19th, 2009.
http://fedoraproject.org/wiki/FWN/Issue159
This week's issue reveals the code name for Fedora 11 and provides
coverage from the latest FUDCon in announcements. News abounds from
around Fedora Planet, including musings on the reduction of the OLPC dev
team, thoughts on what it means to contribute to Fedora from several
contributors, and much more. Development reports on several discussions
from the recent FUDCon on the possible future of comps.xml, new packages
to Rawhide coming, and more. More depth of discussion on the need for a
Fedora Project CMS is offered in the Docs beat, and Translations has
lots more to report on new members of various internationalization
teams. The Art beat has a wonderful in-depth look at approaches for
themes for Fedora 11, and security advisories brings us up to date with
recent updates there. We complete the issue with news from
virtualization developments, including two items regarding sVirt, a
project to add security labeling support to Linux-based virtualization,
and other focused discussions with libvirt. Enjoy!
If you are interested in contributing to Fedora Weekly News, please see
our 'join' page[1]. We welcome reader feedback: fedora-news-list@redhat.com
FWN Editorial Team: Pascal Calarco, Oisin Feeley, Huzaifa Sidhpurwala
[1] http://fedoraproject.org/wiki/NewsProject/Join
-- Announcements --
In this section, we cover announcements from the Fedora Project.
http://www.redhat.com/archives/fedora-announce-list/
http://www.redhat.com/archives/fedora-devel-announce/
Contributing Writer: Max Spevack
--- Fedora 11 Release Name ---
At FUDCon Boston, Paul Frields announced that "Leonidas" had won the
vote, and will be the code name of Fedora 11. There was much screaming
and yelling, and reciting of lines from "The 300"[0].
[0]
http://www.redhat.com/archives/fedora-devel-announce/2009-January/msg00004.html
--- FUDCon Boston ---
FUDCon Boston was a great success[1]. Not only are many videos from the
sessions available on the Fedora Wiki, but there is also a collection of
blog posts from various attendees[2].
[1]
http://www.redhat.com/archives/fedora-announce-list/2009-January/msg00013.html
[2] https://fedoraproject.org/wiki/FUDCon:FUDConF11_blogs
--- Technical Announcements ---
Jon Stanley announced[3] that he and Dennis Gilmore "are beginning an
effort to migrate fedora-* redhat com to lists.fedoraproject.org." There
are several benefits to this move, including greater control of the
Fedora lists, a stronger Fedora identity (@lists.fedoraproject.org as
opposed to @redhat.com), and the ability to be more responsive to
community requests.
[3]
http://www.redhat.com/archives/fedora-announce-list/2009-January/msg00012.html
Jesse Keating announced[4] that on January 20th, "we will be doing a
non-blocking freeze of Rawhide to be the basis of Fedora 11 Alpha. Only
targeted fixes will be pulled into the Alpha tag after the freeze.
Rawhide itself will continue on as to not disrupt development."
[4]
http://www.redhat.com/archives/fedora-devel-announce/2009-January/msg00005.html
--- Upcoming Events ---
Fedora will have a presence at several events in the next few weeks.
Feel free to join us,
February 6 - 8: Free and Open Source Developers European Meeting (FOSDEM)[5]
February 20 - 22: Southern California Linux Expo (SCALE)[6]
Also, people are encouraged to register for Fedora or JBoss.org related
speaking slots at LinuxTag 2009[7].
[5] https://fedoraproject.org/wiki/FedoraEvents/FOSDEM/FOSDEM2009
[6] https://fedoraproject.org/wiki/SCALE7X_Event
[7] https://fedoraproject.org/wiki/LinuxTag_2009_talks
-- Planet Fedora --
In this section, we cover the highlights of Planet Fedora - an
aggregation of blogs from Fedora contributors worldwide.
http://planet.fedoraproject.org
Contributing Writer: Adam Batkin
--- General ---
Marc F Ferguson expounded[0] upon the wonders of "Being a Part of
Something Bigger" by joining the Fedora Project and switching to Linux!
While there are lots of positive posts out there, this one captures the
positive feeling that a lot of folks have by joining a project like Fedora.
Andrew Overholt appealed[1] for anyone interested in helping get JBoss
AS 5.0 into Fedora.
Karsten Wade wrote[2] about some of the issues and concerns involved
with picking a CMS for Fedora.
Abhishek Rane posted[3] some nice screenshots of Amarok 2.0.1.1 (as well
as a download link for Fedora 10).
Jef Spaleta continued[4] his across-the-intertubes discussion with Mark
Shuttleworth about Canonical's Launchpad being closed source, and talked
about his motivations behind contributing to Fedora: "I have never
received a paycheck from Red Hat in any capacity...Making sure companies
which proclaim to be open source advocates are actually 'walking the
walk' is on my personal agenda." In another post, Jef added[5] the
statistic "2 out of the top 3 'ideas' on Ubuntu's brainstorm this week
are requests to take features from the Fedora Feature process for Fedora
10 and port them to Ubuntu". He continued[6] by showing that Soyuz (a
component of Launchpad that Canonical has not open sourced) has a much
higher number of open bugs than other components. Along a similar line
of thought, he discussed[7] in more general terms, "How important is
opening sourcing in the cloud?"
Greg DeKoenigsberg mused[8] about the loss of most of the OLPC software
development team and what that means for OLPC, Sugar and Fedora.
Jesus Rodriguez announced[9] that Spacewalk 0.4 ("an open source Linux
and Solaris systems management solution") has been released, including a
list of features and enhancements and some known issues.
Scott Williams proposed[10] offering support for end-of-life versions of
Fedora in a new Freenode IRC channel (#Fedora-EOL), complete with some
discussion in the comments about whether or not this was a good idea.
Dave Jones generated[11] a neat graph of the performance of an SSD
Jef Spaleta provided[12] some interesting statistics about VCS usage
from Debian as well as fedorahosted.org, and discussed some of the
implications.
[0] http://www.fergytech.com/2009/01/17/being-apart-of-something-bigger/
[1] http://overholt.ca/wp/?p=114
[2]
http://iquaid.org/2009/01/11/moving-toward-a-content-management-decision/
[3]
http://www.abhishekrane.com/2009/01/12/magellanamarok-2011-released-screenshot-changelog/
[4] http://jspaleta.livejournal.com/32178.html
[5] http://jspaleta.livejournal.com/32733.html
[6] http://jspaleta.livejournal.com/33152.html
[7] http://jspaleta.livejournal.com/32488.html
[8] http://gregdek.livejournal.com/43698.html
[9] http://zeusville.wordpress.com/2009/01/15/spacewalk-04-released/
[10] http://vwbusguy.wordpress.com/2009/01/16/help-needed-fedora-eol/
[11] http://www.codemonkey.org.uk/2009/01/16/gskill-ssd-performance/
[12] http://jspaleta.livejournal.com/32888.html
--- FUDcon Boston ---
Máirín Duffy took[1] some photos of the latest FUDcon Boston shirts.
Chris Tyler announced[2] that "Video from eight of the FUDCon F11
sessions plus Paul Frield's closing remarks/State of Fedora are now
available".
Karsten Wade asked[3] "Where are your FUDCon session notes?" (so if you
have any session notes from FUDcon, feel free to follow these tips to
share them with others who may not have been so fortunate to attend
in-person).
[1] http://mihmo.livejournal.com/67737.html
[2]
http://blog.chris.tylers.info/index.php?/archives/170-FUDCon-F11-Video.html
[3] http://iquaid.org/2009/01/16/where-are-your-fudcon-session-notes/
--- How-Tos ---
John Poelstra wrote[1] about how to perform "Fast Spaceless Backups".
Bogomil Shopov shared[2] a quick tutorial on "Installing LXDE on
Fedora". LXDE is the Lightweight X11 Desktop Environment ("a desktop
environment which is lightweight and very very fast").
[1] http://poelcat.wordpress.com/2009/01/14/fast-spaceless-backups/
[2] http://www.bogomil.info/int/installing-lxde-on-fedora
-- Developments --
In this section the people, personalities and debates on the
@fedora-devel mailing list are summarized.
Contributing Writer: Oisin Feeley
--- The Possible Future of Comps ? ---
Seth Vidal reported[1] that one outcome of the recent FUDCon[2] had been
an initiative to overhaul the comps.xml file. This file is part of the
metadata used to define group membership of related packages in order to
allow[3] yum or anaconda to aid in installation.
Seth described the intent to replace the fixed group definitions with
metapackages created on-the-fly, based on examining and
dependency-solving repository metadata, as "a fairly radical departure".
Related changes will be the ability to define groups within groups and
the addition of new metadata to allow tag cloud classification. Some of
the anticipated benefits are the ability to find desired software more
easily, the creation of more fine-grained groups and a more intuitive
persistence of groups.
One apparent sticking point raised by Bill Nottingham was that the
flattening of the package levels included the removal of "conditional"
packages and "[...] a large portion of the language support is built
around conditional packages." Seth argued[4] that removing conditional
packages was something which was desirable whether or not this
particular initiative took hold. This seemed like a problem especially
for KDE but Bill prototyped[5] a yum plugin to solve the problem.
Some examples in which removing a metapackage would not remove
dependencies installed to satisfy the metapackage were teased out[6][7]
in conversations between Josh Boyer and Seth and Jesse Keating.
Florian Festi thought[8] that the list of problems to be solved should
be expanded to include how multilib is handled, the proliferation of
noarch subpackages and poor implementations of parts of the tool-chain.
He also emphasized that with the "increasing number of languages
supported and packages being properly translated we ship more and more
language dependent content the users are not interested in. We are
currently missing both a way to package these contents properly and a
mechanism the control which should be actually installed."
[1]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00733.html
[2] http://fedoraproject.org/wiki/FUDCon
[3]
http://fedoraproject.org/wiki/PackageMaintainers/CompsXml#How_comps_is_used
[4]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00748.html
[5]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00882.html
[6]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00751.html
[7]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00777.html
[8]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00841.html
--- New GPG Signing Keys for Each Release ---
Jesse Keating asked[1] what value Fedora users perceived in the presence
of the "[...] two gpg keys per release, one for rawhide/updates-testing
and one for the final release and stable updates."
Todd Zullinger suggested[2] that eschewing the importation of the
"updates-testing" key would ensure that "[...] no packages from
updates-testing are installed on a box [.]" Casey Dahlin disliked[3]
such a use of keys to categorize things.
Todd asked if each new release would come with a new key, similar to the
way this was handled after the infrastructure intrusion. He balanced the
sense of confidence given by keeping a key around for a "reasonably long
time" versus the mitigation of "the lack of any way to revoke a key in
the rpm db [.]" Jesse confirmed[4] "[...] yes, we plan to use new keys
each release. We can use gpg web-"-trust thing and sign the new keys
with the old keys and whatnot, does that actually help people?j
Douglas E. Warner and Steve Grubb worried[5] that the inability to
revoke keys exposed machines to repository metadata attacks and Steve
revealed[6] that the import of keys is "[...] one of the few security
sensitive actions that is not put into the audit system."
[1]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00999.html
[2]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg01001.html
[3]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg01020.html
[4]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg01003.html
[5]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg01036.html
[6]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg01050.html
--- libssl.so.7 Going Through a Bumpy Patch ---
Tomas Mraz advised[1] that he was going to build a new OpenSSL in
rawhide which would require a soname bump due to minor breakage of the
ABI. As a transitional measure he intended to temporarily provide
symlinks to the old soname so that most of the 288 affected packages
should continue working until they were rebuilt. Jesse Keating
expressed[2] disquiet with the timing as the large number of rebuilds
would be "[...] likely to break buildroots, break anaconda composes,
break installs, break users. This isn't the kind of crap we want to land
in rawhide just before a freeze, and just before an effort to turn that
freeze into something usable. PLEASE wait until after Alpha has been cut
to do this." He seemed slightly mollified[3] by Tomas' use of
compatibility symlinks and rpm provides.
When Benny Amorsen wondered why such breakage was occurring again with
openssl Tomas explained[4] that the design "declar[ed] some important
structures which have to be changed/extended with new functionality in
the public headers. Unless they move these structures to private headers
this situation is going to happen again." Christopher Aillon joked[5]
that it was happening again because Benny had not ported his
applications to use NSS(see FWN#107[6]).
Later Horst von Brand reported[7] widespread problems with many packages
which seemed to fail. RalfErtzinger explained[8] that "[t]he problem is
that the openssl package was supposed to contain symlinks for
libssl.so.7 and libcrypto.so.7, and rpm -ql says that the package does
contain them, but they are, in fact, missing from the filesystem."
Tomas Mraz scrambled[9][10] to sort out the problem by trying to run
ldconfig in the %post of the openssl package. Kevin Kofler suggested[11]
a possible cause.
Jesse Keating fretted[12] that all of this was exactly what he did not
want just before next week's alpha freeze[13].
[1]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00758.html
[2]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00761.html
[3]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00764.html
[4]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00880.html
[5]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00977.html
[6] https://fedoraproject.org/wiki/FWN/Issue107#Crypto_Consolidation
[7]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00941.html
[8]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00942.html
[9]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00943.html
[10]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00946.html
[11]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg01051.html
[12]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg01000.html
[13] https://fedoraproject.org/wiki/Releases/11/Schedule
--- MinGW Package Reviews Requested ---
Richard W.M. Jones noted[1] that the rapid development cycle[2] meant
that Fedora 11 was already approaching (2009-01-20) alpha-freeze and
asked for package reviews of the outstanding parts of the MinGW Windows
cross-compiler feature[3]. He offered to trade reviews with interested
parties and provided links to outstanding reviews.
There is apparently no question that the feature, which will allow
generation of Windows targets on Fedora, will slip from Fedora 11.
[1]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00793.html
[2] https://fedoraproject.org/wiki/Releases/11/Schedule
[3] https://fedoraproject.org/wiki/Features/Windows_cross_compiler
--- MySQL 5.1 Coming to Rawhide After Alpha-Freeze ---
A heads-up was posted[1] by Tom Lane to advise that mysql-5.1.30 would
be pushed into rawhide immediately after the alpha freeze. He warned:
"This involves an ABI break: libmysqlclient.so has increased its major
version number from 15 to 16 [...]" and provided a list of affected
packages along with the offer to launch rebuilds for anyone who wished.
[1]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00721.html
--- Spins SIG Controversy ---
A vigorous disagreement erupted when Jeroen van Meeuwen announced[1]
that the Spins SIG[2] would henceforth be having meetings every two
weeks (Jeroen later rescheduled[3] the meeting to Mondays at 17:00 UTC)
and that the first meeting would be to finalize a new process arrived at
during the last FUDCon.
Rahul Sundaram contended[4] that "[s]uch decisions shouldn't be taken at
FUDCon because it automatically excludes people who cannot be present at
the event. You should use the events only to discuss the issues and make
the decisions over mailing lists or irc where others can participate as
well." A long thread mostly involving just Rahul, Jeroen and Josh Boyer
resulted.
In response to Rahul's point that the new process was onerous as it
mandated a weekly compose and report JoshBoyer seemed[5] to be of the
opinion that this was a good thing. BillNottingham added[6]: "It's not
really adding anything to the amount of work that needs to be done, in
total. It's just shifting around who it gets done by and when."
Some weight was given to Rahul's argument that the method of arriving at
the new process was a problem when Jeroen posted[7] that no minutes had
been kept of the meeting and pointed to a "5-minute after
best-recollection of what happened" summary on the wiki[8] as a source
of information.
JesseKeating argued[9] that FUDCon was a useful, "high-bandwidth" means
of having discussions and that public email was too slow to make
decisions compared to IRC, IM, phone and face-to-face meetings.
Subsequently he added that the result of the FUDCon discussions was a
proposal and not a decision and suggested that unless the skeleton
process was approved quickly then there might be no spins for Fedora 11.
Rahul responded[10] that the original post had been a simple declaration
which did not suggest it was merely a proposal. Rahul added[11] that
there was a need to clarify the process in order to avoid the confusion
of the past.
[1]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00695.html
[2] http://fedoraproject.org/wiki/SIGs/Spins
[3]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00782.html
[4]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00789.html
[5]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00811.html
[6]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00826.html
[7]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00838.html
[8] http://fedoraproject.org/wiki/SIGs/Spins_NewProcess
[9]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00864.html
[10]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00872.html
[11]
https://www.redhat.com/archives/fedora-devel-list/2009-January/msg00874.html
-- Documentation --
In this section, we cover the Fedora Documentation Project.
http://fedoraproject.org/wiki/DocsProject
Contributing Writer: Jason Taylor
--- Fedora Content Management System (CMS) ---
There has been a need for a CMS within the project and there will soon
be a decision made in this regard. Karsten posted[0] the reasoning
behind moving to a CMS[1] and the need for people with CMS
administration experience to lend a hand.
[0]
https://www.redhat.com/archives/fedora-docs-list/2009-January/msg00077.html
[1]
https://fedoraproject.org/wiki/CMS_solution_for_Fedora_Project_websites#Background
-- Translation --
This section covers the news surrounding the Fedora Translation (L10n)
Project.
http://fedoraproject.org/wiki/L10N
Contributing Writer: Runa Bhattacharjee
--- Dimitris Glezos Appointed to the Fedora Board ---
The current chair of the Fedora Localization Steering Comittee (FLSCo),
DimitrisGlezos has been selected[1] to fill one of the appointed seats
on the Fedora Board[2].
[1]
https://www.redhat.com/archives/fedora-announce-list/2009-January/msg00007.html
[2] http://fedoraproject.org/wiki/Board
--- New Team for Kashmiri and New Coordinator Marathi ---
RakeshPandit announced[2] the start of the Kashmiri Translation Project
for Fedora. The Marathi Translation team found its new coordinator in
SandeepShedmake[3].
[2]
https://www.redhat.com/archives/fedora-trans-list/2009-January/msg00040.html
[3]
https://www.redhat.com/archives/fedora-trans-list/2009-January/msg00073.html
--- Packagekit Translations for Fedora 11 ---
RichardHughes, the maintainer of Packagekit announced that a new version
of the package would be released in a couple of weeks and this version
would be included in Fedora 11. He mentions that quite a few popular
languages do not have complete translations at the moment. Translators
can mail the packagekit mailing list for queries regarding translateable
strings[4]. Meanwhile, it has been noticed that both the Gnome and
Fedora Status pages do not contain updated translations statistics for
this package[5].
[4]
https://www.redhat.com/archives/fedora-trans-list/2009-January/msg00071.html
[5]
https://www.redhat.com/archives/fedora-trans-list/2009-January/msg00075.html
--- Confusion over Translations for Newly Coined Words ---
RichardvanderLuit brought forward an interesting problem related to the
translations of newly coined words for English, which are specifically
targetted for computer science[6]. The word in question is "untrusted"
which differs from the general English antonym for "trusted".
[6]
https://www.redhat.com/archives/fedora-trans-list/2009-January/msg00080.html
--- Branching of Fedora Packages ---
AnkitPatel started a discussion about the availability of a branching
process in the VCS for Fedora packages, to provide for backporting of
translations[7]. MiloslavTrmac (Mirek) suggested submitting patches in
bugzilla for such cases, as upstream packages generally do not branch
out for versions in the distributions[8]. Linking up the translation
interface with an automated bug sumission process was suggested by
AsgeirFrimannsson as a possible solution[9]. Discussions still continue,
listing merits and demerits of the possibility of large scale
backporting via bugzilla and separation of the translations from the
packages.
[7]
https://www.redhat.com/archives/fedora-trans-list/2009-January/msg00046.html
[8]
https://www.redhat.com/archives/fedora-trans-list/2009-January/msg00047.html
[9]
https://www.redhat.com/archives/fedora-trans-list/2009-January/msg00051.html
--- New Members in FLP ---
ZakWang from Hunan, China[10] joined the Simplified Chinese team and
RakeshPandit joined to start the Kashmiri Team for Fedora[11].
[10]
https://www.redhat.com/archives/fedora-trans-list/2009-January/msg00068.html
[11]
https://www.redhat.com/archives/fedora-trans-list/2009-January/msg00040.html
-- Artwork --
In this section, we cover the Fedora Artwork Project.
http://fedoraproject.org/wiki/Artwork
Contributing Writer: Nicu Buculei
--- Theming Fedora 11 ---
For this release cycle, the Art team is trying a slightly different
process with linking the desktop theme to the release name, so just
after the codename "Leonidas" was announced for Fedora 11, the process
started with Máirín Duffy proposing on @fedora-art two possible
approaches, navigation "We could get some inspiration from traditional
nautical tools, like compasses, navigational charts, telescope, all that
kind of stuff. It could have a kind of steampunk look" and water "Or we
can get some inspiration from water and water traffic. For example,
imagine time lapse photos of a river in a city over the course of a day,
with folks rowing crew in the morning, sailing in the afternoon, with
tour/party boats coming through in the evening - for the time-lapse
wallpaper".
[1]
https://www.redhat.com/archives/fedora-art-list/2009-January/msg00034.html
Nicu Buculei observes[2] that even if the release name is based on a
historical ship, most people will associate it with the ancient Greek
hero "Technically the vote was for the ship but I am sure (and the
reaction after the announcement are a reassurance) most people voted for
the Spartan" and support a theme based on the Ancient Greece culture "So
I am thinking about the Golden ratio, used a loot in the Ancient Greek
architecture, notably on the Parthenon and probably a graphic based on
the Golden ratio would be fit", a take endorsed[3] by Samuele Storari
"The Hellenic age was the top of the acient greece time and it spouse
the first concept as well, maybe we can use a steam punk, futuristic
theme for the old art" and Konstantinos Antonakoglou[4] "Basically, I
imagine a trireme-like, or even an ancient fish-boat (with or without
the Fedora logo on its sail :P) sailing on a sea of stars (with splashes
on its front). I guess it can be combined with the golden ratio , math etc."
[2]
https://www.redhat.com/archives/fedora-art-list/2009-January/msg00045.html
[3]
https://www.redhat.com/archives/fedora-art-list/2009-January/msg00046.html
[4]
https://www.redhat.com/archives/fedora-art-list/2009-January/msg00047.html
At the same time, Charlie Brej noted[5] some possible inadvertent uses
of the release name "The only problem is the theme should be as
acceptable to as many people as possible. So, for the Leonidas theme we
should stay away from: violence, nudity, blood, glorification of war,
nationalistic sentiments etc..."
[5]
https://www.redhat.com/archives/fedora-art-list/2009-January/msg00048.html
Mark reiterated[6] his old idea or reusing the theme of an older
release, "How do you guys feel about a full theme in the old fedora
(Core 1 till 4) colors? The link with the F11 name is (just making it up
now) : Reviving old days. (the name represents something old and the
theme represents the beginning years of fedora)", an idea not liked by
the rest of the team, as noted by Máirín Duffy][7] and Luya
Tshimbalanga[8].
[6]
https://www.redhat.com/archives/fedora-art-list/2009-January/msg00053.html
[7]
https://www.redhat.com/archives/fedora-art-list/2009-January/msg00054.html
[8]
https://www.redhat.com/archives/fedora-art-list/2009-January/msg00055.html
Máirín Duffy started[9] a wiki page[10] to collect all the proposals,
keep an eye on it to follow the development.
[9]
https://www.redhat.com/archives/fedora-art-list/2009-January/msg00050.html
[10] https://fedoraproject.org/wiki/Artwork/F11_Artwork
Closely related tot he theme development is the draft scedule[11] for
the Art Team proposed[12] by John Poelstra.
[11] http://poelstra.fedorapeople.org/schedules/f-11/f-11-art-tasks.html
[12]
https://www.redhat.com/archives/fedora-art-list/2009-January/msg00058.html
-- Security Advisories --
In this section, we cover Security Advisories from fedora-package-announce.
https://www.redhat.com/mailman/listinfo/fedora-package-announce
Contributing Writer: David Nalley
--- Fedora 10 Security Advisories ---
* nfs-utils-1.1.4-6.fc10 -
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00376.html
* tqsllib-2.0-5.fc10 -
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00434.html
* bind-9.5.1-1.P1.fc10 -
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00474.html
* xine-lib-1.1.16-1.fc10 -
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00504.html
* amarok-2.0.1.1-1.fc10 -
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00561.html
* drupal-6.9-1.fc10 -
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00655.html
--- Fedora 9 Security Advisories ---
* bind-9.5.1-1.P1.fc9 -
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html
* nfs-utils-1.1.2-9.fc9 -
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00526.html
* xine-lib-1.1.16-1.fc9.1 -
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html
* tqsllib-2.0-5.fc9 -
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00557.html
* drupal-6.9-1.fc9 -
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00668.html
-- Virtualization --
In this section, we cover discussion on the @et-mgmnt-tools-list,
@fedora-xen-list, @libvirt-list and @ovirt-devel-list of Fedora
virtualization technologies.
Contributing Writer: Dale Bewley
--- Libvirt List ---
This section contains the discussion happening on the libvir-list.
---- sVirt 0.30 Released ----
James Morris announced[1] "the release of v0.30 of sVirt[2], a project
to add security labeling support to Linux-based virtualization.
[1] http://www.redhat.com/archives/libvir-list/2009-January/msg00158.html
[2] http://selinuxproject.org/page/SVirt
---- sVirt Qemu Hurdles ----
Daniel J Walsh began to work on the svirt lock down of the qemu process,
and saw[1] a problem with "the image:Echo-package-16px.pngqemu binaries
are being used to both setup the guest image environment and then to run
the guest image."
"The problem with this is the act of installing an image or setting up
the environment an image runs within requires much more privileges then
actually running the image."
"SELinux runs best when one processes forks/execs another process this
allows us to run the two processes under different labels. Each process
with the privileges required to run."
[1] http://www.redhat.com/archives/libvir-list/2009-January/msg00198.html
---- Fine Grained Access Controls ----
Konrad Eriksson desired[1] is "an addition[2] to
image:Echo-package-16px.pnglibvirt that enables access control on
individual actions and data that can be accessed through the library
API. This could take the form of an AC-module that, based on the
identity of the caller, checks each call and grants/denies access to
carry out the action (could also take parameters in account) and
optionally filter the return data. The AC-module could then interface
different backend AC solutions (SELinux, RBAC, ...) or alternatively
implement an internal scheme."
Daniel P. Berrange pointed[3] out how this relates to sVirt. "At this
stage sVirt is primarily about protecting guests from each other, and
protecting the host from guests. Konrad's suggestions are about
protecting guests/hosts from administrators, by providing more fine
grained control over what libvirt APIs an admin can invoke & on what
objects. Both bits of work are required & are complementary to each other."
[1] http://www.redhat.com/archives/libvir-list/2009-January/msg00282.html
[2] http://wiki.libvirt.org/page/TodoFineGrainedSecurity
[3] http://www.redhat.com/archives/libvir-list/2009-January/msg00362.html
---- Configuring Host Interfaces RFC ----
David Lutterkort composed[1] an RFC beginning "For certain applications,
we want image:Echo-package-16px.pnglibvirt to be able to configure host
network interfaces in a variety of ways; currently, we are most
interested in teaching libvirt how to set up ordinary ethernet
interfaces, bridges, bonding and vlan's. Below is a high-level proposal
of how that could be done. Please comment copiously ;)"
Adding this type of support struck some as a complex open-ended
prospect. John Levon argued[2] "We should be considering why libvirt is
/well-placed/ to configure the host. I think it should be pretty clear
that it's actually not: the problems around distro differences alone is
a good indication. The proposed API is anaemic enough to not be of much
use. This is way beyond carving out the physical system into virtual
chunks and it's a big step towards lib*virt* becoming libmanagement."
Daniel P. Berrange countered[3] "The existance of many different
[implementations] is exactly the reason for libvirt to have this
capability. Libvirt is providing a consistent mgmt API for management of
guests and host networking interfaces is as much a part of this as the
storage management. Libvirt is providing this capability across
virtualization technology." Also saying[4] "Network interface APIs are
the core missing piece of libvirt API functionality IMHO."
[1] http://www.redhat.com/archives/libvir-list/2009-January/msg00350.html
--- end FWN 159 ---
-----------------
Pascal Calarco, Fedora Ambassador
http://fedoraproject.org/wiki/User:Pcalarco
_______________________________________________
Fedora-news-list mailing list
Fedora-news-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-news-list
No comments:
Post a Comment