list/2008-December/msg00001.html

=== Transifex Version Updated for translate.fedoraproject.org ===

RickyZhou announced that the transifex version on
translate.fedoraproject.org has been updated and very soon new features
like translated interface and module descriptions would also be
added[5].

[5]
https://www.redhat.com/archives/fedora-trans-list/2008-December/msg00023.html

=== New Members in FLP ===

Nikolay Vladimirov[6] and Daniel Cabrera[7] are the two new members
joining the Fedora Localization Project for the Bulgarian and Spanish
team respectively.

[6]
https://www.redhat.com/archives/fedora-trans-list/2008-December/msg00004.html

[7]
https://www.redhat.com/archives/fedora-trans-list/2008-December/msg00024.html

== Artwork ==

In this section, we cover the Fedora Artwork Project.

http://fedoraproject.org/wiki/Artwork

Contributing Writer: Nicu Buculei

=== Improved Document Templates ===

Máirín Duffy proposed on @fedora-art a new project for Fedora 11
"finding and developing nice-looking, general-purpose templates we could
then package up for programs like OpenOffice.org Writer, OpenOffice.org
Impress, Scribus, Inkscape, Gimp, etc.", proposal received[2] with
enthusiasm by Seth Kenlon, who also asked bout font requirements in
those templates "does anyone know if there are special requirements in
terms of fonts we could actually use and expect upstream to definitely
have?", a question answered[3] quickly by Máirín "I think we should only
assume users will have access to the fonts packaged for Fedora proper.
If we use a font that isn't included in the default live media
installation, then we should require the Fedora font package needed."

[1]
https://www.redhat.com/archives/fedora-art-list/2008-December/msg00001.html

[2]
https://www.redhat.com/archives/fedora-art-list/2008-December/msg00008.html

[3]
https://www.redhat.com/archives/fedora-art-list/2008-December/msg00009.html

=== Postprocessing in Icons ===

MartinSourada raised[1] a technical debate on @fedora-art, questioning
if the desktop icons should be always generated directly from the SVG
sources or if some additional raster post-processing is allowed "My
reason for this is that while I am unable to achieve, to my eye, perfect
antialiasing in some cases when using direct export in inkscape, but
after exporting it in bigger size applying some filters and resizing to
desired size I am able to achieve, to my eye, better results", a
question still under debate, awaiting input for contributors with more
experience in icon creation.

[1]
https://www.redhat.com/archives/fedora-art-list/2008-December/msg00005.html

=== FirstAidKit Artwork ===

Maria Leandro resumed[1] the work on an older DesignService request[2]
"I made some tries and finally came up something he like" a graphic
received with only a small concern[3] from Mike Langlie "The Red Cross
owns the trademark to the red cross icon/logo. They have sent cease and
desist orders to game companies that use it as an icon for health
re-ups. They do suggest using a green cross or white cross on a green
background instead as a generic alternative", something easily addressed
by Maria[4]

[1]
https://www.redhat.com/archives/fedora-art-list/2008-December/msg00002.html

[2] https://fedoraproject.org/wiki/Artwork/DesignService#Firstaidkit

[3]
https://www.redhat.com/archives/fedora-art-list/2008-December/msg00003.html

[4]
https://www.redhat.com/archives/fedora-art-list/2008-December/msg00004.html

=== T-Shirt Logo Design Tool ===

Following a chat on the IRC channel, Charles Brej followed[1] on
@fedora-art with a small application which can be used to create T-shirt
designs flom 'tag clouds': "I wrote a little tool to create these 'word
splat' things with the idea of using the generated images as the Fudcon
t-shirt designs". There is a strong possibility to see a number of
graphics created during the upcoming year with this tool.

[1]
https://www.redhat.com/archives/fedora-art-list/2008-December/msg00026.html

[2] http://www.cs.man.ac.uk/~brejc8/temp/try3.png

== Security Advisories ==

In this section, we cover Security Advisories from
fedora-package-announce.

https://www.redhat.com/mailman/listinfo/fedora-package-announce

Contributing Writer: David Nalley

=== Fedora 10 Security Advisories ===

    * lynx-2.8.6-18.fc10 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00065.html
    * wordpress-2.6.5-2.fc10 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00083.html
    * samba-3.2.5-0.23.fc10 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00116.html
    * blender-2.48a-4.fc10 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00178.html
    * grip-3.2.0-24.fc10 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00183.html
    * dbus-1.2.6-1.fc10 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00209.html
    * squirrelmail-1.4.17-2.fc10 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00232.html
    * clamav-0.94.2-1.fc10 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00308.html
    * syslog-ng-2.0.10-1.fc10 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00397.html
    * java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00444.html 

=== Fedora 9 Security Advisories ===

    * wordpress-2.6.5-2.fc9 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html
    * samba-3.2.5-0.22.fc9 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.html
    * lynx-2.8.6-17.fc9 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00066.html
    * squirrelmail-1.4.17-1.fc9 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html
    * syslog-ng-2.0.10-1.fc9 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00237.html
    * java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00384.html
    * dbus-1.2.6-1.fc9 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html 

=== Fedora 8 Security Advisories ===

Fedora 8 is nearing EOL
Per FESCo support for Fedora 8 will be discontinued on January 7th 2009
https://www.redhat.com/archives/fedora-devel-list/2008-November/msg02014.html

    * samba-3.0.33-0.fc8 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.html
    * lynx-2.8.6-12.fc8 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00143.html
    * wordpress-2.6.5-2.fc8 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00176.html
    * squirrelmail-1.4.17-1.fc8 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html
    * syslog-ng-2.0.10-1.fc8 -
    https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00450.html 

== Virtualization ==

In this section, we cover discussion on the @et-mgmnt-tools-list,
@fedora-xen-list, @libvirt-list and @ovirt-devel-list of Fedora
virtualization technologies.

Contributing Writer: Dale Bewley

=== Enterprise Management Tools List ===

This section contains the discussion happening on the et-mgmt-tools list
Enabling Builds of libvirt for Windows

Richard W.M. Jones sought[1] help in enabling builds of Windows libvirt
binaries under Fedora. "It seems like we should have the base MinGW
(Windows cross-compiler) packages in Fedora 11 by the end of this week.
This email is to document the additional packages we need to get
approved, in order to get the cross-compiled libvirt and virt tools into
(or buildable by) Fedora 11.

If you want to help out, please start reviewing by following the
Bugzilla links, and looking at the approved packaging guidelines[2]"

[1]
http://www.redhat.com/archives/et-mgmt-tools/2008-November/msg00073.html

[2] http://fedoraproject.org/wiki/Packaging/MinGW.

==== Solaris Support in virtinst ====

John Levon submitted several patches to improve Solaris support in
image:Echo-package-16px.pngpython-virtinst including and not limited to
the following:

    * Add an option for passing Solaris JumpStart information.[1]
    * Various utility functions[2].
    * "Make 'solaris' a first-class OS type, and select USB tablet
    support for the appropriate variants."[3]
    * Add support for Solaris PV.[4]
    * Support for the vdisk format[5]. John explained "vdisk is
    basically " Sun's " tap implementation and disk management tool. 

[1]
http://www.redhat.com/archives/et-mgmt-tools/2008-December/msg00062.html

[2]
http://www.redhat.com/archives/et-mgmt-tools/2008-December/msg00063.html

[3]
http://www.redhat.com/archives/et-mgmt-tools/2008-December/msg00064.html

[4]
http://www.redhat.com/archives/et-mgmt-tools/2008-December/msg00065.html

[5]
http://www.redhat.com/archives/et-mgmt-tools/2008-December/msg00067.html

=== Fedora Xen List ===

This section contains the discussion happening on the fedora-xen list.

==== Support for Fedora 10 DomU on F8 Dom0 ====

The changes[1] made to the image:Echo-package-16px.pngkernel which
obviated image:Echo-package-16px.pngkernel-xen caused
image:Echo-package-16px.pngpython-virtinst to fail[2] during the
creation of a Fedora 10 Xen guest on a Fedora 8 Xen host.

Cole Robinson announced[3] a test build[4] which fixes this problem.
Readers are encouraged to test the release and provide positive karma
points in bodhi[5] to make the build an official update.

[1]
http://docs.fedoraproject.org/release-notes/f10/en_US/What_Do_System_Adminstrators_Care_About.html#sn-Unified_kernel_image

[2] RHBZ #458164

[3]
http://www.redhat.com/archives/fedora-xen/2008-November/msg00036.html

[4] http://koji.fedoraproject.org/koji/buildinfo?buildID=71125

[5] https://admin.fedoraproject.org/updates/F8/FEDORA-2008-10394

==== Paravirt Ops Dom0 Feature Update ====

After some prompting[1] from Pasi Kärkkäinen the dom0 support feature
page[2] was updated to better clarify where the work to bring dom0
support back to Fedora is being done, and to more accurately represent
the current status.

The patches[3] are being written by Jeremy Fitzhardinge and others at
Citrix/XenSource are being submitted to the mainline kernel. Once
accepted in the upstream kernel, efforts will resume within Fedora to
make the changes necessary to support dom0. These efforts include[4]
ensuring the hypervisor supports bzImage kernels.

[1]
http://www.redhat.com/archives/fedora-xen/2008-November/msg00021.html

[2] http://fedoraproject.org/wiki/Features/XenPvopsDom0

[3] http://xenbits.xen.org/paravirt_ops/patches.hg/

[4]
http://www.redhat.com/archives/fedora-xen/2008-November/msg00025.html

=== Libvirt List ===

This section contains the discussion happening on the libvir-list.

==== Release of libvirt 0.5.0 and 0.5.1 ====

Daniel Veillard announced[1][2] the releases of
image:Echo-package-16px.pnglibvirt 0.5.0 and 0.5.1. "This is a long
expected release, with a lot of new features, as a result the small
version number is increased." Tarballs and signed RPMs available
upstream[3] and in Bodhi[4].

"As stated there is a huge amount of new features and improvement in
this release, as well as a lot of bug fixes, the list is quite long".
See the post[1] for the full list including the numerous improvments,
documentation updates, bug fixes, and cleanups omitted below.

New features:

    * CPU and scheduler support for LXC (Dan Smith)
    * SDL display configuration (Daniel Berrange)
    * domain lifecycle event support for QEmu and Xen with python
    bindings (Ben Guthro and Daniel Berrange)
    * KVM/QEmu migration support (Rich Jones and Chris Lalancette)
    * User Mode Linux driver (Daniel Berrange)
    * API for node device enumeration using HAL and DeviceKit with
    python bindings (David Lively) 

"Thanks a lot to everybody who contributed to this release, it is really
great to see new people providing significant patches, and the amount of
feedback received on the list."

[1]
http://www.redhat.com/archives/libvir-list/2008-November/msg00387.html

[2]
http://www.redhat.com/archives/libvir-list/2008-December/msg00148.html

[3] ftp://libvirt.org/libvirt/

[4] https://admin.fedoraproject.org/updates/libvirt

==== Allow Automatic Driver Probe for Remote TCP Connections ====

Later described by the release of image:Echo-package-16px.pnglibvirt
0.5.1 as an improvement, Daniel P. Berrange posted[1] the patch to
implement a more general method for connecting to remote[2] hypervisor
drivers.

"When connecting to a local libvirt you can let it automatically probe
the hypervisor URI if you don't know it ahead of time. This doesn't work
with remote URIs because you need to have something to put in the URI
scheme before the hostname:

    * qemu+ssh://somehost/system
    * xen+tcp://somehost/system 

This is then translated into the URI:

    * qemu:///system
    * xen:/// 

...

This patch adds a 'remote' URI scheme, usable like this:

    * remote+ssh://somehost/
    * remote+tcp://somehost/ 

...

This finally makes the Avahi[3] broadcasts useful - they only include
info on the hostname + data transport (SSH, TCP, TLS), not the HV type.
So letting us use auto-probing remotely is the missing link."

[1]
http://www.redhat.com/archives/libvir-list/2008-November/msg00420.html

[2] http://libvirt.org/remote.html

[3] http://www.avahi.org

==== Thread Safety for libvirtd Daemon and Drivers ====

Daniel P. Berrange posted[1] a huge series of 28 patches which add
"thread safety for the libvirtd daemon and drivers, and makes the daemon
multi-threaded in processing RPC calls. This enables multiple clients to
be processed in parallel, without blocking each other. It does not
change the thread rules for the virConnectPtr object though, so each
individual client is still serialized." ... "This touches a huge amount
of code, so I'd like to get this all merged ASAP as it'll be really hard
to keep it synced with ongoing changes."

[1]
http://www.redhat.com/archives/libvir-list/2008-November/msg00453.html

[2]
http://fedoraproject.org/wiki/FWN/Issue148#Experimental_Driver_Thread_Safety

==== libvirt 0.5.0 and KVM Migration Support ====

Mickaël Canévet wondered[1] if image:Echo-package-16px.pngkvm guest
migration was expected to be functional. "I just installed
image:Echo-package-16px.pnglibvirt 0.5.0 on Debian Lenny with kvm 0.72
to try kvm migration support." Tests failed with "libvir: error : this
function is not supported by the hypervisor: virDomainMigrate."

Chris Lalancette confirmed[2] "Yes, it is supposed to work, but yes, you
need a very, very new kvm. In particular, you need at least kvm-77, and
it won't really work right until you get to kvm-79."

[1]
http://www.redhat.com/archives/libvir-list/2008-December/msg00025.html

[2]
http://www.redhat.com/archives/libvir-list/2008-December/msg00027.html

=== oVirt Devel List ===

This section contains the discussion happening on the ovirt-devel list.

==== Some Architecture Diagrams ====

Daniel P. Berrange said[1] "I felt I wanted some additional more
technically detailed/ focused diagrams to illustrate what we're doing to
developers actually writing code for the project." And pointed to oVirt
architecure diagrams he created.[2]

[1]
http://www.redhat.com/archives/ovirt-devel/2008-November/msg00357.html

[2] http://ovirt.org/page/ArchDiagrams

==== Standalone Console Viewer for oVirt ====

Continuing work on a executable console solution[1] for oVirt, with a
fork of image:Echo-package-16px.pngvirt-viewer, Richard W.M. Jones
created[2] ovirt-viewer.

[1] https://fedoraproject.org/wiki/FWN/Issue151#oVirt_Console_Conundrum

[2]
http://www.redhat.com/archives/ovirt-devel/2008-November/msg00412.html 
-- 
  Oisin Feeley
  http://fedoraproject.org/wiki/OisinFeeley


-- 
fedora-announce-list mailing list
fedora-announce-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-announce-list

[Index of Archives]     [Fedora Package Announce]     [Fedora Users]     [Fedora Package Review]     [Fedora Desktop]     [PAM]     [Big List of Linux Books]     [Gimp]     [Yosemite News]     [Yosemite Camping]     [Fedora Users]

  Powered by Linux