* 1 Fedora Weekly News Issue 248 o 1.1 Planet Fedora + 1.1.1 General o 1.2 Fedora In the News + 1.2.1 Root privileges through vulnerability in GNU C loader - (The H) + 1.2.2 Fedora Uses YubiKey for Strong Two-Factor Authentication - (IT News Online) o 1.3 Ambassadors + 1.3.1 Welcome New Ambassadors + 1.3.2 Summary of traffic on Ambassadors mailing list + 1.3.3 Summary of traffic on FAmSCo mailing list o 1.4 Translation + 1.4.1 Fedora 14 Tasks + 1.4.2 Alternative Process to Submit Fedora 14 Release Notes + 1.4.3 Proposal to Revive the FLP Meetings + 1.4.4 Fedora Website Files Set for an Update + 1.4.5 New Document for Translation + 1.4.6 New Members and Sponsors in FLP o 1.5 Design + 1.5.1 F14 Release Poster + 1.5.2 Website Redesign + 1.5.3 Design Ninjas o 1.6 Security Advisories + 1.6.1 Fedora 14 Security Advisories + 1.6.2 Fedora 13 Security Advisories + 1.6.3 Fedora 12 Security Advisories - Fedora Weekly News Issue 248 - Welcome to Fedora Weekly News Issue 248[1] for the week ending October 20, 2010. What follows are some highlights from this issue. Our issue kicks off with news from the Fedora Planet, including details on upcoming features in Fedora 14, how to convert a virtual machine from VirtualBox to KVM, a new website for virtualization tools, and Atari 8-bit and 16-bit Atari emulators coming to Fedora. We have two articles for Fedora In The News, including a recent discovery of a security vulnerability in the GNU C compiler that affects Fedora and RHEL, and a piece on Fedora's adoption of YubiKey's two-stage authentication for high-security scenarios. In news from the Fedora Ambassadors, new members to the Ambassador team from Brazil and Kosovo, a wonderful summary of discussion on the busy Ambassador list for the past week, and a summary of discussion on the Fedora Ambassador Steering Committee list as well. In Translation team news, development of an alternative process for submitting Fedora 14 release notes, restarting Fedora Localization Project, and a new version of the amateur radio guide that is ready for translation, as well as a new member of the FLP from Italy. In news from the Design team, work on a Fedora 14 poster,more details on the upcoming Fedora Project website redesign and an update on the Fedora Students Contributing t-shirt design contest winner. Our issue reaches completion with updates of security-related packages from the past week. Enjoy! The audio version of FWN - FAWN - is back! You can listen to existing issues[2] on the Internet Archive. If anyone is interested in helping spread the load of FAWN production, please contact us! If you are interested in contributing to Fedora Weekly News, please see our 'join' page[3]. We welcome reader feedback: news@xxxxxxxxxxxxxxxxxxxxxxx FWN Editorial Team: Pascal Calarco, Adam Williamson 1. http://fedoraproject.org/wiki/FWN/Issue248 2. http://www.archive.org/search.php?query=subject%3A%22FWN%22 3. http://fedoraproject.org/wiki/NewsProject/Join -- Planet Fedora -- In this section, we cover the highlights of Planet Fedora[1] - an aggregation of blogs from Fedora contributors worldwide. Contributing Writer: Adam Batkin 1. http://planet.fedoraproject.org --- General --- The Red Hat Press office highlighted[1] one of the new features in the upcoming Fedora 14: SCAP. "SCAP is a line of standards managed by the National Institute of Standards and Technology (NIST). It provides a standardized approach to maintaining the security of systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise." Richard W.M. Jones announced[2] the new http://virt-tools.org/ website. Already, the website is filled with useful documentation and articles. While on the topic of virtualization, Richard described[3] a new on-disk format that is being developed for for VMs, QEMU Enhanced Disk format (QED). And if your VM is taking up too much space, but it is mostly empty, you can<http://rwmj.wordpress.com/2010/10/19/tip-making-a-disk-image-sparse/</ref> make your VM disk sparse. Jesus Rodriguez explained[4] how to convert a VM from VirtualBox to KVM, and included lots of shiny Virtual Machine Manager screenshots. Roozbeh Pournader mentioned[5] that Unicode 6.0 has been released. Caolan McNamara compared[6] the performance of STLPort with gcc's built-in STL. "Some of you will remember 8-bit and 16/32-bit computers produced in the 80-ties and early 90-ties by a company called Atari. " Dan Horák is packaging[7] some required emulators and supporting software to bring the 80's into the 21st century. Chris Lumens started[8] a series of posts about Anaconda. Among other things, Chris explained why Fedora and Red Hat can't switch to Ubuntu's installer. Jef van Schendel created[9] a set of keyboard shortcut cheat-sheets for Inkscape, with nifty keyboard key images. 1. http://press.redhat.com/2010/10/14/fedora-14-spotlight-feature-keeping-secure-with-openscap/ 2. http://rwmj.wordpress.com/2010/10/13/announcing-the-virt-tools-org-website/ 3. http://rwmj.wordpress.com/2010/10/18/in-development-qemu-enhanced-disk-format-qed/ 4. http://zeusville.wordpress.com/2010/10/13/virtualbox-kvm/ 5. http://www.advogato.org/person/roozbeh/diary.html?start=163 6. http://blogs.linux.ie/caolan/2010/10/12/stl-performance-comparison-gcc-4-5-1-vs-stlport-4-5/ 7. http://sharkcz.livejournal.com/6424.html 8. http://www.bangmoney.org/serendipity/index.php?/archives/154-This-Week-in-Anaconda-1.html 9. http://jefsblog.wordpress.com/2010/10/14/tutorial-introduction-to-inkscape-keyboard-shortcuts-with-pics/ -- Fedora In the News -- In this section, we cover news from the trade press and elsewhere that is re-posted to the Fedora Marketing list[1] http://fedoraproject.org/wiki/Marketing Contributing Writer: Pascal Calarco 1. http://lists.fedoraproject.org/pipermail/marketing/ --- Root privileges through vulnerability in GNU C loader - (The H) --- Jonathan Nalley forwarded[1] a brief article on security vulnerabilities found recently in the GNU C loader, which affect Fedora and other distributions: "According to the developer's tests, at least glibc versions 2.12.1 under Fedora 13 and 2.5 under Red Hat Enterprise Linux (RHEL) 5 are vulnerable." The full article is available[2] 1. http://lists.fedoraproject.org/pipermail/marketing/2010-October/013468.html 2. http://www.h-online.com/open/news/item/Root-privileges-through-vulnerability-in-GNU-C-loader-1110182.html --- Fedora Uses YubiKey for Strong Two-Factor Authentication - (IT News Online) --- Jonathan Nalley forwarded[1] a posting on YubiKey authentication in Fedora: "The Fedora Project, a Red Hat sponsored and community-supported open source collaboration, has integrated support into its infrastructure services for YubiKey, the open source authentication key by Yubico. The YubiKeys are also used by Fedora’s core team members for securing access to high security hosts....One of the fundamental principles of the Fedora Infrastructure team is their dedication to Fedora's stance on freedom. In short, the team only uses, produces, and deploys 100% free and open source software for these services. Fedora contributors are thus able not only to have immediate access to free software services, but are also able to contribute to their continual improvement. 'The YubiKey is backed by a free software stack and can be used agnostically with other free software, making it well-suited for the rest of the Fedora team's processes,' says Mike McGrath, Red Hat engineer and leader of the Fedora Infrastructure team." The full article is available[2] 1. http://lists.fedoraproject.org/pipermail/marketing/2010-October/013467.html 2. http://www.itnewsonline.com/news/Fedora-Uses-YubiKey-for-Strong-Two-Factor-Authentication/21678/8/3 -- Ambassadors This section covers the news surrounding the Fedora Ambassadors Project[1]. Contributing Writer: Sankarshan Mukhopadhyay 1. http://fedoraproject.org/wiki/Ambassadors --- Welcome New Ambassadors --- This week the Fedora Ambassadors Project had a couple of new members joining. Thiago Peixoto from Brazil mentored by María Leandro Gent Thaçi Kosovo mentored by Bert Desmet supported by Robert Scheck --- Summary of traffic on Ambassadors mailing list --- A Mani posted [1] about a magazine [2] and suggested that the milestones of Fedora Print Magazine [3] be an online edition first and a print edition later. Neville A Cross posted [4] about the Fedora 14 Countdown banner for blogs and requested all to spread the word Jon Stanley informed [5] that CPOSC [6] and he would be manning the booth John Poelstra posted [7] about upcoming Fedora 14 tasks pertaining to Release Parties and Regional IRC sessions Gerold Kassube posted [8] about the FAD at Rheinfelden and followed it up [9] with a link for registration [10] Max Spevack posted [11] his round-up of budget updates and, planning for rest-of-2010 Sascha Thomas Spreitzer posted [12] on the outcome of checking the feasibility of putting more than one live-cd on one disc and provided a proof of concept [13] The resulting thread [14] has extensive discussions about doing the media production at EMEA Robert Scheck posted [15] a review of the Szabad Szoftver Konferencia 2010 in Szeged, Hungary Pascal Calarco put out [16] a Call for Participation on Fedora Insight by calling upon those who have intermediate to advanced Drupal 6 skills and some time at hand. Ahmed M Araby wrote about [17] Software Freedom Day [18] at Menoufya University, Egypt David Ramsey posted [19] meeting notes for APAC meeting on 2010-10-17 Gent Thaçi asked [20] about existing communities for the Balkans. The thread [21] has inputs from others on the need to form such communities Christoph Wickert asked [22] about legal requirements for the Multi-Desktop Live media which is being proposed to be produced by ambassadors at EMEA. Later, Christoph also followed up [23] with the Board meeting recap, 2010-10-18 which had the disc-of-spins as an agenda item. Máirín Duffy had a few additional questions and suggestion [24] on the disc-of-spins item Gent Thaçi posted [25] about an article on The Fedora Project in PCWorld Albanian Carlos Carreno informed [26] about Fedora Party 2010 at Lima, Peru to be held on 2010-11-06 at Ricardo Palma University 1. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015667.html 2. http://pclosmag.com/ 3. http://fedoraproject.org/wiki/Fedora_print_magazine 4. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015677.html 5. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015680.html 6. http://cposc.org/ 7. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015681.html 8. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015691.html 9. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015763.html 10. https://fedoraproject.org/wiki/FAD_EMEA_2010 11. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015695.html 12. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015701.html 13. http://sspreitzer.fedorapeople.org/torrents/ 14. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/thread.html#15701 15. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015717.html 16. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015734.html 17. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015737.html 18. http://sfd.mufix.org/site/ 19. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015741.html 20. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015746.html 21. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/thread.html#15746 22. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015748.html 23. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015751.html 24. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015754.html 25. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015762.html 26. http://lists.fedoraproject.org/pipermail/ambassadors/2010-October/015764.html --- Summary of traffic on FAmSCo mailing list --- Christoph Wickert posted [1] the FAmSCo Meeting Minutes [2] of 2010-09-27 and asked [3] the the FAmSCo meeting for 2010-10-04 was indeed adjourned Christoph Wickert also pointed out [4] the need to discuss the EMEA media production budget [5] Sascha Thomas Spreitzer mentioned [6] that the cost/budget for F14 would remain the same as F13 [7] Max Spevack responded [8] to Christoph's mail stating that it was "very easily within budget" Joerg Simon posted [9] FAmSCo Meeting Minutes 2010-10-11 [10] Joerg Simon informed [11] that he would not be able to attend the FAmSCo Meeting on 2010-10-18 and requested that the FAmSCo Report [12] be completed 1. http://lists.fedoraproject.org/pipermail/famsco/2010-October/000370.html 2. http://meetbot.fedoraproject.org/fedora-meeting-1/2010-09-27/fedora-meeting-1.2010-09-27-18.05.html 3. http://lists.fedoraproject.org/pipermail/famsco/2010-October/000371.html 4. http://lists.fedoraproject.org/pipermail/famsco/2010-October/000372.html 5. https://fedorahosted.org/famsco/ticket/91 6. http://lists.fedoraproject.org/pipermail/famsco/2010-October/000373.html 7. http://sspreitzer.fedorapeople.org/mediaquotes/F14/ 8. http://lists.fedoraproject.org/pipermail/famsco/2010-October/000375.html 9. http://lists.fedoraproject.org/pipermail/famsco/2010-October/000376.html 10. http://meetbot.fedoraproject.org/fedora-meeting-1/2010-10-11/fedora-meeting-1.2010-10-11-18.01.html 11. http://lists.fedoraproject.org/pipermail/famsco/2010-October/000379.html 12. https://fedoraproject.org/wiki/FAmSCo_report_2010-09 -- Translation -- This section covers the news surrounding the Fedora Translation (L10n) Project[1]. Contributing Writer: Runa Bhattacharjee 1. http://fedoraproject.org/wiki/L10N --- Fedora 14 Tasks --- John Poelstra informed[1] in the list about the upcoming tasks for Fedora 14. As per the schedule, review and correction of the Final Translated Guides (i.e. daily build htmls) and Website content is currently underway. 1. http://lists.fedoraproject.org/pipermail/trans/2010-October/008167.html --- Alternative Process to Submit Fedora 14 Release Notes --- Due to persistant problems in submitting the Fedora 14 Release Notes translation via translate.fedoraproject.org, teams can send in translations via a bug or to other translators who have git-commit access for the document directly to meet the Fedora 14 Release Notes translation deadline[1]. This problem is expected to be resolved when the transifex instance is updated sometime after the release of Fedora 14. 1. http://lists.fedoraproject.org/pipermail/trans/2010-October/008171.html --- Proposal to Revive the FLP Meetings --- Shankar Prasad from the Kannada team proposed to restart the IRC meetings of the FLP[1]. Noriko Mizumoto suggested a few topics for discussion including - upgrading the transifex instance and FLSco elections[2]. 1. http://lists.fedoraproject.org/pipermail/trans/2010-October/008150.html 2. http://lists.fedoraproject.org/pipermail/trans/2010-October/008189.html --- Fedora Website Files Set for an Update --- The text in the Fedora Website files have been rewritten in a simpler and shortened format. Paul Frields sought a straw poll from the FLP to update the POT and PO files that would allow the translators to update their translations in accordance with the redesigned website[1]. After a few more additional changes, the files were committed. 1. http://lists.fedoraproject.org/pipermail/trans/2010-October/008161.html --- New Document for Translation --- The Amateur Radio Guide has been added to translate.fedoraproject.org and translations for this guide can now be submitted[1]. 1. http://lists.fedoraproject.org/pipermail/trans/2010-October/008155.html --- New Members and Sponsors in FLP --- Francesco D'Aluisio (Italian) [1] joined the FLP recently. 1. http://lists.fedoraproject.org/pipermail/trans/2010-October/008205.html -- Design -- In this section, we cover the Fedora Design Team[1]. Contributing Writer: Nicu Buculei 1. http://fedoraproject.org/wiki/Artwork --- F14 Release Poster --- Emily Dirsh posted[1] a first version of the probably last missing piece before the Fedora 14 release party poster "I made up a (slightly) new poster based on the feedback I got at the meeting today." 1. http://lists.fedoraproject.org/pipermail/design-team/2010-October/003502.html --- Website Redesign --- One of the goodies brought by the Fedora 14 release is going to be a new and improved version of the Fedora Project website, a joint development of the Websites and Design Teams, so Jef van Schendel posted[1] an update about the current status[2] "Now we want to check everything and make sure it's all in tip top shape and ready to be released." 1. http://lists.fedoraproject.org/pipermail/design-team/2010-October/003465.html 2. http://stg.fedoraproject.org/ --- Design Ninjas --- Máirín Duffy wrote[1] on her blog the third Design Bounty Ninja, Christian Brassat "Christian responded to our third Fedora Design Bi-Weekly Bounty – a t-shirt design for the Fedora Students Contributing program. Christian put together a most excellent T-shirt design for the program, using Inkscape and Nicu’s Open Clip Art T-shirt template, collaborating with the Fedora Design Team throughout the process, then prepping the final design for print using Scribus. He came up with a very nice concept for the T-shirt – it’s summery and fun with its tropical flowers, and relates to free software and mentorship with its sprouting-seed design – and carefully adhered to all of the Fedora branding guidelines. He also provided all of his source work!" 1. http://mairin.wordpress.com/2010/10/19/third-fedora-design-bounty-ninja-identified/ -- Security Advisories -- In this section, we cover Security Advisories from fedora-package-announce. http://lists.fedoraproject.org/pipermail/package-announce Contributing Writer: Pascal Calarco --- Fedora 14 Security Advisories --- * glibc-2.12.90-17 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049665.html * tuxguitar-1.2-3.fc14 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049655.html * postgresql-8.4.5-1.fc14 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049496.html * java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html * rekonq-0.6.1-1.fc14 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049406.html * poppler-0.14.4-1.fc14 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html * php-pear-CAS-1.1.3-1.fc14 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049360.html * krb5-1.8.2-6.fc14 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049336.html * ardour-2.8.11-5.fc14 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049333.html --- Fedora 13 Security Advisories --- * freetype-2.3.11-6.fc13 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049605.html * webkitgtk-1.2.5-1.fc13 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049604.html * php-pear-CAS-1.1.3-1.fc13 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html * postgresql-8.4.5-1.fc13 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049592.html * java-1.6.0-openjdk-1.6.0.0-43.1.8.2.fc13 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html * poppler-0.12.4-6.fc13 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html * ardour-2.8.11-5.fc13 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049377.html --- Fedora 12 Security Advisories --- * php-pear-CAS-1.1.3-1.fc12 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html * postgresql-8.4.5-1.fc12 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049591.html * poppler-0.12.4-5.fc12 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html * webkitgtk-1.2.5-1.fc12 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049544.html * ardour-2.8.11-5.fc12 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049373.html * ghostscript-8.71-16.fc12 - http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049367.html - end FWN 248 - --- Pascal Calarco, Fedora Ambassador, Indiana, USA -- announce mailing list announce@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/announce