= Fedora Weekly News Issue 115 =
Welcome to Fedora Weekly News Issue 115 for the week of January 7th http://fedoraproject.org/wiki/FWN/Issue115
In Announcement, we have "Fedora's way forward" a special announcement by MaxSpevack
In Planet Fedora, we have "Transition", "Fedora marketing revitalization", "To all FUDCon attendees", "FUDCon 2008 - Day 2" and "FUDCon 2008 - Day 1"
To join or give us your feedback, please visit http://fedoraproject.org/wiki/NewsProject/Join.
1. Announcements 1. Fedora's way forward 2. Planet Fedora 1. Transition 2. Fedora marketing revitalization 3. To all FUDCon attendees 4. FUDCon 2008 - Day 2 5. FUDCon 2008 - Day 1 3. Marketing 1. Fedora gets a new project leader 2. FUDCon Raleigh 2008 Video 4. Developments 1. The X-orcist: Driver Slasher! 2. Call To Choose An Initscript Replacement 3. Firewire, Choice And Fedora 4. Applications Using Type1 Fonts Should Upgrade To OTF 5. I'm Melting! Core Temp Of 125C Due To Kernel? 5. Infrastructure 1. Outages 2. A new FIG: sysadmin-tools 6. Security Week 1. Coverity and Open Source 2. Bruce Schneier Interview 7. Security Advisories 1. Fedora 8 Security Advisories 2. Fedora 7 Security Advisories 8. Events and Meetings 1. Fedora Board Meeting Minutes 2008-MM-DD 2. Fedora Ambassadors Meeting 2008-MM-DD 3. Fedora Documentation Steering Committee 2008-MM-DD 4. Fedora Engineering Steering Committee Meeting 2008-01-10 5. Fedora Infrastructure Meeting (Log) 2008-01-10 6. Fedora Localization Meeting 2008-MM-DD 7. Fedora Marketing Meeting 2008-MM-DD 8. Fedora Packaging Committee Meeting 2008-MM-DD 9. Fedora Quality Assurance Meeting 2008-MM-DD 10. Fedora Release Engineering Meeting 2008-MM-DD 11. Fedora SIG EPEL Meeting Week 02/2008 12. Fedora SIG KDE Meeting Week 02/2008 13. Fedora SIG Store Meeting (Log) 2008-01-09 14. Fedora SIG Astronomy Meeting Log 2008-MM-DD
[[Anchor(Announcements)]] == Announcements ==
In this section, we cover announcements from Fedora Project.
In this issue, we've included all new announcements since last issue.
https://www.redhat.com/mailman/listinfo/fedora-announce-list
Contributing Writer: ThomasChung
=== Fedora's way forward ===
MaxSpevack announces in fedora-announce-list[1],
"Over 150 people will be attending FUDCon on Saturday, which will be a more traditional day of presentations, sessions, etc. The opening talk will be my yearly "State of Fedora" speech. I believe it will be videotaped and up on the internet eventually, but I want to take a few minutes to share some of the details with you."
"I am very pleased to announce that PaulFrields has accepted a job with Red Hat, and he will be taking over as Fedora Project Leader in February."
"Additionally, JackAboutboul has recently transferred into a full-time job in Red Hat's marketing and brand communications group. We have asked Jack to take an active leadership role in Fedora marketing, community building, and Ambassadors."
https://www.redhat.com/archives/fedora-announce-list/2008-January/msg00003.h...
[[Anchor(PlanetFedora)]] == Planet Fedora ==
In this section, we cover a highlight of Planet Fedora - an aggregation of blogs from world wide Fedora contributors.
http://fedoraproject.org/wiki/Planet
Contributing Writers: ThomasChung
=== Transition ===
MaxSpevack points out in his blog[1],
"While Paul will be taking over for me as the Fedora Project Leader in February, I will still be involved in Fedora. I am going to be spending a lot of time over the next month or two helping Paul transition into the job, especially during the several-week period that we are in right now when Paul is still finishing up his old job and before he joins Red Hat."
[1] http://spevack.livejournal.com/42900.html
=== Fedora marketing revitalization ===
KarstenWade points out in his blog[1],
"As a last hackfest item before my flight, we're talking with Red Hat's press/comms superstar Leigh Day about Fedora marketing. She is leading a mini-design thinking session with us around everything from our communications mechanism to how we handle event planning and execution."
[1] http://iquaid.org/2008/01/13/fedora-marketing-revitalization/
=== To all FUDCon attendees ===
JonRoberts points out in his blog[1],
"I know everyone is busy hacking away, and today is the last day, but if anyone happens to have a spare moment to reply to a few generic questions about what they've gotten upto that would be hugely appreciated :) Want to try and do something useful with this info to help promote Fedora and everyone's aweseome work...Will even try and send out some more specific questions later - have fun! Oh, p.s. reply to these on the marketing list, to my e-mail or on this blog if you get a chance."
[1] http://blog.questionsplease.org/2008/01/13/to-all-fudcon-attendees/
=== FUDCon 2008 - Day 2 ===
ChrisTyler points out in his blog[1],
"FUDCon day 2 has wrapped up. It was great to meet a number of people who to this point have been a hackergotchi or IRC nick."
[1] http://blog.chris.tylers.info/index.php?/archives/100-FUDCon-2008-Day-2.html
=== FUDCon 2008 - Day 1 ===
JefSpaleta points out in his blog[1],
"Here's a smattering of pictures from day 1. First a picture from this morning's meetup before breaking into groups for the hackfest:"
[1] http://jspaleta.livejournal.com/17056.html
[[Anchor(Marketing)]] == Marketing ==
In this section, we cover Fedora Marketing Project.
http://fedoraproject.org/wiki/Marketing
Contributing Writer: ThomasChung
=== Fedora gets a new project leader ===
RahulSundaram reports in fedora-marketing-list[1],
"Isn't it interesting that someone could have such a big impact on Red Hat as Paul has...without working for Red Hat? That's the power of open source. Merit before bureaucracy."
[1] https://www.redhat.com/archives/fedora-marketing-list/2008-January/msg00074....
=== FUDCon Raleigh 2008 Video ===
RahulSundaram reports in fedora-marketing-list[1],
"This is a special edition of Weekly Wire, made on location at the Fedora User and Developers Conference (FUDCon) in Raleigh, N. Carolina. This video gives you a look at how FUDCon operates and introduces you to some of the participants."
[1] https://www.redhat.com/archives/fedora-marketing-list/2008-January/msg00070....
[[Anchor(Developments)]]
== Developments ==
In this section, we cover the problems/solutions, people/personalities, and ups/downs of the endless discussions on Fedora Developments.
http://www.redhat.com/mailman/listinfo/fedora-devel-list
Contributing Writer: OisinFeeley
=== The X-orcist: Driver Slasher! ===
A call for objections to the removal of specific Xorg drivers was posted[1] by AdamJackson as part of the clean-up work he was doing while porting to the new server APIs. Adam listed the following as slated for removal: ''avivo'' (ATI R500+ chips will use either ''radeon'' or ''radeonhd''); ''s3''; ''vga''; ''ark''; ''chips'' and ''tseng''. Adam asked that objections to any part of his plan should now speak up.
[1] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00847.html
The ''chips'' driver for C&T 65xx mode[2] was declared[3] by AlanCox to be essential to the small LCD displays which are common on low-power boxes and for which VESA is unable to correctly set the modes. Alan offered to test or debug as required. Adam promised[4] "chips will be spared from the coming apocalypse."
[2] "Chips and Technology" http://en.wikipedia.org/wiki/Chips_and_Technologies
[3] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00852.html
[4] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00858.html
The next two objections seemed to be false alarms. WarrenTogami was worried[5] about both the AMD Geode driver and the ''s3'' driver as the former was used by the OLPC and the latter by Intel's "Affordable PC". ThorstenLeemhuis corrected[6] this with the information that the APC actually used the "SiSM661GX [which] is driven by xorg-x11-drv-sis" and AdamJackson confirmed[7] this and also clarified that the AMDGeode was not going to be dropped. HansdeGoede noted[8] however that the ''vesa'' driver would not be able to handle pre-Virge cards contrary to Adam's plan as their BIOSes had no VESA support.
[5] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00930.html
[6] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00941.html
[7] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00983.html
[8] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00943.html
A plea to save the ''tseng'' driver came[9] from FelixMiata. He outlined their usefulness for upgraders with only a PCI and no AGP slots. In the end Adam agreed to do his best to port all the drivers (as a low priority task) as there had been requests to retain them. ChristopherAillon and AlanCox nevertheless vied[11] to name the promised purge.
[9] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00935.html
[10] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01058.html
[11] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01051.html
=== Call To Choose An Initscript Replacement ===
Another discussion (see also FWN#111 "Fedora 8 Boot-up Speed"[1]) on how to decrease init time occurred when EricTanguy asked[2] for discussion of ''Mudur'', an init system for the Turkish GNU/Linux distribution named ''Pardus''[3]. The project's webpage identifies disk I/O as a limiting resource and the use of startup scripts rewritten in Python to run in parallel and avoid unnecessary I/O as the solution. The Pardus approach does not replace ''initd''.
[1] http://fedoraproject.org/wiki/FWN/Issue111#head-2fa65b1cb87233afa6584ff976a3...
[2] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00460.html
[3] http://www.pardus.org.tr/eng/projeler/comar/SpeedingUpLinuxWithPardus.html
CaseyDahlin responded[4] that he had been working on a parallel boot system, ''rrn'', which provided ''dbus'' notifications of starting services, retains 'initd' and is compatible with SysV initscripts. (A FUDCon[5] session was planned for ''rrn''). Casey was skeptical about the use of Python, preferring Haskell, but agreed that BASH ran many other programs causing extra I/O.
[4] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00484.html
[5] http://barcamp.org/FUDConRaleigh2008
JonathanUnderwood asked why ''upstart'' had not been chosen as a replacement and Casey provided[6] the information that discussions on the subject (he included a link to the wiki entry) had preferred ''prcsys'' but that its use of pthreads and lack of dbus functionality had inidcated a rewrite would be useful. Jonathon thought[6a] that the current roadmap for "upstart" obviated many of those objections.
[6] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00490.html
[6a] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00558.html
NicolasMailhot wished[7] that any replacement init system would also take care of session initiation and LinusWalleij provided[8] a link to the ''InitKit'' project at Freedesktop.org. Casey investigated this and later reported[8a] that InitKit plans solely to create a standard for even-based activation to provide a common target for dependent software. No actual code is specifically planned to come from InitKit.
[7] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00506.html
[8] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00518.html
[8a] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00918.html
A name-change was suggested by LeszekMatok due to both the sound and a potential namespace pollution. Casey explained[9] that it stood for "Resolve/Run/Notify" but took the points on board.
[9] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00579.html
The suggestion that Haskell might be used was ridiculed by DimiPaun who pointed out that any language chosen should be widely known by sysadmins and that it would be better to use C if the init scripts were to be rewritten. YaakovNemoy accepted the obscurity argument but argued[10] Haskell's advantages over Python, pointing out that Haskell needed no VM and instead is compiled to native machine code. NilsPhilippsen thought[11] that requiring a compiler collection merely to boot a machine needed much justification.
[10] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00545.html
[11] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00569.html
The use of any dependency bloating requirements such as PERL or Python was considered[12] a non-starter by EnricoScholz. YaakovNemoy responded[13] that Python was installed on most machines and that the combination of Bash with awk, grep and other tools most definitely was. Yaakov called for comparative measurements of the time taken and number of kilobytes read during startup by the current system and one that starts python. Enrico pointed[14] to over 50% of his machines not using Python and MattMiller's disbelief that YUM (and hence python) was installed on less than half was answered[15] by DanielBerrange with the information that "stateless" installs or VM "appliances" do not require YUM.
[12] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00505.html
[13] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00541.html
[14] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00551.html
[15] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00582.html
The use of an initscript which required anything outside of POSIX was anathema to RalfCorsepius. NilsPhillipsen responded[16] that he could see no way of removing the numerous forks and exec()s within the current SysV framework. Casey and YaakovNemoy thought that Ralf's argument that a bare-bones POSIX should be adhered to was a nearly religious one. Ralf backed[18] up his argument with reference to SuSE's initscript changes.
[16] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00572.html
[17] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00826.html
[18] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00829.html
The suggestion of HorstvonBrand was that service dependencies should be considered and AndrewFarris largely agreed[19] but thought that Horst's specific suggestion that a webserver should be prevented from running if there were no network was wrong. An interesting subthread developed in which the hanging of network services due to DNS lookups failing when there is no network developed.
[19] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00860.html
The suggestion that daemons could be changed to become non-forking and thus avoid having to use Python was made[20] by Enrico and this led to an informative exchange. NilsPhilippsen riposted[21] that Enrico's scheme only handled the subset of daemons which used pidfiles and that Python was not irretrievably bloated. JamesAntill confirmed[22] that a "core" python could be a fraction of the current size, but cautioned that it would be a lot of work to sort out the dependencies. Enrico responded[23] with an estimate of the size of a slimmed down bash and arguments that suggested that pidfiles were an anachronism required by initsystems with forking daemons. Nils seemed to rebut[24] most of these points, arguing that PIDs of processes could change and that python's size had been demonstrated to be of similar magnitude to bash's. Enrico countered[25] this by noting, among other things, that fork() and exec() performance were dependent on the particular program being executed and that a distinction needed to be drawn between first startup (which is not that important) and subsequent instances. This exchange continued a little further without apparent resolution or clarity.
[20] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00619.html
[21] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00624.html
[22] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00739.html
[23] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00633.html
[24] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00642.html
[25] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00650.html
A suggestion was made[26] by CaseyDahlin to consider the use of ''busybox'' to replace bash and its attendent required programs. KevinKofler worried[27] that the number of forks would remain the same and wondered whether a "shell which emulates POSIX process handling in-process and uses direct builtin function calls for commands like sed rather than forking a new process [...] could work," but worried that maintainability would suffer due to the need for special-case code to handle pipes and other necessary features. Both Casey[29] and AlanCox[30] noted that the fork was less of an issue than the execve due to disk IO. Alan suggested Plan9's ''rc'' or ''ash'', but BillNottingham reported[31] that ''ash'' had been benchmarked and shown to be unpromising.
[26] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00607.html
[27] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00611.html
[28] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00611.html
[29] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00612.html
[30] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00632.html
[31] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00677.html
A skeptical evaluation of ''initng'' was posted by LennartPoettering who seemed inclined[32] towards favoring ''upstart'' but thought it was a bit of a moving target "in short: initng is a joke, initkit not ready yet, upstart a bit of a moving target that's going to be replaced soon anyway. The other systems seem to be too simple (minit, runit) or totally un-Linuxish (SMF, launchd)." Lennart preferred the idea of following Debian's lead and implementing LSB headers "to allow parallel startup" and Casey responded[33] that Fedora should "commit to that outright, and not let ourselves sit on our asses for another 5 years while everything blows by."
[32] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00666.html
[33] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00675.html
Casey made the excellent point that Fedora is supposed to be a showcase for innovation and that he had attempted to move forward with ''rrn'' (based on discussion with HaraldHoyer) and this was now apparently not desired. He exhorted fellow contributors to pick firm goal so that someone could do the work and expressed the willingness to do it himself as long as there was an agreed target.
=== Firewire, Choice And Fedora ===
The prize for this week's mammoth thread is awarded to one started by a complaint about regressions in firewire (IEEE 1394) support made[1] by HansdeGoede. Hans wondered if the implementation of the ''juju'' stack in the kernel to the exclusion of the old stack was a good idea and argued that both should have been provided with a switching utility. As supplementary evidence of Fedora being too "bleeding edge" he pointed to a PulseAudio bugzilla entry which on the face of it documents much unhappiness. ThorstenLeemhuis agreed (except about PulseAudio) and threw in[2] ''hplip'' for good measure. He added that "Linux is about choice" and disparaged the decisions made by the Fedora Project to not ship, for example, Xgl and the latest Zope/Plone.
[1] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00845.html
[2] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00848.html
Hans' original firewire concerns spawned a mostly technical thread while his more general complaint and Thorsten's amplification of it gave rise to a very wide ranging, voluminous argument. The firewire issue was directly addressed[3] by WillWoods who posted that a fix had already gone into Fedora 7 and Fedora 8, due in no small part to the feedback received by making the Juju stack available in Fedora. Information[4] from KrzysztofHalasa and JarodWilson suggested that Hans' "Via vt 6306" controller should work in OHCI-1.1 mode and Hans offered to help test a rawhide kernel built with some of the upstream linux1394 tree when it was ready.
[3] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00851.html
[4] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01029.html
The idea that "Linux is about choice" was roundly rebuffed[5] by AdamJackson in a longish, impassioned post which argued that too much choice increased the failure rates combinatorially: "If I could only have one thing this year, it would be to eliminate that meme from the collective consciousness. It is a disease. It strangles the mind and ensures you can never change anything ever[...]"
There was lots of (dis)agreement on this point especially between DavidZeuthen in agreement and PatriceDumas arguing in favor of more diversity. It was mildly heated and led David to accuse[6] Patrice of "screw[ing] up the SN ratio of this list even more". David wondered why he (David) was even on the list anymore.
[5] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00861.html
[6] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00988.html
=== Applications Using Type1 Fonts Should Upgrade To OTF ===
The suggestion that some means be introduced to handle fonts not registered through ''fontconfig'' was made[1] by PatriceDumas. Patrice had been investigating packages which use Type1 fonts via ''t1lib'' and wondered if the Debian package ''defoma''[2] would provide a solution.
[1] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01046.html
[2] DEbian FOnt MAnager http://packages.debian.org/unstable/admin/defoma
KellyMiller was horrified[3] and cited his negative experiences with ''defoma'', including Xorg locking during startup, as a prime motivator in switching to Fedora. In response to MatejCepl Patrice clarified[4] that there was nothing wrong with ''fontconfig'' except that some applications, specifically ''grace'', ''xglyph'' and ''xdvi'', did not use it. Patrice noted that it might be better to port ''t1lib'' to use fontconfig instead of adding ''defoma''.
[3] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01048.html
[4] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01113.html
A long-term perspective was added[5] by NicolasMailhot when he commented that Type1 fonts were becoming increasingly rare as the preferred non-TTF format was now OTF[6]. Nicolas advised that applications currently depending on Type1 fonts should upgrade their backend.
[5] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01145.html
[6] http://en.wikipedia.org/wiki/OpenType
=== I'm Melting! Core Temp Of 125C Due To Kernel? ===
A very excitingly titled message was posted[1] by MatthewMiller. Matthew had seen the core temperature of a 32-bit Athlon 3200+ soar to 125C when he built a package while running kernel 2.6.24-0.133.rc6.git8.fc9. The previous kernel showed a more modest 95C. The machine was powering off once the 125C temperature was reached.
[1] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00443.html
AndrewHaley suggested[2] that the hardware was at fault rather than the software which led RichiPlana to rebut[3] that with a list of instances in which software had damaged hardware. AlanCox seemed to agree[4] with Richi that it was possible that a kernel error could lead to overheating and then the BIOS would shut the machine off once a critical temperature had been reached. Alan requested that the fans be checked and then old and new kernels run and if any anomalies resulted that Len Brown then be informed.
[2] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00444.html
[3] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00452.html
[4] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00459.html
Inaccurate ACPI readings with other AMD processors were reported by SteveGrubb[5] and TrondDanielsen[6] although Trond noted that ''lm_sensors'' appeared to give accurate readings.
[5] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00447.html
[6] https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00589.html
[[Anchor(Infrastructure)]] == Infrastructure ==
In this section, we cover the Fedora Infrastructure Project.
http://fedoraproject.org/wiki/Infrastructure
Contributing Writer: HuzaifaSidhpurwala
This section contains the major discussion, happening on the Fedora infrastructure list between 6th January 2008 to 12th January 2008.
=== Outages ===
MikeMcGrath reports[1],
We've had some strange hardware outages over the last week or so. Basically 3 box reboots, one time xen6, and once or twice xen1. The more important guests have been moved off of xen1 on to xen2. xen2 is now running a lot of guests - app1, app2, app3, koji1, releng1, noc1, puppet1, 3 test servers. The host were later moved back to xen1. The RH team has been engaged to see if we experience anything strange there like brown outs etc. If they dont have anything and the box continues to act up then Dell will be called. Later in the week it was realised that the isssue was iscsi related. We dont have any monitoring tools on the hardware.
[1] https://www.redhat.com/archives/fedora-infrastructure-list/2008-January/msg0...
=== A new FIG: sysadmin-tools ===
MikeMcGrath reports[1],
Similar to the web group the sysadmin-tools group has access to a number of our collaborative tools (in the future to include asterisk, gobby and likely mailman).
[1] https://www.redhat.com/archives/fedora-infrastructure-list/2008-January/msg0...
[[Anchor(SecurityWeek)]] == Security Week ==
In this section, we highlight the security stories from the week in Fedora.
Contributing Writer: JoshBressers
=== Coverity and Open Source ===
There were quite a few stories about Coverity this week. Most were rather poorly written and were confusing at best. The real story is best read from the Coverity site here:
In general Coverity is portrayed in a mostly positive light for providing their service to various Open Source projects. In reality it's not that simple. Using a closed source tool for the supposed benefit of Open Source is misleading at best. If Coverity was serious about improving the state of Open Source, they would release their tool under an Open Source license for the community to consume and improve upon. Right now they simply have a clever marketing program.
=== Bruce Schneier Interview ===
Computerworld has a nice interview with Bruce Schneier that even mentions Linux:
http://www.computerworld.com.au/index.php/id;1891124482;pp;1
He is one of the few security public figures who can explain things in a manner that most people can understand.
[[Anchor(SecurityAdvisories)]] == Security Advisories ==
In this section, we cover Security Advisories from fedora-package-announce.
https://www.redhat.com/mailman/listinfo/fedora-package-announce
Contributing Writer: ThomasChung
=== Fedora 8 Security Advisories ===
* python-cherrypy-2.2.1-8.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0024... * mantis-1.1.0-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0030... * libxml2-2.6.31-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0037... * postgresql-8.2.6-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0039... * drupal-5.6-1.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0040... * qimageblitz-0.0.4-0.3.svn706674.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0045... * tog-pegasus-2.6.1-3.fc8 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0048...
=== Fedora 7 Security Advisories ===
* mantis-1.1.0-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0022... * python-cherrypy-2.2.1-8.fc7 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0029... * qimageblitz-0.0.4-0.3.svn706674.fc7 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0038... * drupal-5.6-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0038... * libxml2-2.6.31-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0039... * tog-pegasus-2.6.0-3.fc7 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0042... * postgresql-8.2.6-1.fc7 - https://www.redhat.com/archives/fedora-package-announce/2008-January/msg0046...
[[Anchor(EventsMeetings)]] == Events and Meetings ==
In this section, we cover event reports and meeting summaries from various Projects and SIGs.
Contributing Writer: ThomasChung
=== Fedora Board Meeting Minutes 2008-MM-DD ===
* No Report
=== Fedora Ambassadors Meeting 2008-MM-DD ===
* No Report
=== Fedora Documentation Steering Committee 2008-MM-DD ===
* No Report
=== Fedora Engineering Steering Committee Meeting 2008-01-10 ===
* https://www.redhat.com/archives/fedora-devel-list/2008-January/msg01224.html
=== Fedora Infrastructure Meeting (Log) 2008-01-10 ===
* https://www.redhat.com/archives/fedora-infrastructure-list/2008-January/msg0...
=== Fedora Localization Meeting 2008-MM-DD ===
* No Report
=== Fedora Marketing Meeting 2008-MM-DD ===
* No Report
=== Fedora Packaging Committee Meeting 2008-MM-DD ===
* No Report
=== Fedora Quality Assurance Meeting 2008-MM-DD ===
* No Report
=== Fedora Release Engineering Meeting 2008-MM-DD ===
* No Report
=== Fedora SIG EPEL Meeting Week 02/2008 ===
* https://www.redhat.com/archives/epel-devel-list/2008-January/msg00058.html
=== Fedora SIG KDE Meeting Week 02/2008 ===
* https://www.redhat.com/archives/fedora-devel-list/2008-January/msg00790.html
=== Fedora SIG Store Meeting (Log) 2008-01-09 ===
* https://www.redhat.com/archives/fedora-marketing-list/2008-January/msg00064....
=== Fedora SIG Astronomy Meeting Log 2008-MM-DD ===
* No Report
announce@lists.stg.fedoraproject.org