Fedora 12 was released on November 17 with the usual pile of new packages and features. By the sounds, it is a solid, well-received release. But one feature—unpublicized, undocumented, and turned on by default—has a number of Fedora users up in arms, leading to a huge thread on fedora-devel, in the bugzilla entry, and here at LWN. Subscribers can click below for a look at this issue from next week's edition.

Sam Ravnborg, long-time maintainer of the kernel build (kbuild) subsystem, has announced his intention to step down from that role. "I have done this solely on a hobbyist basis and family (3 kids etc) + job require me so the kbuild maintainer job was becoming a duty and not that fun suddenly." It's not clear who the replacement will be. Thanks are due to Sam, who has left the state of kernel building far better than he found it.

MySQL Community Server 5.0.88 has been released. This release includes a security fix along with other bug fixes. "Security Fix: MySQL clients linked against OpenSSL did not check server certificates presented by a server linked against yaSSL."

Mueller said the delay in Oracle's response means a decision on the merger won't come from the European Commission until January 27.

Fedora project leader Paul Frields has announced that the PackageKit policy that allowed non-root users to install packages will be changed. "After more discussion and thought, though, the package maintainers have posted to the fedora-devel-list mailing list agreeing to provide an update to Fedora 12's PackageKit. The update will require local console users to enter the root password to install new software packages." The message from Owen Taylor gives a good overview of the issue.

Linus has released 2.6.32-rc8. "The way things are going, this will likely be the last -rc. I wish we had more people looking at the regression list, but at some point I'm just going to have to say 'ok, enough is enough'." Details may be found in the full changelog.

Google has posted some information about Chromium OS, along with the current source. "First, it's all about the web. All apps are web apps. The entire experience takes place within the browser and there are no conventional desktop applications. This means users do not have to deal with installing, managing and updating programs." See the Chromium OS page for more information.

Contrary to rumors, Google did not release a beta version of its much anticipated Chrome operating system today. And nothing is coming anytime soon: the final version is at least a year away, the mega giant web company said. But there was some significant news for the community today. Google made the early code available to [...]

Scott Dowdle interviews Red Hat's Andy Cathrow and Jim Brennan about the company's latest Enterprise Virtualization technology. "ML: In the year between the merger with Qumranet and the release of RHEV for Servers, what were the primary changes made to the product? AC: We made many, significant changes. A quick, but not complete list includes: * SAN support - including iSCSI and Fiber channel (previously NFS only) * Multipath I/O * NIC bonding (host) * Multiple nics (guest) * VLANs * High availability * System scheduler (distribution policies, scheduling VMS) * Power Saver * Support for large hosts 96 cores, 1TB RAM * Support for large guests 16 cores, 256GB RAM * Support for managing hosts - including configuration files and software updates".

eWeek reports on Tim O'Reilly's prediction of a shift towards openness at Microsoft. "At the Web 2.0 Expo, Tim O'Reilly predicts that Microsoft will emerge as a leading proponent of the open Web, despite the company's tradition of fostering its own proprietary operating systems and development languages. O'Reilly says Microsoft's recent deals to index Twitter tweets and use Wolfram Alpha's APIs for computational data show a shift in its willingness to work with other Web companies. Moreover, the Windows Azure cloud computing operating system is designed to work with open-source technology."

SUSE has updated java (multiple vulnerabilities). Ubuntu has updated apache2 (multiple vulnerabilities).

The Cooperative Bug Isolation project has been made available for Fedora 12. "CBI is an ongoing research effort to find and fix bugs in the real world. We distribute specially modified versions of popular open source software packages. These special versions monitor their own behavior while they run, and report back how they work (or how they fail to work) in the hands of real users like you. Even if you've never written a line of code in your life, you can help make things better for everyone simply by using our special bug-hunting packages. We currently offer instrumented versions of Evolution, The GIMP, GNOME Panel, Gnumeric, Nautilus, Pidgin, Rhythmbox, and SPIM."

Open source Java clustering software developer Terracotta announced its intent to buy an open source job scheduler known as Quartz. The integration of Quartz into Terracotta’s platform will ease high availability job scheduling and scaling applications to multiple nodes, the company said. Quartz is currently integrated into SpringSource and Red Hat products and counts Adobe, Cisco, [...]

With ChromeOS Google is making the same call on networks Microsoft made on chips two decades ago. It's a call that demands a response, not just from the market but from governments. Deregulate. Free the bits. Here and around the world.

MindTouch has launched its own cloud to serve up its open source collaboration solution.

The LWN.net Weekly Edition for November 19, 2009 is available.

Fedora bug #534047 contains an interesting Fedora 12 surprise: "PackageKit allows you to install signed content from signed repositories without a password by default. It only asks you to authenticate if anything is unsigned or the signatures are wrong." So any user can install any package found in the official repository. Some Fedora developers, at least, seem to see this as a feature; see this rapidly-growing thread for the discussion. The bug report contains the incantation needed to disable this behavior: pklalockdown --lockdown org.freedesktop.packagekit.package-install Evidently that is not a long-term solution, though; see this post for a rather more involved fix. Stay tuned: we'll probably post a longer look at this issue in the near future.

It seems that the Fedora 12 LXDE spin does not behave quite as expected: "The problem is a crash in lxde-settings-daemon that triggers abrt, the automatic bug reporting tool. Because lxde-settings-daemon gets restarted by lxsession the bug reporting tool goes into an infinite loop, consumes all CPU power and makes the computer crash when the overlay image of the live OS is filled up." On the notion that this behavior is not desirable, the images have been removed for now. Those who have already downloaded a copy might want to wait for the update before attempting an install (or just install LXDE on top of a regular F12 system).; ..

CentOS has updated java-1.6.0-openjdk (C5: multiple vulnerabilities). Debian has updated libgd2 (multiple vulnerabilities). Fedora has updated proftpd (F10, F11: certificate spoofing) and wordpress (F10, F11, F12: multiple vulnerabilities). Gentoo has updated java (multiple vulnerabilities). Red Hat has updated cups (RHEL 5: multiple vulnerabilities). SUSE has updated openssl (man in the middle vulnerability).