Weekly Roundup 2018 – Week 2

The year is definitely under way, with an astonishing 412 packages coming through commits – mostly for cauldron, but a few are the last remaining updates for Mageia 5, as well as important security updates for Mageia 6.

Among those updates are all the kernel and microcode updates – our thanks to tmb and our untiring devs for these – to begin hitting Meltdown and Spectre on the head.

A big hand for the upstream kernel team, as well as our own packagers, QA testers and everyone else that was involved in getting this tested and released.

The best place to check these updates out fully is the Mageia Advisories page:

Screenshot of Mageia Advisories page

The Mageia Advisories page is full of information! Clicking on the Advisory number (second column) will take you to the full advisory; so, clicking on MGASA-2018-0076, the advisory for the most recent kernel updates to Mageia 6, takes you to an explanation of what is covered in the fix, plus references for further reading.

Screenshot of Advisory MGASA 2018-0076

If you’re more interested in the original security announcement, the list of CVEs in the right-hand column is also filled with links; clicking on any one of those links will take you to the information for that CVE. If, like CVE 2017-5715, it covers a number of fixes in Mageia, you will arrive at an interim page where all the updates covering that advisory are aggregated, looking like this:

Screenshot of Advisories aggregation

On the aggregated page, clicking on the part of the heading containing the advisory number

Screenshot of advisories heading

will take you to the CVE announcement.

You can keep up with all the other goings-on in Mageia on IRC or the Forums, as well as all the mailing lists – they’re all very active and welcoming places, so please join in!

Weekly Roundup 2018 – Week 1

In the spirit of a new year, Mageians have been very busy.

Meltdown and Spectre mitigation

meltdown and spectre logos

If you’ve been anywhere near a news channel in the last few days, you’ll have heard of these two CPU flaws – there’s an overview at arstechnica for those who haven’t seen it yet. It’s important to note that not only Intel CPUs are vulnerable!

Mageia kernel updates to mitigate these two flaws are already being worked on. Mageia 6 kernel updates released in the last 24 hours don’t as yet solve all the problems, but kernel-4.14.12-2.mga6 is in updates/testing (as is the .mga7 kernel for Cauldron). Expect updates very shortly. Our thanks to our tireless kernel devs and our ever busy QA team!

Mageia 5 is at end of life, people – to avoid issues with Meltdown and Spectre, it’s time to update to Mageia 6. Before you begin, please read “Upgrading from Mageia 5” and the associated links. That said, we have decided to apply specific updates to the kernel and to Firefox, just to deal with the Spectre and Meltdown vulnerabilities. Subsequent updates of the kernel to minimise the performance impact of the security updates will not be applied in Mageia 5, similar for other security fixes. So you have a little time to prepare to upgrade, but do get on it!

While all that has been going on, there has been a constant stream of updates into Cauldron, updates for Mageia 6 and the last few for Mageia 5, and plenty of packages going into testing. Check out the usual suspects: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla.

Have a great week!

Discussing the future of Cantor

Hello devs! Happy new year!

It is common to use the new year date to start new projects or give new directions for old ones. The last one is the case for Cantor.

Since when I got the maintainer status for Cantor, I was working to improve the community around the software. Because the great plugins systems of Qt, it is easy to write new backends for Cantor, and in fact in last years Cantor reached the number of 11 backends.

If in a hand it is a nice thing because Cantor can run different mathematical engines, in other hand it is very common developers create backends, release them with Cantor upstream, and forget this piece of software after some months. The consequence of this is a lot of unsolved bugs in Bugzilla, unexpected behaviours of some backends, and more.

For instance, R backend is broken from some years right now (thanks Rishabh it was fixed during his GSoC/KDE Edu Sprint 2017 but not released yet). Sage backend breaks for each new release of Sage.

Different backends use different technologies. Scilab and Octave backends use QProcess + Standard Streams; Python 2 uses Python/C API; Python 3, R, and Julia use D-Bus.

In addition to these, remember each programming language used as mathematical engine for Cantor has their respective release schedule and it is very common new versions break the way as backends are implemented.

So, yes, the mainternhip of Cantor is a hell.

In order to remedy it I invited developers to be co-maintainer of these respective backends, but it does not have the effect I was suposed to. I implemented a way to present the versions of programming languages supported in the backend but it does not work well too.

So, my main work in Cantor during these years was try to solve bugs of backends I don’t use and, sometimes, I don’t know how they work, while new features were impossible to be planned and implemented.

If we give a look to Jupyter, the main software for notebook-based mathematical computation, it is possible to see this software supports several programming languages. But, in fact, this support is provide by the community – Jupyter focus effort in Python support only (named the ipython kernel) and in new features for Jupyter itself.

So, I would like to hear the KDE and Cantor community about the future of Cantor. My proposal is split the code of the others backends and put them as third-party plugins, maintained by their respective community. Only the Python 3 backend would be “officially” maintaned and delivered in KDE Applications bundle.

This way I could focus in provide new features and I could to say “well, this bug with X backend must be reported to the X backend community because they are accountable for this piece of software”.

So, what do you think about?

Weekly roundup 2017, Week 52

From the last hours of 2017: Happy 2018!

Warm good wishes for a happy, successful and peaceful New Year to all Mageians everywhere.

This last week of 2017, there have been loads of updates – check out the usual links to see where we’re at: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla.

Although Mageia 5 is scheduled to reach the end of support on the last day of 2017, due to an unexpected surge in last minute updates being submitted for testing by the qa team, it may be several days into the new year before updates for Mageia 5 stop becoming available.

I don’t believe any of the devs or QA folk have taken any time off since the last roundup, there has been such a lot coming through! Our heartfelt thanks to them, who keep our distro such a magical thing.

What a year 2017 has been!

In January, as well as working up to the second stabilisation snapshot of Mageia 6, we were preparing for FOSDEM, where ennael and stormi presented the talk Mageia, successes and lessons learned 6 years after forking. If you weren’t lucky enough to be in Brussels to meet up with other Mageians and hear the talk, you can still pick it up from the FOSDEM archive; the video is here.

February saw the first of these Weekly Roundup posts, so that we could all see a snapshot of what’s happening behind the scenes. Our Atelier leader schultz has been tireless all through the year in bringing these to us; I hope to live up to the standards he’s set! We also saw the FOSDEM report, with a brilliant couple of meetings; and we took stock of the progress on the way to Mageia 6, which by that time was very late!

March saw us make a donation to Framasoft, where our pads are hosted – we’re thankful for their service several times a month, so it was time to reciprocate. We attended Chemnitzer Linuxtag and were preparing to attend JDLL – see the March blog posts to read the reports. And the RC ISOs for Mageia 6 were in testing…

April was a bit mixed – we shut down a couple of servers and the web services were offline for a bit, but the Classical ISOs for Mageia 6 were almost ready! We did get all our servers upgraded to Mageia 5, and that made everything more secure for everyone.

May: the Mageia 6 RC is released! Oh my, the work that was behind that tiny sentence. In June, we went into release freeze, and at the end of the month the message went out: “Nobody touch anything!”

And in mid-July, it finally happened: Mageia 6 was released. What a huge work that was – so many packages with enormous version upgrades, so much work from the developers and testers to get it all to play nice. And, isn’t it lovely? great new artwork and lots of new packages to play with. Then, in August, we went a little bit quiet, because everyone needed a rest!

From September until now, the developers, testers and QA folks have been working on two fronts; sorting out any issues with Mageia 6 packages, and setting the frameworks for Mageia 7. Documenters and translators have been busy, especially with updating the wiki – check it out!

We’re approaching the time where Mageia 5 will come to the end of its life, and looking forward to the new release – just like with the calendar, where we’re looking back over the past year even as we embark on the new year.

Happy Mageia New Year!

Weekly roundup 2017 – Week 51

So, it’s Week 51, so of course it’s the festive holiday season! We wish all Mageians everywhere the very best of all things for the holidays, whichever way you celebrate them.

We’ll get to the new year in next week’s roundup!

In the last week, the developers and the Q&A folks have been sending through a steady stream of updates. Wow, they’ve worked hard. As always, you can check Mageia Advisories  and the Mageia AppDB  to get a notion of what they’ve been up to; and PkgSubmit  to see the last 48 hours.

Another interesting way to keep track of what’s happening is Bugzilla. On the Home page you’ll find some links at the bottom left, so you can look at recent bugs and changes – the last day or the last 7 days:

There are also RSS feeds, if you like that kind of thing.

One thing that’s still happening is that distrib-coffee is still out of service; the festive season might have something to do with that. Check out the Infrastructure bug here.

Again, warm good wishes from all at Mageia to all Mageians, all over the world.

Weekly roundup 2017 – Week 50

2 weeks left until 2018… but who’s counting?

Some important news

In case you haven’t seen this announcement elsewhere – Tier 1 mirror distrib-ccoffee.ipsl.jussieu.fr is down, due to hardware breakage, and will be available again next week at the earliest. To avoid long breakages for our end-users, we request that mirrors that have been mirroring from distrib-coffee switch to another Tier 1.

Currently that is:
rsync://mageia.c3sl.ufpr.br/mageia/ located in Curitiba (Brasil)
rsync://mirrors.kernel.org/mirrors/mageia/ located in USA and Europe
rsync://ftp.acc.umu.se/mirror/mageia/ located in Umea (Sweden)
rsync://mirror.math.princeton.edu/pub/mageia/ located in Princeton (USA)
rsync://distro.ibiblio.org/mageia/ located in Durham (USA)

Also, if you have selected distrib-coffee as the mirror for your updates, you’ll need to move to another for the duration. A good place to check mirror status is https://mirrors.mageia.org/status, and if you’re not sure how to configure the mirror you use, check this wiki page https://wiki.mageia.org/en/Software_management#Choosing_a_specific_media_source.

Security updates:

openssl Mga5, Mga6
rsync Mga5, Mga6
lynx Mga5, Mga6
evince Mga5, Mga6
deluge Mga5

As always, check https://advisories.mageia.org/ for CVEs and package details.

Cauldron updates have been roaring through as usual! Too many to list here, but check out http://pkgsubmit.mageia.org/ for what’s been happening in the last 48 hours.

Onward and upward!

KDE Edu Sprint 2017

Two months ago I attended to KDE Edu Sprint 2017 at Berlin. It was my first KDE sprint (really, I send code to KDE software since 2010 and never went to a sprint!) so I was really excited for the event.

KDE Edu is the an umbrella for specific educational software of KDE. There are a lot of them and it is the main educational software suite in free software world. Despite it, KDE Edu has received little attention in organization side, for instance the previous KDE Edu sprint occurred several years ago, our website has some problems, and more.

Therefore, this sprint was an opportunity not only for developers work in software development, but for works in organization side as well.

In organization work side, we discuss about the rebranding of some software more related to university work than for “education” itself, like Cantor and Labplot. There was a wish to create something like a KDE Research/Science in order to put software like them and others like Kile and KBibTex in a same umbrella. There is a discussion about this theme.

Other topic in this point was the discussions about a new website, more oriented to teach how to use KDE software in educational context than present a set of software. In fact, I think we need to do it and strengthen the “KDE Edu brand” in order to have a specific icon+link in KDE products page.

Follow, the developers in the sprint agreed with the multi operating system policy for KDE Edu. KDE software can be built and distributed to users of several OS, not only Linux. During the sprint some developers worked to bring installers for Windows, Mac OS, porting applications to Android, and creating independent installers for Linux distributions using flatpak.

Besides the discussions in this point, I worked to bring a rule to send e-mail to KDE Edu mailing list for each new Differential Revisions of KDE Edu software in Phabricator. Sorry devs, our mailboxes are full of e-mails because me.

Now in development work side, my focus was work hard on Cantor. First, I made some task triage in our workboard, closing, opening, and putting more information in some tasks. Secondly, I reviewed some works made by Rishabh Gupta, my student during GSoC 2017. He ported the Lua and R backend to QProcess and it will be available soon.

After it I worked to port Python 3 backend to Python/C API. This work is in progress and I expect to finish it to release in 18.04.

Of course, besides this amount of work we have fun with some beers and German food (and some American food and Chinese food and Arab food and Italian food as well)! I was happy because my 31 years birthday was in the first day of the sprint, so thank you KDE for coming to my birthday party full of code and good beers and pork dishes. 🙂

To finish, it is always a pleasure to meet the gearheads like my Spanish friends Albert and Aleix, the only other Mageia user I found personally in my life Timothée, my GSoC student Rishabh, my irmão brasileiro Sandro, and the new friends Sanjiban and David.

Thank you KDE e.V for provide resources to the sprint and thank you Endocode for hosting the sprint.

Weekly Roundup 2017 – Week 49

Week 49; three weeks left in 2017, and lots of things happening!

A hearty shout-out to our Translation team; advisory emails come through every day about translation updates to our many languages – on the wiki, on the blog and in the packages. Our thanks to all these wonderful hard-working folks!

Although the developers haven’t repeated their meeting marathon of last week – three hours! – they’re still working on getting everything lined up for Mageia 7. Between them and the QA team, the list of updates in the last week has been very impressive; 59 updates into Cauldron just this morning. As always, check the AppDB for a full list by version. Some interesting updates in the past week – as always, check Mageia Advisories for package details and CVEs.

Security:

firefox, firefox-l10n – Mga5, Mga66
optipng – Mga5, Mga6
ffmpeg – Mga6
wireshark – Mga6
tor – Mga5, Mga6
libxcursor – Mga5, Mga6
libxfont, libxfont2 – Mga5, Mga6

Bugfix (all for Mga6):

festival
etl, synfig, synfigstudio
grub2

In the flood of updates coming through for Cauldron – over 270 in the last 7 days – there has been a variety of Perl and Python packages, plus lots of kernel-related stuff; gcc and its packages are now at 7.2.2; a bunch of video driver libraries… way too many to list here.

A huge thank you to our devs and QA folk!

Weekly roundup 2017 – Week 48

There’s lots of work still going on behind the scenes – wide-awake folks have noticed that Kernel 4.14.3 has made its way into Cauldron, along with loads of other goodies; the commits mailing list has been very active!

The devteam folks had a huge long meeting during the week to begin nailing down plans and features for Mageia 7; check out the meeting logs. Lots of stuff will continue to be discussed and refined for a while yet, but the process is well begun.

Here’s a selection of the additions and updates to Cauldron during the week:

enlightenment-0.22.1-2.mga7
firefox-57.0.1-1.mga7
firefox-beta-58.0-0.b7.1.mga7
get_iplayer-3.07-1.mga7
kernel-4.14.3-1.mga7
pulseaudio-11.1-1.mga7
virtualbox-5.2.2-2.mga7

There are also several perl and php packages – check out the full list. It’s also good to know what the QA team has in the pipeline – check it out on the AppDB. You’ll see updates being tested, updates ready to be pushed, and then there’s the backports.

Security and bugfix advisories are always available online; check out the Advisories site for CVEs on the security updates, as well as info on the bugfix updates. Here’s the list for the past week.

drakxtools (bugfix) – Mga 6
gnucash (bugfix) – Mga 6
nvidia-current, ldetect-lst (bugfix) – Mga 5, 6
php-ssh2 (bugfix) – Mga 5, 6
xdg-utils (bugfix) – Mga 6
apr-util (security) – Mga 5, 6
bchunk (security) – Mga 5, 6
botan (security) – Mga 5, 6
chromium-browser-stable (security) – Mga 6
ghostscript (security) – Mga 5, 6
krb5 (security) – Mga 5, 6
libtiff (security) – Mga 5, 6
mediawiki (security) – Mga 6
postgresql9.3, postgresql9.4, postgresql9.6 (security) – Mga 5, 6
sssd (security) – Mga 6
thunderbird, thunderbird-l10n (security) – Mga 5, 6
vlc (security) – Mga 5
webkit2 (security) – Mga 6

Onward and upward…

Weekly Roundup 2017 – Week 47

Schultz is flat out this week, so apologies if the content of this roundup is a little sparse. I’ll do better in future!

Behind the scenes in Mageia land:

Packagers and QA are seriously busy people – so busy that they haven’t recorded an actual meeting for many months, but they’re likely to have one this week while they polish up the specs for Mageia 7. Look for updates in coming roundups. Meanwhile, much work is going on testing and validating Kernel 4.14; if that works out well enough, and the problems with the update process from Mageia 5 to Mageia 6 are ironed out, there’s a possibility we might have a Mageia 6.1 release. No promises! but watch this space.

While all that’s happening, the updates and additions are coming on in great big chunks:

* LibreOffice 5.4.3.2
* thunderbird 52.5.0 (cauldron + mga5 & mga6 testing) ,
* kernel 4.14.2 (cauldron + mga6 testing),
* virtualbox 5.2.2 (cauldron + mga6 testing),
* cinnamon 3.6.6 (cauldron),
* ocaml 4.06.0 (cauldron + update/rebuild of all ocaml stack),
* alsa 1.1.5 (cauldron),
* supertuxkart 0.9.3 (cauldron + mga6 testing),
* boost 1.65.1

…and tons of rebuilds of dependent packages (cauldron), and many, many more.

Oh, and something else nice in Cauldron: PulseEffects, which adds a nice graphic equalizer and filters and so on to PulseAudio. Still working on getting it to play nice with Plasma, but the Magicians are dealing with it.

Don’t forget that you can check out the Mageia AppDB (https://madb.mageia.org/) at any time to see what’s being updated across all Mageia versions; you’ll see that there were lots of updates this week. Also, if you want to keep track of security updates in between roundups – particularly to check out the CVE advisories – take a look at https://advisories.mageia.org/, where you can select the Mageia version and type of update. Click on the advisory number to check out what the fix was all about.

And thank the QA team and the packagers!

See you next week!