Fedora 12 was released on November 17 with the usual pile of new packages and features. By the sounds, it is a solid, well-received release. But one feature—unpublicized, undocumented, and turned on by default—has a number of Fedora users up in arms, leading to a huge thread on fedora-devel, in the bugzilla entry, and here at LWN. Subscribers can click below for a look at this issue from next week's edition.

Sam Ravnborg, long-time maintainer of the kernel build (kbuild) subsystem, has announced his intention to step down from that role. "I have done this solely on a hobbyist basis and family (3 kids etc) + job require me so the kbuild maintainer job was becoming a duty and not that fun suddenly." It's not clear who the replacement will be. Thanks are due to Sam, who has left the state of kernel building far better than he found it.

MySQL Community Server 5.0.88 has been released. This release includes a security fix along with other bug fixes. "Security Fix: MySQL clients linked against OpenSSL did not check server certificates presented by a server linked against yaSSL."

Fedora project leader Paul Frields has announced that the PackageKit policy that allowed non-root users to install packages will be changed. "After more discussion and thought, though, the package maintainers have posted to the fedora-devel-list mailing list agreeing to provide an update to Fedora 12's PackageKit. The update will require local console users to enter the root password to install new software packages." The message from Owen Taylor gives a good overview of the issue.

Linus has released 2.6.32-rc8. "The way things are going, this will likely be the last -rc. I wish we had more people looking at the regression list, but at some point I'm just going to have to say 'ok, enough is enough'." Details may be found in the full changelog.

Google has posted some information about Chromium OS, along with the current source. "First, it's all about the web. All apps are web apps. The entire experience takes place within the browser and there are no conventional desktop applications. This means users do not have to deal with installing, managing and updating programs." See the Chromium OS page for more information.

Scott Dowdle interviews Red Hat's Andy Cathrow and Jim Brennan about the company's latest Enterprise Virtualization technology. "ML: In the year between the merger with Qumranet and the release of RHEV for Servers, what were the primary changes made to the product? AC: We made many, significant changes. A quick, but not complete list includes: * SAN support - including iSCSI and Fiber channel (previously NFS only) * Multipath I/O * NIC bonding (host) * Multiple nics (guest) * VLANs * High availability * System scheduler (distribution policies, scheduling VMS) * Power Saver * Support for large hosts 96 cores, 1TB RAM * Support for large guests 16 cores, 256GB RAM * Support for managing hosts - including configuration files and software updates".

eWeek reports on Tim O'Reilly's prediction of a shift towards openness at Microsoft. "At the Web 2.0 Expo, Tim O'Reilly predicts that Microsoft will emerge as a leading proponent of the open Web, despite the company's tradition of fostering its own proprietary operating systems and development languages. O'Reilly says Microsoft's recent deals to index Twitter tweets and use Wolfram Alpha's APIs for computational data show a shift in its willingness to work with other Web companies. Moreover, the Windows Azure cloud computing operating system is designed to work with open-source technology."

SUSE has updated java (multiple vulnerabilities). Ubuntu has updated apache2 (multiple vulnerabilities).

The Cooperative Bug Isolation project has been made available for Fedora 12. "CBI is an ongoing research effort to find and fix bugs in the real world. We distribute specially modified versions of popular open source software packages. These special versions monitor their own behavior while they run, and report back how they work (or how they fail to work) in the hands of real users like you. Even if you've never written a line of code in your life, you can help make things better for everyone simply by using our special bug-hunting packages. We currently offer instrumented versions of Evolution, The GIMP, GNOME Panel, Gnumeric, Nautilus, Pidgin, Rhythmbox, and SPIM."

The LWN.net Weekly Edition for November 19, 2009 is available.

Fedora bug #534047 contains an interesting Fedora 12 surprise: "PackageKit allows you to install signed content from signed repositories without a password by default. It only asks you to authenticate if anything is unsigned or the signatures are wrong." So any user can install any package found in the official repository. Some Fedora developers, at least, seem to see this as a feature; see this rapidly-growing thread for the discussion. The bug report contains the incantation needed to disable this behavior: pklalockdown --lockdown org.freedesktop.packagekit.package-install Evidently that is not a long-term solution, though; see this post for a rather more involved fix. Stay tuned: we'll probably post a longer look at this issue in the near future.

It seems that the Fedora 12 LXDE spin does not behave quite as expected: "The problem is a crash in lxde-settings-daemon that triggers abrt, the automatic bug reporting tool. Because lxde-settings-daemon gets restarted by lxsession the bug reporting tool goes into an infinite loop, consumes all CPU power and makes the computer crash when the overlay image of the live OS is filled up." On the notion that this behavior is not desirable, the images have been removed for now. Those who have already downloaded a copy might want to wait for the update before attempting an install (or just install LXDE on top of a regular F12 system).; ..

CentOS has updated java-1.6.0-openjdk (C5: multiple vulnerabilities). Debian has updated libgd2 (multiple vulnerabilities). Fedora has updated proftpd (F10, F11: certificate spoofing) and wordpress (F10, F11, F12: multiple vulnerabilities). Gentoo has updated java (multiple vulnerabilities). Red Hat has updated cups (RHEL 5: multiple vulnerabilities). SUSE has updated openssl (man in the middle vulnerability).

Google unveiled an experimental open source project in early November aimed at reducing web site load times. SPDY, as it is called, is a modification to HTTP designed to target specific, real-world latency issues without altering GET, POST, or any other request semantics, and without requiring changes to page content or network infrastructure. Subscribers can click below for a look at SPDY from this week's edition.

The Open Web Foundation has announced the availability of the Open Web Foundation Agreement. This agreement is meant to cover web-related specifications, ensuring that developers can implement those specifications with minimal fear of copyright or patent suits. "This reusable agreement is designed to be easily adopted by a wide range of specification communities and organizations as an alternative to the challenging -- and costly -- process of negotiating new licensing agreements every time. Specifications made available under the Open Web Foundation Agreement may include everything from small ad-hoc formats sketched out among friends to large multi-corporation collaborations that ultimately grow into international recognized standards with the help of formal standards setting organizations."

PCWorld looks at Google's success with Linux. "Google's migration into the operating system business has been so gradual that many industry watchers have shrugged it off. When the company announced its Android OS for phones, it looked interesting. There was nothing new about the idea of using Linux on a handset, and (apart from Google's involvement) little reason to expect it would carve out substantial market share in the competitive smartphone arena. But, with about 20 distinct Android handsets in the hands of more than three million users worldwide--and about 30 more devices expected to roll out in 2010--Google's mobile OS is now looking like a force to be reckoned with."

Debian has updated apache (multiple vulnerabilities), gnutls (several vulnerabilities). Mandriva has updated pango (denial of service). Red Hat has updated kernel (RHEL5.3, RHEL4.7: several vulnerabilities). Slackware has updated openssl (man-in-the-middle/SSL injection).

The openSUSE board meetings will now be open to the public. The meetings will be held in IRC on a moderated meeting channel; questions will be allowed at the end of meeting. "The openSUSE Board has decided to open up its bi-weekly IRC meeting to the public. The meeting will be held in the #opensuse-project channel on freenode.net. The openSUSE Board will meet after each openSUSE Project meeting, every other Wednesday, to discuss topics concerning the project. This includes governance issues, strategy for the project, and membership requests."

Fedora 12 is out. See the announcement (click below) for an impressively long list of new features, the feature list for even more information, or the one-page release notes for the executive summary.