These are the Talking Points for the Fedora 27 release. For information on how these talking points were chosen, see Talking Points SOP. They are intended to help Ambassadors quickly present an overview of highlighted features when talking about the release, and to help drive content for the release, etc.
The talking points are based in part on the Change Set for this release.
Overall Release Story
Since we skipped the Alpha release for this cycle we just push out the Beta. We had some delays to grant the best stability and operability for our users. The release date is 2017-10-03.
For this cycle, the server edition won't be shipped at the same time due to big changes happening inside the edition itself. This is due to the major change of building the server edition with modularity. For more informations, please read the Fedora Magazine article
Fedora-Wide Changes and Improvements
All changes are listed below, ones to highlight are listed first
Changes to talk about for regular users
LXQt Spin
A Fedora Spin providing the LXQt desktop environment.
Python Classroom Lab
A new Python Classroom Lab will be created in 3 variants: Workstation based, Docker based and Vagrant based. It's an important step for our Fedora Loves Python initiative. The main audience are Python teachers and workshop instructors.
Changes affecting security
Switch OpenLDAP from NSS to OpenSSL
Currently, OpenLDAP in Fedora is compiled with NSS (aka MozNSS) for cypto. OpenLDAP is going to be compiled with OpenSSL, instead.
Kerberos KCM credential cache by default
Default to a new Kerberos credential cache type called KCM which is better suited for containerized environments and provides a better user experience in the general case as well.
OpenSSL 1.1.0
Rebase of OpenSSL package to 1.1.0 version
OpenSSH Crypto Policy (Client)
OpenSSH client will follow system-wide crypto policies already followed by other cryptographic libraries and tools. It will allow to use different security levels defined system-wide.
Java/OpenJDK enforces the system-wide crypto policy
As it is now, the System-wide crypto policy in F25 is enforced by the OpenSSL, GnuTLS and NSS TLS libraries. To harmonize crypto across all applications in Fedora, including the Java ones, OpenJDK is enhanced to respect the settings of the system-wide crypto policy as well.
Replace Coolkey with OpenSC
There are more PKCS#11 libraries supporting the same smart cards in the system. For the next releases, we would like to promote OpenSC as a default PKCS#11 provided in place where Coolkey driver is used these days, which will
Changes to talk about for developers
GCC7
Switch GCC in Fedora 26 to 7.x.y, rebuild all packages with it, or optionally rebuild just some packages with it and rebuild all packages only in Fedora 27.
Parallel Installable Debuginfo
debuginfo packages can be installed in parallel to make it easier to trace, profile and observe what programs are doing or to debug when they have crashed. That way debugging, tracing or profiling programs can be done independent of whether they are 32bit, 64bit, a slightly newer or older version than currently installed or even from a different architecture.
pkgconf as system pkg-config implementation
This change switches Fedora's system-wide/default pkg-config implementation to pkgconf, a new implementation of pkg-config that provides better support for handling .pc files and a stable library ABI/API for integrating into applications.
Golang 1.8
Rebase of Golang package to upcoming version 1.8 in Fedora 26, including rebuild of all dependent packages.
Ruby 2.4
Ruby 2.4 is the latest stable version of Ruby. Many new features and improvements are included for the increasingly diverse and expanding demands for Ruby. With this major update from Ruby 2.3 in Fedora 24 to Ruby 2.4 in Fedora 26, Fedora becomes the superior Ruby development platform.
Debugging Information For Static Libraries
This change proposes to ship debugging information in static libraries.
Fedora 26 C/C++ Compilation Flags Updates
This change updates the default C/C++ compilation flags, as determined by the redhat-rpm-config package.
Python 3.6
The system Python 3 stack has been upgraded to Python 3.6.1, and includes a backport of Python 3.7's C locale coercion feature (where the ASCII-based C locale is replaced with C.UTF-8 at interpreter startup, which is expected to significantly reduce the occurrence of unwanted Unicode encoding and decoding errors).
All changes
Fedora 27 Accepted System Wide Changes Proposals
These changes have been accepted by the Fedora Engineering Steering Committee for the Fedora 27 Release as System Wide Changes.
32 bit UEFI Support
Some x86 systems ship with a 64 bit CPU, but 32 bit UEFI firmware. It is possible to use a 32 bit UEFI grub build to boot a 64 bit kernel and distribution on these systems. So far this setup has not been supported in Fedora. This feature is about adding support for installing and booting Fedora on this hardware.
Arbitrary Branching
Tooling changes to support the new way of branching for Fedora 27
Drop 256term.sh
Do not install /etc/profile.d/256term.sh and /etc/profile.d/256term.csh.
Enable TRIM pass down to encrypted disks
Override kernel default for dm-crypt mappings of LUKS1 encrypted volumes via flag put in /etc/crypttab file. This change should affect only newly created encrypted storage based on LUKS1 format during installation.
Fedora 27 Boost 1.64 upgrade
This change brings Boost 1.64.0 to Fedora 27. This will mean F27 ships with a recent upstream Boost release.
The GNU C Library version 2.26
Switch glibc in Fedora 27 to glibc version 2.26.
Host and Platform
Host and Platform is an evolution of the Base Runtime module concept introduced in Fedora 26 Boltron, splitting the minimal system further into independent modules allowing for greater flexibility when composing and maintaining the base system.
Kerberos KCM credential cache by default
Default to a new Kerberos credential cache type called KCM which is better suited for containerized environments and provides a better user experience in the general case as well.
Modular Server
The Modularity Working Group, Factory 2.0, Base Runtime, and Server Working Group would like to propose using the modular infrastructure for creating and delivering the Fedora Server Edition for Fedora 27. While we are still working through some of the kinks leading up to the release of Fedora 26, we believe that the changes to the infrastructure and technology implementations will be available with sufficient time to harden the components in time for the 27 release.
Modular Release
The build, release, distribution, and update changes associated with and required for the Changes/Modular_Server and Changes/Host_and_Platform Changes.
No More Alphas
Fedora will no longer produce Alpha releases.
- Status: 100% code completed
Node.js 8.x
Fedora 27 will be updated to Node.js 8.x, the latest LTS release of the platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications.
Parallel Installable Debuginfo
debuginfo packages can be installed in parallel to make it easier to trace, profile and observe what programs are doing or to debug when they have crashed. That way debugging, tracing or profiling programs can be done independent of whether they are 32bit, 64bit, a slightly newer or older version than currently installed or even from a different architecture.
RPM 4.14
Update RPM to the upcoming 4.14 release.
Ruby on Rails 5.1
Ruby on Rails 5.1 is the latest version of well known web framework written in Ruby.
Separate Subpackage and Source Debuginfo
Allow to install just the debuginfo for a subpackage and/or without the source files. The debuginfo packages are huge because they contain debuginfo and all sources for all subpackages. Being able to install only the debuginfo for the subpackage that is installed reduces the size that needs to be downloaded to analyze, trace, profile or debug a program or core file. Some tracing and profiling tools don't need the actual source files to provide stack traces or insert probes. So installing the debugsources should be optional.
Golang 1.9
Rebase of Golang package to upcoming version 1.9 in Fedora 27, including rebuild of all dependent packages(pre-release version of Go will be used for mass rebuild).
Switch libcurl back to OpenSSL
libcurl in Fedora currently uses the NSS (Network Security Services) library for TLS and cryptography. After implementing this change, libcurl will use OpenSSL instead of NSS.
perl Package to Install Core Modules
dnf install perl will install all core Perl modules that come with Perl upstream sources.
Perl 5.26
A new perl 5.26 version brings a lot of changes done over a year of development. Perl 5.26 was released 5/31/2017. See 5.26.0 perldelta for more details about preparing release.
Fedora 27 Accepted Self Contained Changes Proposals
These changes have been accepted by the Fedora Engineering Steering Committee for the Fedora 27 Release as Self Contained Changes.
Bodhi Non-RPM Artifacts
Bodhi, the Fedora Updates System, should be able to process more than just RPMs.
Chinese Serif Fonts
Fedora already provides default Chinese Sans fonts, now Fedora 27 will also provide default Chinese Serif fonts.
Decouple system java setting from java command setting
By default, Java applications installed from RPMs are run with JVM found on PATH. We propose to run them with default system JVM, not considering PATH. Users will still be able to override the default using JAVA_HOME environment variable as before.
Improved Bay- and Cherry-Trail device support
Improve support for hardware using Intel Bay Trail and Cherry Trail SoCs.
Java 9
Add a tech preview preview of the the upcoming version of Java (OpenJDK9) to Fedora 27
Making sudo pip Safe (Again)
At the present time, running sudo pip3 in Fedora is not safe. Pip shares its installation directory with dnf, can remove dnf-managed files and generally break the Python 3 interpreter. We propose a series of measures that will make it safe to use.
New default cipher in OpenVPN
Since the discovery of the SWEET32 flaw, ciphers using cipher-blocks smaller than 128-bits are considered vulnerable and should not be used any more. OpenVPN uses Blowfish (BF-128-CBC) as the default cipher, which is hit by the SWEET32 flaw. This proposal changes the default cipher to AES-256-GCM while in parallel allowing clients to connect using AES-256-CBC, AES-128-CBC or the deprecated BF-CBC,
OpenSSH Server Crypto Policy
OpenSSH clients follow the system-wide crypto policy since Fedora 26. This F27 change modifies the openssh server configuration to adhere to the system-wide policy. That will allow openssh server configuration to adapt to the multiple security levels offered system-wide.
Platform Python Stack
A revisit of the System Python change from Fedora 24. It has been renamed from System Python to Platform Python not to collide with upstream PEP 432.
Remove SSH-1 from OpenSSH clients
Upstream removes support for SSH-1 protocol and we plan to do the same in Fedora. The protocol is years obsolete and not even supported in current default binaries (only in openssh-clients-ssh1 subpackage).
Remove krb5-appl
Remove src:krb5-appl (produces packages krb5-appl-clients and krb5-appl-servers) from the distribution.
Replace Yumex-DNF with dnfdragora
Replace the current alternative graphical package manager.
Samba AD
Samba AD is an open source implementation of an Active Directory set of tools and protocols. It allows Windows clients to be enrolled and managed using native Windows tools. In addition, Samba AD can serve as a domain controller for Fedora workstations and servers utilizing DCERPC, LDAP and Kerberos.
aarch64 SBC (Single Board Computer) Disk Images
We will deliver the first supported SBC disk images for aarch64.
libpinyin 2.1
libpinyin 2.1 will merge libzhuyin code and replace the package
Zend Framework 3
Update Zend Framework to latest version 3.
Modular Compose
For Fedora 26, we would like to modify the compose tools (pungi) to produce an additional experimental variant, derived from modules built in the Module Build Service.
Module Build Service
We will deploy an instance of the Module Build Service to production in Fedora Infrastructure. Other teams will use this service to produce some "modular" content for the Fedora 26 release.
Blivet-GUI in Anaconda
Add blivet-gui as an alternative option for storage configuration in Anaconda Installer.
PHP 7.1
Update the PHP stack in Fedora to latest version 7.1.x
BIND version 9.11
BIND (Berkeley Internet Name Domain) version 9.11 is the latest stable major update of the widely used DNS server. Besides new features, some settings defaults have changed since the previous major version (9.10).
OpenSSH Crypto Policy (Client)
OpenSSH client will follow system-wide crypto policies already followed by other cryptographic libraries and tools. It will allow to use different security levels defined system-wide.
Fedora Atomic
- Consolidated Storage Setup based on OverlayFS - In Fedora Atomic 27 we now default to a more simple container storage setup. In Fedora 26 we switched to overlay as the default driver but we still had a separate volume to for this storage. While we do recommend the separate volume for production deployments we also want a more simple setup for the out-of-the-box experience. In Fedora 27 Atomic Host the default will be a large root filesystem, shared with the container storage (via overlayFS).
- Containerized Kubernetes by Default - Fedora Atomic 27 no longer includes Kubernetes, etcd, or flannel in the base OSTree. We offer containerized Kubernetes, flannel and etcd. This allows flexibility for users to choose different versions of Kubernetes, or to not use Kubernetes at all. If having kubernetes installed via RPM is a requirement, then package layering is still an option.
- Improvements in Package Layering - Latest rpm-ostree, now with support for base package overrides (removes and replaces). This builds on top of the previous features including support for direct rpm install, and experimental LiveFS layering, which allows layering without a reboot.
- System Containers in FLIBS - System Containers, a way of installing system infrastructure software via a container. Since Fedora 26 we have polished the System Container technology and now offer System Containers for Docker, Kuberetes, Flannel, and etcd. These are all available in the Fedora Layered Image Build Service.
- atomic 1.19.1 - An updated to Atomic CLI version 1.19.1, with enhancements/bugfixes to system container support.
- Cockpit XXX - Latest version of Cockpit, including support for Cockpit Dashboard installation on Atomic Host via rpm package layering.
Fedora Server
- FreeIPA 4.5
- Support for short names for AD users
- FIPS 140-2 support
- Client certificate identity mapping
- Better integration with external DNS servers
- Fully-customizable certificate authority name
- Cockpit
- Latest version of Cockpit administration console
- Show "Locked/Unlocked" indicator for privilege escalation in the top bar
- Support for configuring kdump kernel crash dumping
- Cockpit can roll back network configuration that would otherwise disconnect an admin from the system
- Cockpit is now fully translatable, languages with the best Zanata coverage are Polish, Ukranian, Chinese, and Spanish
- Cockpit now honors system-defined SSH host keys
- Cockpit will now generate default certificates with a private CA certificate that can be safely shared
- Kerberos authentication works even if gss-proxy is in use
- Improved support for running Cockpit behind a proxy
Fedora Workstation
- Improved Settings - Both the Display and Network areas have been updated to make it simpler to configure these settings, and the overall Settings panel now has a tabbed appearance to make it easier to find the settings you need.
- Builder - features a lot a improvements including to the debugger, the overall design, symbol search and word completion, and inline documentation.
- System search - Has a new layout that shows more results at once -- and even includes system actions.
- System tray removal - the antiquated system tray has been removed to reduce visual clutter and confusion. The Topicons extension is available for use with any applications that have not yet updated to make use of modern GNOME 3 standards.
- Applications
- LibreOffice 5.4 - TODO: NEEDS NEWER INFO HERE
- Fedora Media Writer - the new version allows you to create bootable SD cards with Fedora for ARM devices such as Raspberry Pi. Support for Windows 7 and screenshot handling have been improved. The utility also notifies you when a new release of Fedora is available. -- TODO: NEEDS NEWER INFO HERE
Fedora ARM
Spins
KDE Plasma Desktop
The software released by the KDE community - Frameworks, Plasma, KDE Applications, and all the other applications with independent release schedule - was updated bringing fixes and improvements. For more information, please check:
- the announcements page on KDE website, with the releases for Frameworks, Plasma and KDE Applications;
- the archives of the kde-announce-apps mailing list, where the releases of applications with independent release schedule are announced.
Few other highlights:
- More Qt5/Frameworks 5 applications: Konqueror, Okular, Calligra and Kexi are now Frameworks-based
- Updated QtWebEngine: up to version 5.9.x
Xfce
LXQt
- LXQt version 0.11.x where x is not common for all components as there were bugfix releases for some of them.
- Qt5 only packages: with similar theming for gtk apps (breeze theme).
- Essential apps: Include only essential apps by default to improve user experience after installation (avoiding to clean up useless stuffs), reducing the size of the image and reducing the footprint on disk
- dnfdragora for graphical package management: This is a shining new feature, because dnfdragora will hit F27, but for LXQt Spin, there will not be yumex-dnf.
- Openbox window manager but with possibility to switch to Kwin for nice graphical effects.
Mate-Compiz
Cinnamon
- Cinnamon Desktop: Version 3.4
- Theme: A new default theme, arc-dark.
- Slick-Greeter: Slick-Greeter is now used as the LightDM login greeter, providing HiDPI support and better visual integration with Cinnamon.
- dnfdragora: dnfdragora is now used instead of yumex-dnf for graphical package management.
- Blueberry: Blueberry is now the bluetooth widget.
- MP3 support: MP3 playback support for gstreamer applications is now included.
Labs
Design Suite
- Blender: Updated to 2.79 with automatic support of high resolution display
- Entangle: Updated to 0.79 with more DSLR cameras support
- Gimp: included wavelet decompose add-on
- Gnome Books:A e-books manager application for GNOME
- Gnome ToDo: Personal task manager for GNOME
- Gpick: updated to 0.2.6rc1 with enabled GTK3 support. Sampling currently works on Gnome on X session
- Hugin: updated to 2017.0.0
- Inkscape: Updated to version 0.92.2. SVG format now complies to W3C standard meaning saved files handles 96dpi.
Upgrading to the Latest Release
To learn how to upgrade to the latest release from a recent Fedora release using DNF, see here.