User: Password:
Subscribe / Log in / New account


News and Editorials

Access Control - What is it good for?

There is a recent discussion on the Fedora-maintainers list calling for an end to the ACL (access control list). A pkg.acl file may exist for every Fedora package, and it lists the maintainer and co-maintainer and possibly others that are authorized to fix, rebuild and upload that package. This file exists by default, but may be modified or removed by the package maintainer.

Here in the northern hemisphere it's summer, a time for vacations, a time when a package maintainer might not be around to maintain those packages. Sometimes you just don't want a package sitting around a week or two with a known (and fixed upstream) security issue. If a soname bump requires several packages to be rebuilt, it's better to have that happen sooner rather than later. Hence the call to remove all pkg.acl files to allow other Fedora maintainers access to all/most packages.

The ACL is in place for security reasons, though. No one ever said, "Let's make it more difficult to get packages fixed when the maintainer is unresponsive." On the other hand, do you want some fairly inexperienced, casual maintainer messing with the kernel package? Even with the best of intentions, mistakes can really mess up the system for many users. Critical packages should have stricter restrictions, but for the vast majority of packages any Fedora maintainer should be able to deal with minor maintenance.

A more important consideration may be security: if any Fedora maintainer can make changes to any package, vast amounts of damage might be done by a single compromised account. There are things that can be done to mitigate this risk, but it is a concern nonetheless.

Some part of the issue is that there are an ever increasing number of Fedora maintainers, and not all of them know that ACLs are enabled by default. As a result of this thread wiki pages are being built which list critical packages, and document the default ACL behavior and how to change it. Also steps are being taken that would allow access to a select set of groups, such as FESCo (Fedora Engineering Steering Committee) and the Fedora Security team, to fix issues as necessary.

Comments (3 posted)

New Releases

Novell Ships SUSE Linux Enterprise 10 Service Pack 1 and New Virtual Machine Driver Pack

Novell, Inc. has announced that the first service pack (SP1) for SUSE Linux Enterprise 10 is now available to customers worldwide. Novell also announced the commercial availability of the SUSE Linux Enterprise Virtual Machine Driver Pack, a bundle of paravirtualized network, bus and block device drivers that enable unmodified Windows* and Linux* guest operating systems to run with near native performance in virtual environments created with the Xen* hypervisor technology.

Comments (1 posted)

openSUSE 10.3 Alpha5 Released

openSUSE 10.3 Alpha5 has been released. Some changes between Alpha4 and Alpha5 include Linux 2.6.22 rc4, reduced size and cleaned up dependencies of some packages, glibc 2.6, Emacs 22.1 and OpenOffice.Org 2.2.1 rc3. Click below for more information.

Full Story (comments: none)

Slackware 12.0 Release Candidate 1

The Slackware-current changelog entry for June 14 announces that the first release candidate for Slackware 12.0 is available. "It's that time again, and here we have Slackware 12.0 release candidate 1! :-) If we're lucky, we got it all right the first time. Big thanks to the crew."

Full Story (comments: 5)

Terra Soft Unifies Power Ecosystem with YDL v5.0.2

Terra Soft has announced the release of Yellow Dog Linux v5.0.2, a single Install DVD with support for the Apple G4 and G5 computers, Sony PS3, and IBM 'System p' servers, including the JS20/21, OpenPower, and current POWER5 systems.

Full Story (comments: none)

Distribution News

RHEL certified at EAL4+

James Morris notes that Red Hat Enterprise Linux has been certified at the EAL4+ security level - at least when properly configured on certain IBM server systems. "A lot of people thought it would be outright impossible to get an open source OS certified at this level. Not only were they wrong, but we've done it in a way which makes it part of the mainline kernel, upstream userland, and integrated into standard distributions. It is not some out-dated, incompatible and outrageously expensive fork of the OS, as has historically been the case with trusted OSes. 'Military-strength' security is just now just another feature you get as standard in Linux, and it receives the same testing and community benefits as the rest of the OS."

Comments (11 posted)

Shuttleworth: no negotiations with Microsoft in progress

Ubuntu founder Mark Shuttleworth has posted a message stating the Ubuntu is not discussing patent deals with Microsoft. "Allegations of 'infringement of unspecified patents' carry no weight whatsoever. We don’t think they have any legal merit, and they are no incentive for us to work with Microsoft on any of the wonderful things we could do together. A promise by Microsoft not to sue for infringement of unspecified patents has no value at all and is not worth paying for. It does not protect users from the real risk of a patent suit from a pure-IP-holder (Microsoft itself is regularly found to violate such patents and regularly settles such suits). People who pay protection money for that promise are likely living in a false sense of security."

Comments (21 posted)

Debian Release Team Meeting

The Debian release team met in Juelich recently to discuss the Etch release cycle and kick-off the Lenny cycle. Click below for an overview of the meeting and a tentative schedule for the Lenny release.

Full Story (comments: none)

Debbugs Feature Enhancements and Archiving

There have been some feature enhancements to the Debian Bug Tracking System (BTS). "The first and most visible are the version graphs which are present to the right of all bugs with versioning information. Hopefully these will help resolve some of the queries about why the BTS feels that a particular bug applies to a particular suite."

Full Story (comments: none)

Fedora-Devel-Announce is Now Open

The Fedora-Devel-Announce list is now available. "The goal of this list is to make it easy for Fedora contributors to follow changes in that may be pertinent to developers within the Fedora Project. This is intended to be a LOW TRAFFIC announce-only list of development topics, so we hope subscribers wont feel the need to filter it away from their Inbox."

Full Story (comments: none)

Fedora Board Recap 2007-JUN-12

A recap of the June 12, 2007 meeting of the Fedora Board is available. There was a discussion of secondary arches, FUDCon F8, Fedora Advisory Board Membership, and more.

Full Story (comments: none)

Magazine Fedora 7

Linux Identity Magazine will be releasing an edition devoted to Fedora 7. The hardcopy magazine will be available in France and comes with 2 bootable DVDs attached to the magazine: for 32 bit and 64 bit systems.

Full Story (comments: none)

Novell Announces Real-Time Linux Enhancements and Partnerships

Novell has announced new enhancements to SUSE Linux Enterprise Real Time and unveiled new partnerships that expand the ecosystem around Novell's low latency Linux solution.

Comments (none posted)

Results of survey on use of proprietary software in openSUSE

The results are available for a survey about the use of proprietary software in openSUSE. "It shows that we ship on the media some software which is hardly used (e.g. PlanMaker, SEPsesam etc.). Software which is hardly used we don't neet to ship on our media. Therfor my suggestion is to drop some software totally and offer some software only via ftp. To be discussed on opensuse-project."

Full Story (comments: none)

Ubuntu "gutsy" features announced

Ubuntu has released a list of the planned features for the upcoming Ubuntu 7.10 ("gutsy gibbon") release. "Ubuntu 7.10 will ship with the latest edition of the GNOME desktop, 2.20, released a few weeks before our own release. Kubuntu 7.10 will ship with KDE 3.5.7, and should also include packages of KDE 4.0 rc 2 available for optional side-by-side installation. We are aiming for Ubuntu to be one of the first distributions to ship the newly merged Compiz and Beryl projects (compcomm/OpenCompositing); and enable it as the default window manager on systems with a supported combination of hardware and drivers."

Full Story (comments: 2)

Ubuntu Derivatives mailing list

The Ubuntu Derivatives mailing list has been announced. This mailing list is the place for discussions about Ubuntu derivatives, to achieve collaboration across derivatives, discus problems and search for solutions together.

Full Story (comments: none)

SUSE Linux 9.3 security support is now discontinued.

SUSE Linux 9.3 is now officially discontinued and out of support. Click below for a wrap up of security issues during this product's lifetime.

Full Story (comments: none)

Reminder - Fedora Core 5 EOL on 2007-06-29

Fedora Core 5 will reach its End of Life on Friday June 29th. There will be no security or bug fixes after that date.

Full Story (comments: none)

Distribution Newsletters

Fedora Weekly News Issue 92

The Fedora Weekly News for June 18, 2007 covers Fedora Core 5 EOL, Fedora-Devel-Announce is now open, Fedora Board Elections, Working on Fedora L10n, End of "I didn't know about that change!?!" for Fedora devel (?), Workaround for kernel panic on suspend/resume, Magazine Fedora 7 (France), Fedora 7 Xen First Look, Maximum PC reviews Fedora 7, and much more.

Full Story (comments: none)

Ubuntu Weekly News: Issue #45

The Ubuntu Weekly Newsletter for June 16, 2007 covers Mark Shuttleworth's debunking of a rumor of a possible Microsoft deal, Gutsy translation opening, an interview with Matthew East and much more.

Full Story (comments: none)

DistroWatch Weekly, Issue 207

The DistroWatch Weekly for June 18, 2007 is out. "The first release candidate of Slackware Linux 12.0, Linus Torvalds' entertaining exchange with Sun Microsystem's Jonathan Schwartz, and Linspire's promise of a "better Linux" through a partnership with Microsoft were the most interesting headlines of the past week. We comment on these and other events of the week. In other distro-related news, the Debian project announces a tentative release schedule for Debian "Lenny", Max Spevack talks about the upcoming Fedora 8, and, in an exclusive DistroWatch interview, Adam Williamson introduces a number of projects that will shape the future of Mandriva Linux. Finally, don't miss the list of changes and updates to the DistroWatch package list as used for tracking version numbers of important software applications."

Comments (none posted)

Distribution meetings

participate in DebConf7 from abroad

Live video streams of DebConf7 (ends June 23, 2007) are available. The email (click below) also has information on the IRC channels where discussions are taking place and a link to the video archive.

Full Story (comments: none)

Distribution reviews

Alternative GUIs: GoblinX (TuxMachines)

TuxMachines reviews GoblinX. "GoblinX is a live Linux distribution based on Slackware 11, written by a Brazilian developer who goes by the pseudonym Grobsch. (You can contact Grobsch on the GoblinX forum.) GoblinX differs from other live distributions in two main ways. First, it manages to pack five different window managers/GUIs into a 305 MB ISO image, and uses custom artwork for each of them that's quite unlike anything you've seen before."

Comments (10 posted)

Page editor: Rebecca Sobol
Next page: Development>>

Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds