Slashdot Mirror

Really? Most of these don't look like Windows 8 ... http://spins.fedoraproject.org...

RHEL updates are available:

https://rhn.redhat.com/errata/RHSA-2014-0376.html

CentOS updates are available:

http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html

Fedora updates are available, hitting the mirrors, but you can get it earlier, instructions here:

https://lists.fedoraproject.org/pipermail/announce/2014-April/003205.html

https://lists.fedoraproject.org/pipermail/announce/2014-April/003206.html

RHEL updates are available:

https://rhn.redhat.com/errata/RHSA-2014-0376.html

CentOS updates are available:

http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html

Fedora updates are available, hitting the mirrors, but you can get it earlier, instructions here:

https://lists.fedoraproject.org/pipermail/announce/2014-April/003205.html

https://lists.fedoraproject.org/pipermail/announce/2014-April/003206.html

*cough* you can already do all this if you want.

(just include your magic in the kdump init script / initrd to do with the dump information as you will)

Welcome to Linux except it isn't called Linux anymore the new name is Lennart NT.

All these mean druids are telling you that you have to learn iptables. Too bad they don't know it is about to be replaced by firewalld.

https://fedoraproject.org/wiki...

Figured systemd would get dragged into this.

One of the biggest problems with systemd is simply documentation. System administrators have a lot of learning invested in SysV and BSD, and systemd changes nearly everything. Changing everything may be okay, may be good, but to do it without explanation is bad no matter how good the changes. I'd like to see some succinct explanation, with data and analysis to back it up. Likely there is such an explanation, and I just don't know about it. But the official systemd site doesn't seem to have much, I'd also like to see a list with common system admin commands on one side, and systemd equivalents on the other, like this one but with more. For example, to look at the system log, "less /var/log/syslog" might be one way, and in systemd, it is "journalctl". To restart networking it might be "/etc/rc.d/net restart", and in systemd it's "systemctl restart network.service". Or maybe the adapter is wrongly configured, DHCP didn't work or received the wrong info, in which case it may be something like "ifconfig eth0 down" followed by an "up" with corrected IP addresses and gateway info.

When information is not available, it looks suspicious. How can we judge if systemd is ready for production? Is well designed? And that the designers aren't trying to hide problems, aren't letting their egos blind them to problems? To be brusquely told that we shouldn't judge it we should just accept it and indeed ought to stop whining and complaining and be grateful someone is generously spending their free time on this problem, because we haven't invested the time to really learn it ourselves and don't know what we're talking about, doesn't sit well with me.

Same goes for Wayland and MIR. Improving X sounds like a fine idea. But these arguments the different camps are having-- get some solid data, and let's see some resolution. Otherwise, they're just guessing and flinging mud. Makes great copy, but I'd rather see the differences carefully examined and decisions made, not more shouting.

There's no SRPM for Chrome, so it's binary-only

Chromium is Chrome without the proprietary parts. It's not in Fedora for other reasons, mostly related to having to fork and bundle the libraries that it uses in order to add API hooks for needed functionality, which may or may not meet the "modified beyond a certain extent" exception to Fedora's policy on bundled libraries.

So can we all get on the bandwagon with Fedora and start using NSS instead?

http://fedoraproject.org/wiki/...

What if the code is free but the artistic content is not?

A free game engine is useless without a "mission pack" of artistic content. For example, a Doom source port is useless without WADs. If all mission packs for a given engine are non-free, the game will be excluded from repositories because it requires a non-free component in order to be useful. For example, a free video game engine uploaded to F-Droid that requires or strongly recommends the use of non-free mission packs would be marked with the NonFreeAdd antifeature, and applications with antifeatures were hidden by default last time I checked. Plenty of games are listed here with "no free data" or the like. Nor does Fedora package emulators because they require ROMs, and though free ROMs exist (such as some I've developed myself), someone on fedora-legal told me there aren't enough free ROMs to outweigh the risk of a potential Nintendo v. Red Hat.

Besides, how should a developer deter unlawful copying of the artistic content if the engine is free?

What if the code is free but the artistic content is not?

A free game engine is useless without a "mission pack" of artistic content. For example, a Doom source port is useless without WADs. If all mission packs for a given engine are non-free, the game will be excluded from repositories because it requires a non-free component in order to be useful. For example, a free video game engine uploaded to F-Droid that requires or strongly recommends the use of non-free mission packs would be marked with the NonFreeAdd antifeature, and applications with antifeatures were hidden by default last time I checked. Plenty of games are listed here with "no free data" or the like. Nor does Fedora package emulators because they require ROMs, and though free ROMs exist (such as some I've developed myself), someone on fedora-legal told me there aren't enough free ROMs to outweigh the risk of a potential Nintendo v. Red Hat.

Besides, how should a developer deter unlawful copying of the artistic content if the engine is free?

2.6.0 came out in 2004, 3.0 (the next after 2.0.39) in 2011. You are not being very precise saying 2.6 related to redhat kernel. But, about to your point, Redhat/centos 5.x came with kernel 2.6.18 (released in 2007, still had the same kernel version in RedHat 5.10 that came out last october), and Redhat 6.x, that came out in 2010, had kernel 2.6.32 (released in 2009). As enterprise distribution, what matters is stability, and certification for 3rd party software, not having the latest versions, all is tested with an specific kernel version, and that kernel (and in general, packages) are kept in the same version, backporting/patching fixes when necessary, and you won't have to worry about a newer version of a sofware changing a configuration file format or keywords and stopping working after updating. Anyway, you can still install extra repositories (like EPEL) that will give you newer versions of some packages.

If you want to use something bleeding edge, you can try Fedora, Ubuntu, or another of the desktop distributions

They do...
The DDC & EDID standards which are used to read monitor capabilities also supports reading the physical size. The problem is that windows ignores this information, and therefore some monitors don't bother to supply this information, or supply it incorrectly.

http://scanline.ca/dpi/
https://lists.fedoraproject.org/pipermail/devel/2011-October/157671.html

Is using bcache really this hard? I didn't see any mention of setting up bcache during an initial system install. Essentially like: install everything to /dev/sda and use /dev/sdb as cache? Couldn't this be done if /dev/sda1 was a LVM w/ / on it, maybe with /dev/sda2 as /boot?

Ubuntu isn't especially bloated. It runs at least as good as WindowsXP out of the box, as far as performance is concerned.

To my layman's eyes, Linux has been suffering from a bit of "X distro is/once was good and is slowly dying from lack of funds or internal politics".

Then your layman's eyes are suffering from selection bias (a common problem). There are several distros that have been running solid for a very long time. Such distros are Ubuntu's own granddaddy, Fedora, Gentoo, Arch, and more recently SUSE.

Anyways, it is far from ridiculous for RedHat to aspire to this. RedHat is used in many data centers and has contributed a very large number of software packages for clustering, management, and virtualization.

I am genuinely excited at the idea of BTRFs becoming production ready.

Don't hold your breath. I've been watching the btrfs development and it's simply not there yet. A good clue for when it will be considered "production ready" would be when RHEL advertises it as something other then a technical preview. And it's still labeled as experimental in Fedora 19 (released July 2013), even after it was slated to become the default in Fedora 16 (which didn't happen).

So, maybe it makes it in time to be included in RHEL7 as "ready".

Although Red Hat is already talking about RHEL7 since 2012 of last year, and they'll probably be using one of the Fedora releases as their base. So unless btrfs makes it into FC20 or FC21 as "ready", I think they might miss the RHEL7 release.

I've suggested previously, even before the post-Snowden cloud/privacy concerns, that Microsoft could be in a very strong position if they swam across the current a little and promoted private clouds.

That is not a significant strength for Microsoft. There is no philosophical advantage to closed-source infrastructure compared to freedom-respecting software. Microsoft might win a bunch of sales because of their tight integration and simplified controls, but if you're worried about privacy, then Microsoft is not the way to go.

If you're doing a cloud deployment and you're worried about privacy, then the only real solution is to go to some open-source cloud system.

Impressive. You are wrong on just about *everything* you wrote:

>>POWER support is dead on all enterprise Linux distributions, Red Hat dropped support with EL5.
Nope and nope and nope

>>Furthermore OpenPower boxes are contractually prohibited from running AIX.
You are confusing this announcement with a previous attempt at the Linux market that was also called OpenPower. Those systems only ran Linux and could not run AIX. This announcement is about opening up the entire platform and licencing out parts or whole cores of the actual high end chips to companies like Google, who recognize that the single most expensive component in servers is the CPU - and they want choice and customization.

>>You've got a box of hardware with nothing to run on it and it can only deliver half the performance of comparatively priced Intel equipment.
The recently released Power7+ chip running Linux is the fastest thing on the market right now.

>> If you outsource support to IBM, their support specialists in the delivery centers will accidentally nuke your whole frame during routine maintenance, and you could be down for days
Umm..ok I'm stopping now

Fedora itself is a relatively small, bare distribution.

There are fourteen thousand software packages in Fedora.

it doesn't come with codecs, Flash, any proprietary repositories, VirtualBox, etc. That's why Adobe, Oracle and RPMFusion exist, they are add-ons to the core of Fedora.

Which only contain a few hundred packages, mostly due to licensing issues that Fedora doesn't want to tackle (have an argument with the government over).

No thank you, I'll stick with an all-in-one set up like Mint or Debian.

Adobe doesn't even run a repo for Debian and its packages rely on downloading binaries raw, without repo support. It's good that the intermediate packagers make the effort to stay on top of vendor updates, though.

Did not RedHat secure a Microsoft key? Ditto for Ubuntu (although they may be simply using RedHat's); the bootloader shim was written some time back, all that was lacking was the key. The links below are fairly old and I haven't been keeping tabs on the matter since I'm not going to be doing a build soon. Last thing I recall reading, tho, indicated the whole thing was a done deal and that if one wanted to install a Linux distro it wouldn't be a problem, just a bit of hassle.

Or here: http://www.linuxuser.co.uk/news/uefi-secure-boot-key-provided-by-linux-foundation from Oct. 11 last year.
Or here: http://www.linux-magazine.com/Online/Features/UEFI-and-Secure-Boot
Or here: https://docs.fedoraproject.org/en-US/Fedora/18/html-single/UEFI_Secure_Boot_Guide/index.html

Btw, the key itself comes from Verisign; you can get your own for $99 just like everyone else; or use any of the other approaches as above. Unless the OEM completely locks down it's board, you can also simply bypass the UEFI signing altogether, as required in the spec, as I understand it.

Yes. I work on Fedora. For Red Hat. I've done seven package builds in the last week - https://koji.fedoraproject.org/koji/userinfo?userID=954 . I'm still official maintainer for a few. I contributed to several rounds of discussion on revising the packaging guidelines. And I'm the team lead for the RH team which works on the automated testing system which is ultimately intended to *enforce* some of the packaging guidelines. Credentials enough for you?

It would not make sense for a distro like Fedora to be as stringent with packaging policies as stable Debian is,

Have you packaged something for fedora before? It's packaging policies are quite stringent.

Here's a portion of it

Or you can have a BIOS that addresses the decades of accumulated legacy bodging that is the PC, without UEFI.
Just put a BIOS that removes all the old cruft of the old BIOS, adds some new features, but is totally minimalistic.

Because in 10 or 20 years UEFI will be like the old BIOS. It will do totally old stuff that nobody wants, and it will not allow new stuff, because of the same reasons of the that the old BIOS have.

The only remedy is to have a totally minimalistic BIOS that puts control as fast as possible to the System kernel.
We had "Secure Boot" stuff for Linux for a long time before Secure Boot.
See:
https://fedoraproject.org/wiki/Tboot
http://sourceforge.net/projects/tboot/

Fedora makes available new kernels within a few days, for those that want to play with the latest and greatest. The 3.10 kernel should be available within the next 24 hours using the Fedora rawhide kernel nodebug repository.

Really, that isn't specific to debian.
https://build.opensuse.org/
http://koji.fedoraproject.org/

Red Hat is the sole, most significant contributor or one of the main contributors to to an awful lot of those 'other open source projects':

https://fedoraproject.org/wiki/Red_Hat_contributions (and that's massively incomplete)

It's a core principle of RH work that as much work as possible is done or pushed upstream, and that RH products should be 100% F/OSS (the exception to this is when we acquire proprietary software and spend a couple of years doing the legal and engineering spadework to make it 100% F/OSS, which is just a terrible thing for us to do, I know).

All of the source for RHEL is publicly available - http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ (and other paths on that server), go knock yourself out. (This is not minimal legal compliance, BTW; minimal legal compliance would be providing only copyleft sources, and providing them only to customers. We don't have to put the entire SRPM set up for public download on our own servers). You can get an evaluation version of RHEL 6 for free at https://ca.redhat.com/products/enterprise-linux/server/download.html - where 'evaluation' just means 'you only get updates for X days'. You can buy the RHEL Developer Suite - https://www.redhat.com/apps/store/developers/rhel_developer_suite.html - which includes RHEL with every single add-on, and access to all updates, just like having a commercial support contract only without the commercial support - for a measly $99. Or you can just go download CentOS or Scientific Linux, which projects RH does nothing whatsoever to impede.

RH is the single leading contributor to upstream OpenStack: http://readwrite.com/2013/04/16/will-red-hats-openstack-contributions-turn-to-gold

Name me a company that manages to run a sustainable business while contributing more to F/OSS development. One company.

I know for sure Google, Fedora and Microsoft (I know... but it has perks for the club) have ambassador programs and will provide funding and raffle prizes that can be used for fundraising to keep the club going.

It may be my lack of Google skills, but I can't find any evidence of a Red Hat corporate presence in Ghana. (and both surprised and slightly disappointed to find very few pictures of Ghaneans wearing fedoras instead but I digress...)

I will bite on this.

Something I found in the past is, if there is no presence where you live, contact the company and create the presence there. They will often work with you for loads of promotion that will cost them almost nothing.

Ambassador Programs
http://fedoraproject.org/wiki/Ambassadors
http://www.google.com/intl/en/jobs/students/proscho/programs/uscanada/ambassador/ (find your region)
http://www.microsoft.com/de-ch/students/en/getInTouch/MicrosoftOnCampus/Ambassadors/default.aspx#fbid=6Weg8o4CBmr
http://www.apple.com/education/campusreps/

Don't forget to contact other major distros and see if they have anything similar or would donate some shirts, dvds, usbs, keychains or ANYTHING to your group to help promote Linux.

Sign your team up for Dreamspark and get Microsoft OSs running as VMs on top of linux so you can know about the issues involved with running MS services in VMs. They also have something like "Microsoft Services for Unix." It's always good to know your "enemy."

"But F18 was a disaster from the first second I began with it, when I discovered they would not allow F16 to upgrade when they've always supported two versions back"

https://fedoraproject.org/wiki/Upgrading :

"This is the recommended method to upgrade your Fedora system to Fedora 18 and newer. Note that FedUp is only available in Fedora 17 and later. Thus users who are currently running Fedora 16 or earlier, will first need to upgrade to Fedora 17 using another method before being able to use FedUp to upgrade to Fedora 18 or later."

"and then I discovered it wouldn't boot from the DVD and I had to leave my computer downloading a million RPM files overnight when I had burned a DVD image"

Yes, of course, Fedora 18 doesn't boot from a DVD. That's why there were all those outraged news articles about it and the pitchfork-toting mobs in the street.

Wait, no, F18 boots fine from a DVD. We tested it. No news articles. No mobs. I can believe there might be some weird bug which prevents it working properly on some specific hardware, but generally, the F18 DVD boots just fine. I tested it myself.

"Until a few minutes ago, when I had a kernel panic and a reboot after updating 900 packages this morning. I thought I'd waited long enough for a buggy kernel to be replaced with a good one."

Fedora, being a cutting-edge distro, rebases the kernel on currently stable releases to the latest stable upstream kernel each time a new upstream release happens. Yes, this can occasionally cause problems, and sorry it did so for you. But it fits in with the nature of what Fedora is for, it does not cause problems for most users (in fact on balance it usually fixes more problems than it causes), and the kernel team does work hard to fix any bugs that are reported at the time of the rebase. See e.g. http://codemonkey.org.uk/2013/05/21/a-day-in-the-life/ "Looked at bugzilla backlog. Swore a lot. 3.9.x rebase bugs started to trickle in" and http://codemonkey.org.uk/2013/05/24/daily-log-may-24th-2013/ "Looked at a bunch of “can’t boot” bugs that came in since F18 got rebased to 3.9. Found a thread upstream that seems to be discussing the same bug."

If you want a long-term stable distribution for production use in critical cases, Fedora is probably not the distribution for you. But no, it is not "a perverse, sadistic force of pure evil". I don't wake up in the morning and go 'aha, who can we piss off today'. We are trying to drive forward the development of F/OSS, constantly, and that requires a level of churn and major change.

Perhaps NM has now gotten to the place that you can define bonds and VLANs and the like, but the last time I tried they were a nightmare compared to good old network.

NetworkManager has had bonding and VLAN support since version 0.9.4.

Fedora Project Wiki: Networking/Bonding
Fedora Project Wiki: Networking/VLAN

Perhaps NM has now gotten to the place that you can define bonds and VLANs and the like, but the last time I tried they were a nightmare compared to good old network.

NetworkManager has had bonding and VLAN support since version 0.9.4.

Fedora Project Wiki: Networking/Bonding
Fedora Project Wiki: Networking/VLAN

As for Network Manager, try running it with any USB networking (direct connect, like with a phone, rather than an USB-connected ethernet card): it will kill the interface every roughly 30 seconds. Its upstream refused to fix that saying they don't aim to support every possible device.
Or, bridged setups. Or, basically anything more complex than a plain ethernet or wifi interface.

NetworkManager has supported bridging since version 0.9.8.

Fedora Project Wiki: Networking/Bridging
NetworkManager Now Supports Bridging, AP-Mode Hotspot

spins.fedoraproject.org/lxde/

You know, with all the crap with GNOME 3 and all, I left Fedora for CentOS. In many ways, CentOS serves me better, but in that, I also learned there were some things I couldn't do. Not "couldn't do without a great deal of trouble" but couldn't do. GiMP was and still is to some degree, important to me recreationally and professionally. And while I certainly have issues with GiMP 2.8.x's directions, I wanted to run it. Turned out, however, that I couldn't. It seems conflicting versions of GTK for the Desktop UI and the requirements of 2.8.x created a bit of an impossible situation. Determined to make it work, I eventually did manual compiles of GiMP and all of the GTK related dependencies. And there were a lot of them. But even after that, GiMP, with its own GTK libraries, would not integrate with my existing GNOME desktop. So I lost Japanese text entry which is, at times for me, important.

GTK is "Gimp toolkit." This makes it an application library. But for some reason, GNOME, the desktop OS shell, decided to adopt GTK for what it does. It didn't seem like a bad idea until you take into account that the GiMP and GTK developers don't give a rat's ass about backward compatibility or any of that. It is GNOME's fault for selecting GTK instead of forking it or something else. So now, among other programs, I cannot run GiMP on CentOS. I will never stop ranting about this.

But I miss the good days and have been watching the MATE desktop which will never, it seems, come to CentOS. And so I've been tempted to give the next Fedora a try. One thing I haven't heard much about is wobbly windows. I really like having my wobbly windows and 3D virtual desktop. (I speak of Compiz, of course if you didn't already know.) I see this: https://fedoraproject.org/wiki/MATE-Compiz_Spin and that's encouraging... but I wonder. I hope anyway.

But I was looking at the release schedule. Combine that with the doom of the global economy, I'm thinking I'd be better off buying up stocks of canned beans instead of a new hard drive. *sigh*

If you use Linux, and other open source software, you can do a lot of learning and paid work in the software industry without having to pay expensive licences - while still being strictly legal!

word processor & other office software:
http://www.libreoffice.org/

database:
http://www.postgresql.org/

compilers:
http://gcc.gnu.org/

operating system & sufficient software to do useful things (2 of over 100 offerings, pick one that suites you best!):
https://fedoraproject.org/
http://www.debian.org/

network diagnostic:
http://www.wireshark.org/ ... and many others ...

I don't think they are equals.
* Side tabs don't work
https://addons.mozilla.org/en-US/firefox/addon/tree-style-tab/?src=search
http://piro.sakura.ne.jp/xul/_treestyletab.html.en#screenshots
* Fonts don't work
* Some distributions don't package Chromium because it's a mess:
http://fedoraproject.org/wiki/Chromium
* IMHO Chromium looks very ugly because of the custom window decorations
* Firefox just have much more addons

http://fedoraproject.org/wiki/Releases/19/FeatureList

MariaBD will replace MySQL
After wikipedia (on *. yesterday) and of course my revered Slackware, MariaDB really seems to be getting traction.
Maybe time to have a look...

Why reinvent the wheel :-%

https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/user-keys.html

5.3. Managing Public SSH Keys for Users
OpenSSH uses public-private key pairs to authenticate users. A user attempts to access some network resource and presents its key pair. The first time the user authenticates, the administrator on the target machine has to approve the request manually. The machine then stores the user's public key in an authorized_keys file. Any time that the user attempts to access the resource again, the machine simply checks its authorized_keys file and then grants access automatically to approved users.
There are a couple of problems with this system:

        SSH keys have to be distributed manually and separately to all machines in an environment.
        Administrators have to approve user keys to add them to the configuration, but it is difficult to verify either the user or key issuer properly, which can create security problems.

On Fedora, the System Security Services Daemon (SSSD) can be configured to cache and retrieve user SSH keys so that applications and services only have to look in one location for user keys. Because SSSD can use FreeIPA as one of its identity information providers, FreeIPA provides a universal and centralized repository of keys. Administrators do not need to worry about distributing, updating, or verifying user SSH keys.

And if that's not enough, there's the AOS kickstart.

Or use a software group, at least for the ones with yum.

Eh what? I'm using "commercial quality Open Source products" all the time. GIMP, Inkscape, Eclipse, Fedora Linux, Apache, Archiva, Maven, gcc, VLC, LibreOffice, XBMC, ArgoUML, Avidemux, Latex, Kile, KDE, Amarok, (that was a very short list of a much bigger list of software that I think are "commercial quality" and I'm using every day). The documentation is also very well.

"it's even rarer that you see actual documentation apart from "read the source" Eh what again? For example: Fedora Docu, GIMP Docu, Maven Docu, Inkscape Docu. "read the source" my ass.

What have the development method (open source) to do with quality anyway? I think you wanted to say: " It's rare that you see commercial quality hobby and in free time developed products".

Red Hat - or anybody else, for that matter - is free to take the pure open source Chromium and port it to RHEL

There is a reason Chromium has not made it into Fedora's repositories (and by extension, RHEL):

https://fedoraproject.org/wiki/Chromium

Basically, the problem is this: Chromium depends on extensions to libraries that have not been merged with the main releases of those libraries, and so having Chromium on Fedora would require either static linking (giant packages) or maintain separate sets of libraries just for Chromium. Neither of those options is something that Fedora will do, and if Fedora is unwilling to include a package in its repositories the package as almost no chance of being included in RHEL. Years have passed since the problem was first discussed with Google (see the link), and there has not really been much progress, mostly for the same reasons that RHEL6 is not supported by Chrome: Google does things their way and is not going to change that for someone else (regardless of that other person's reasoning).

This whole thing about Java being the issue annoys me - if you take a broader look at the whole ecosystem.

Take a look at no more than 2 weeks ago with CVE-2012-4414 for example...

This is a MySQL security bug where any authorised DB user can arbitrarily inject SQL in the binlog used for replication...

For those that don't know Oracle has recently (over the past year) moved the majority of their bugs database internal only so that inhibits discussions for a start and on top of that they no longer publish test cases for fixes ... it looks like they might be going into an internal/tests directory but that isn't provided in the GPL tarball they provide.

However the curiousness doesn't stop there - if they are still writing test cases for code as opposed to just changing stuff willynilly they don't seem to be writing them very well.

When the Percona guys were merging from the upstream code they used the test case that the MariaDB team put together for this CVE - since there is no test provided by Oracle as previously mentioned.

They naturally expected the test to be fine seeing as Oracle claimed the CVE was fixed in 5.5.29 but shock horror it failed.

They ended up merging the MariaDB fix instead.

Given that what makes you think the rest of the code is *really* like and why that Java fix recently introduced a new bug and so on...

Ah well in the meantime FESCO has accepted the proposal to replace MySQL with MariaDB in Fedora 19 which is something that Oracle weren't too pleased with...

That Oracle response was prior to the FESCO vote by the way - time to get the popcorn methinks!

This whole thing about Java being the issue annoys me - if you take a broader look at the whole ecosystem.

Take a look at no more than 2 weeks ago with CVE-2012-4414 for example...

This is a MySQL security bug where any authorised DB user can arbitrarily inject SQL in the binlog used for replication...

For those that don't know Oracle has recently (over the past year) moved the majority of their bugs database internal only so that inhibits discussions for a start and on top of that they no longer publish test cases for fixes ... it looks like they might be going into an internal/tests directory but that isn't provided in the GPL tarball they provide.

However the curiousness doesn't stop there - if they are still writing test cases for code as opposed to just changing stuff willynilly they don't seem to be writing them very well.

When the Percona guys were merging from the upstream code they used the test case that the MariaDB team put together for this CVE - since there is no test provided by Oracle as previously mentioned.

They naturally expected the test to be fine seeing as Oracle claimed the CVE was fixed in 5.5.29 but shock horror it failed.

They ended up merging the MariaDB fix instead.

Given that what makes you think the rest of the code is *really* like and why that Java fix recently introduced a new bug and so on...

Ah well in the meantime FESCO has accepted the proposal to replace MySQL with MariaDB in Fedora 19 which is something that Oracle weren't too pleased with...

That Oracle response was prior to the FESCO vote by the way - time to get the popcorn methinks!

Quoth the Fedora wiki,

With the change to a hub-and-spoke model rather than a linear wizard model, the new UI allows users to entirely skip screens that they aren't interested in interacting with, streamlining the install process to only those screens that are most essential for installation to proceed.

So, it's like the Debian installer, only less powerful and more confusing!

/me runs away

Uhm... compiz works just great with MATE, exactly the same as with Gnome 2

Not in Fedora 18, the topic here. Thus my phrasing "You don't have compiz, so ...", because F18 does not have compiz.

(And thus no packages or subpackages that depends on it either, like desktop-effects, beryl, emerald, compiz-gconf...).

Funnily enough, compiz seems to be available for F17 and F19, just not F18.

I wish yum handled this better. I've been getting by with the yum-plugin-show-leaves, it at least tells which packages are new leaves when you uninstall something. Have you tried yum-plugin-remove-with-leaves ? Quote:

This extension removes unused dependencies which have been incorporated by an installation package that would otherwise not be removed. Helps maintain a system clean of libraries and unused packages.

If you don't like GNOME 3, you can pick a different spin:

Available spins as of this morning:
Fedora 18 Desktop Edition
Fedora 18 KDE Spin
Fedora 18 LXDE Spin
Fedora 18 Xfce Spin

Or you can do a minimal install from the installer ISO (Either on DVD, USB stick, or even over a network), then install a desktop of your choice from the following (Incomplete) list:
GNOME 3.6
Cinnamon
MATE
KDE Plasma Workspaces 4.9
Xfce 4.10
Enlightenment

I don't know if dialogs are still immovable, my ISO is still downloading.

http://get.fedoraproject.org/

I got the upgrade started by adding the following option to fedup-cli
--instrepo http://dl.fedoraproject.org/pub/fedora/linux/releases/18/Fedora/x86_64/os/

obviously replace x86_64 with i386 if you have to.

sysv-to-systemd is not blocking release. If you want to know what's blocking release, what you want to look at is the Release Blockers:

http://qa.fedoraproject.org/blockerbugs/milestone/18/final/buglist