From Fedora Project Wiki

Revision as of 22:44, 29 September 2017 by Mailga (talk | contribs)

This is a draft!


These are the Talking Points for the Fedora 27 release. For information on how these talking points were chosen, see Talking Points SOP. They are intended to help Ambassadors quickly present an overview of highlighted features when talking about the release, and to help drive content for the release, etc.

The talking points are based in part on the Change Set for this release.


Overall Release Story

Since we skipped the Alpha release for this cycle we just push out the Beta. We had some delays to grant the best stability and operability for our users. The release date is 2017-10-03.

For this cycle, the server edition won't be shipped at the same time due to big changes happening inside the edition itself. This is due to the major change of building the server edition with modularity. For more informations, please read the Fedora Magazine article

Fedora-Wide Changes and Improvements

All changes are listed below, ones to highlight are listed first

Changes to talk about for regular users

LXQt Spin

A Fedora Spin providing the LXQt desktop environment.

Python Classroom Lab

A new Python Classroom Lab will be created in 3 variants: Workstation based, Docker based and Vagrant based. It's an important step for our Fedora Loves Python initiative. The main audience are Python teachers and workshop instructors.

Changes affecting security

Switch OpenLDAP from NSS to OpenSSL

Currently, OpenLDAP in Fedora is compiled with NSS (aka MozNSS) for cypto. OpenLDAP is going to be compiled with OpenSSL, instead.

Kerberos KCM credential cache by default

Default to a new Kerberos credential cache type called KCM which is better suited for containerized environments and provides a better user experience in the general case as well.

OpenSSL 1.1.0

Rebase of OpenSSL package to 1.1.0 version

OpenSSH Crypto Policy (Client)

OpenSSH client will follow system-wide crypto policies already followed by other cryptographic libraries and tools. It will allow to use different security levels defined system-wide.

Java/OpenJDK enforces the system-wide crypto policy

As it is now, the System-wide crypto policy in F25 is enforced by the OpenSSL, GnuTLS and NSS TLS libraries. To harmonize crypto across all applications in Fedora, including the Java ones, OpenJDK is enhanced to respect the settings of the system-wide crypto policy as well.

Replace Coolkey with OpenSC

There are more PKCS#11 libraries supporting the same smart cards in the system. For the next releases, we would like to promote OpenSC as a default PKCS#11 provided in place where Coolkey driver is used these days, which will

Changes to talk about for developers

GCC7

Switch GCC in Fedora 26 to 7.x.y, rebuild all packages with it, or optionally rebuild just some packages with it and rebuild all packages only in Fedora 27.

Parallel Installable Debuginfo

debuginfo packages can be installed in parallel to make it easier to trace, profile and observe what programs are doing or to debug when they have crashed. That way debugging, tracing or profiling programs can be done independent of whether they are 32bit, 64bit, a slightly newer or older version than currently installed or even from a different architecture.

pkgconf as system pkg-config implementation

This change switches Fedora's system-wide/default pkg-config implementation to pkgconf, a new implementation of pkg-config that provides better support for handling .pc files and a stable library ABI/API for integrating into applications.

Golang 1.8

Rebase of Golang package to upcoming version 1.8 in Fedora 26, including rebuild of all dependent packages.

Ruby 2.4

Ruby 2.4 is the latest stable version of Ruby. Many new features and improvements are included for the increasingly diverse and expanding demands for Ruby. With this major update from Ruby 2.3 in Fedora 24 to Ruby 2.4 in Fedora 26, Fedora becomes the superior Ruby development platform.

Debugging Information For Static Libraries

This change proposes to ship debugging information in static libraries.

Fedora 26 C/C++ Compilation Flags Updates

This change updates the default C/C++ compilation flags, as determined by the redhat-rpm-config package.

Python 3.6

The system Python 3 stack has been upgraded to Python 3.6.1, and includes a backport of Python 3.7's C locale coercion feature (where the ASCII-based C locale is replaced with C.UTF-8 at interpreter startup, which is expected to significantly reduce the occurrence of unwanted Unicode encoding and decoding errors).

All changes

Fedora 27 Accepted System Wide Changes Proposals

These changes have been accepted by the Fedora Engineering Steering Committee for the Fedora 27 Release as System Wide Changes.

32 bit UEFI Support

Some x86 systems ship with a 64 bit CPU, but 32 bit UEFI firmware. It is possible to use a 32 bit UEFI grub build to boot a 64 bit kernel and distribution on these systems. So far this setup has not been supported in Fedora. This feature is about adding support for installing and booting Fedora on this hardware.

Arbitrary Branching

Tooling changes to support the new way of branching for Fedora 27

Drop 256term.sh

Do not install /etc/profile.d/256term.sh and /etc/profile.d/256term.csh.

Enable TRIM pass down to encrypted disks

Override kernel default for dm-crypt mappings of LUKS1 encrypted volumes via flag put in /etc/crypttab file. This change should affect only newly created encrypted storage based on LUKS1 format during installation.

Fedora 27 Boost 1.64 upgrade

This change brings Boost 1.64.0 to Fedora 27. This will mean F27 ships with a recent upstream Boost release.

The GNU C Library version 2.26

Switch glibc in Fedora 27 to glibc version 2.26.

Host and Platform

Host and Platform is an evolution of the Base Runtime module concept introduced in Fedora 26 Boltron, splitting the minimal system further into independent modules allowing for greater flexibility when composing and maintaining the base system.

Kerberos KCM credential cache by default

Default to a new Kerberos credential cache type called KCM which is better suited for containerized environments and provides a better user experience in the general case as well.

Modular Server

The Modularity Working Group, Factory 2.0, Base Runtime, and Server Working Group would like to propose using the modular infrastructure for creating and delivering the Fedora Server Edition for Fedora 27. While we are still working through some of the kinks leading up to the release of Fedora 26, we believe that the changes to the infrastructure and technology implementations will be available with sufficient time to harden the components in time for the 27 release.

Modular Release

The build, release, distribution, and update changes associated with and required for the Changes/Modular_Server and Changes/Host_and_Platform Changes.

No More Alphas

Fedora will no longer produce Alpha releases.

  • Status: 100% code completed

Node.js 8.x

Fedora 27 will be updated to Node.js 8.x, the latest LTS release of the platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications.

Parallel Installable Debuginfo

debuginfo packages can be installed in parallel to make it easier to trace, profile and observe what programs are doing or to debug when they have crashed. That way debugging, tracing or profiling programs can be done independent of whether they are 32bit, 64bit, a slightly newer or older version than currently installed or even from a different architecture.

RPM 4.14

Update RPM to the upcoming 4.14 release.

Ruby on Rails 5.1

Ruby on Rails 5.1 is the latest version of well known web framework written in Ruby.

Separate Subpackage and Source Debuginfo

Allow to install just the debuginfo for a subpackage and/or without the source files. The debuginfo packages are huge because they contain debuginfo and all sources for all subpackages. Being able to install only the debuginfo for the subpackage that is installed reduces the size that needs to be downloaded to analyze, trace, profile or debug a program or core file. Some tracing and profiling tools don't need the actual source files to provide stack traces or insert probes. So installing the debugsources should be optional.

Golang 1.9

Rebase of Golang package to upcoming version 1.9 in Fedora 27, including rebuild of all dependent packages(pre-release version of Go will be used for mass rebuild).

Switch libcurl back to OpenSSL

libcurl in Fedora currently uses the NSS (Network Security Services) library for TLS and cryptography. After implementing this change, libcurl will use OpenSSL instead of NSS.

perl Package to Install Core Modules

dnf install perl will install all core Perl modules that come with Perl upstream sources.

Perl 5.26

A new perl 5.26 version brings a lot of changes done over a year of development. Perl 5.26 was released 5/31/2017. See 5.26.0 perldelta for more details about preparing release.

Fedora 27 Accepted Self Contained Changes Proposals

These changes have been accepted by the Fedora Engineering Steering Committee for the Fedora 27 Release as Self Contained Changes.

Bodhi Non-RPM Artifacts

Bodhi, the Fedora Updates System, should be able to process more than just RPMs.

Chinese Serif Fonts

Fedora already provides default Chinese Sans fonts, now Fedora 27 will also provide default Chinese Serif fonts.

Decouple system java setting from java command setting

By default, Java applications installed from RPMs are run with JVM found on PATH. We propose to run them with default system JVM, not considering PATH. Users will still be able to override the default using JAVA_HOME environment variable as before.

Improved Bay- and Cherry-Trail device support

Improve support for hardware using Intel Bay Trail and Cherry Trail SoCs.

Java 9

Add a tech preview preview of the the upcoming version of Java (OpenJDK9) to Fedora 27

Making sudo pip Safe (Again)

At the present time, running sudo pip3 in Fedora is not safe. Pip shares its installation directory with dnf, can remove dnf-managed files and generally break the Python 3 interpreter. We propose a series of measures that will make it safe to use.

New default cipher in OpenVPN

Since the discovery of the SWEET32 flaw, ciphers using cipher-blocks smaller than 128-bits are considered vulnerable and should not be used any more. OpenVPN uses Blowfish (BF-128-CBC) as the default cipher, which is hit by the SWEET32 flaw. This proposal changes the default cipher to AES-256-GCM while in parallel allowing clients to connect using AES-256-CBC, AES-128-CBC or the deprecated BF-CBC,

OpenSSH Server Crypto Policy

OpenSSH clients follow the system-wide crypto policy since Fedora 26. This F27 change modifies the openssh server configuration to adhere to the system-wide policy. That will allow openssh server configuration to adapt to the multiple security levels offered system-wide.

Platform Python Stack

A revisit of the System Python change from Fedora 24. It has been renamed from System Python to Platform Python not to collide with upstream PEP 432.

Remove SSH-1 from OpenSSH clients

Upstream removes support for SSH-1 protocol and we plan to do the same in Fedora. The protocol is years obsolete and not even supported in current default binaries (only in openssh-clients-ssh1 subpackage).

Remove krb5-appl

Remove src:krb5-appl (produces packages krb5-appl-clients and krb5-appl-servers) from the distribution.

Replace Yumex-DNF with dnfdragora

Replace the current alternative graphical package manager.

Samba AD

Samba AD is an open source implementation of an Active Directory set of tools and protocols. It allows Windows clients to be enrolled and managed using native Windows tools. In addition, Samba AD can serve as a domain controller for Fedora workstations and servers utilizing DCERPC, LDAP and Kerberos.

aarch64 SBC (Single Board Computer) Disk Images

We will deliver the first supported SBC disk images for aarch64.

libpinyin 2.1

libpinyin 2.1 will merge libzhuyin code and replace the package


Zend Framework 3

Update Zend Framework to latest version 3.

Modular Compose

For Fedora 26, we would like to modify the compose tools (pungi) to produce an additional experimental variant, derived from modules built in the Module Build Service.

Module Build Service

We will deploy an instance of the Module Build Service to production in Fedora Infrastructure. Other teams will use this service to produce some "modular" content for the Fedora 26 release.

Blivet-GUI in Anaconda

Add blivet-gui as an alternative option for storage configuration in Anaconda Installer.

PHP 7.1

Update the PHP stack in Fedora to latest version 7.1.x

BIND version 9.11

BIND (Berkeley Internet Name Domain) version 9.11 is the latest stable major update of the widely used DNS server. Besides new features, some settings defaults have changed since the previous major version (9.10).

OpenSSH Crypto Policy (Client)

OpenSSH client will follow system-wide crypto policies already followed by other cryptographic libraries and tools. It will allow to use different security levels defined system-wide.

Fedora Atomic

  • Consolidated Storage Setup based on OverlayFS - In Fedora Atomic 27 we now default to a more simple container storage setup. In Fedora 26 we switched to overlay as the default driver but we still had a separate volume to for this storage. While we do recommend the separate volume for production deployments we also want a more simple setup for the out-of-the-box experience. In Fedora 27 Atomic Host the default will be a large root filesystem, shared with the container storage (via overlayFS).
  • Containerized Kubernetes by Default - Fedora Atomic 27 no longer includes Kubernetes, etcd, or flannel in the base OSTree. We offer containerized Kubernetes, flannel and etcd. This allows flexibility for users to choose different versions of Kubernetes, or to not use Kubernetes at all. If having kubernetes installed via RPM is a requirement, then package layering is still an option.
  • Improvements in Package Layering - Latest rpm-ostree, now with support for base package overrides (removes and replaces). This builds on top of the previous features including support for direct rpm install, and experimental LiveFS layering, which allows layering without a reboot.
  • System Containers in FLIBS - System Containers, a way of installing system infrastructure software via a container. Since Fedora 26 we have polished the System Container technology and now offer System Containers for Docker, Kuberetes, Flannel, and etcd. These are all available in the Fedora Layered Image Build Service.
  • atomic 1.19.1 - An updated to Atomic CLI version 1.19.1, with enhancements/bugfixes to system container support.
  • Cockpit XXX - Latest version of Cockpit, including support for Cockpit Dashboard installation on Atomic Host via rpm package layering.


Fedora Server

  • FreeIPA 4.5
    • Support for short names for AD users
    • FIPS 140-2 support
    • Client certificate identity mapping
    • Better integration with external DNS servers
    • Fully-customizable certificate authority name
  • Cockpit
    • Latest version of Cockpit administration console
    • Show "Locked/Unlocked" indicator for privilege escalation in the top bar
    • Support for configuring kdump kernel crash dumping
    • Cockpit can roll back network configuration that would otherwise disconnect an admin from the system
    • Cockpit is now fully translatable, languages with the best Zanata coverage are Polish, Ukranian, Chinese, and Spanish
    • Cockpit now honors system-defined SSH host keys
    • Cockpit will now generate default certificates with a private CA certificate that can be safely shared
    • Kerberos authentication works even if gss-proxy is in use
    • Improved support for running Cockpit behind a proxy

Fedora Workstation

  • Improved Settings - Both the Display and Network areas have been updated to make it simpler to configure these settings, and the overall Settings panel now has a tabbed appearance to make it easier to find the settings you need.
  • Builder - features a lot a improvements including to the debugger, the overall design, symbol search and word completion, and inline documentation.
  • System search - Has a new layout that shows more results at once -- and even includes system actions.
  • System tray removal - the antiquated system tray has been removed to reduce visual clutter and confusion. The Topicons extension is available for use with any applications that have not yet updated to make use of modern GNOME 3 standards.
  • Applications
    • LibreOffice 5.4 - TODO: NEEDS NEWER INFO HERE
    • Fedora Media Writer - the new version allows you to create bootable SD cards with Fedora for ARM devices such as Raspberry Pi. Support for Windows 7 and screenshot handling have been improved. The utility also notifies you when a new release of Fedora is available. -- TODO: NEEDS NEWER INFO HERE

Fedora ARM

Spins

KDE Plasma Desktop

The software released by the KDE community - Frameworks, Plasma, KDE Applications, and all the other applications with independent release schedule - was updated bringing fixes and improvements. For more information, please check:

Few other highlights:

  • More Qt5/Frameworks 5 applications: Konqueror, Okular, Calligra and Kexi are now Frameworks-based
  • Updated QtWebEngine: up to version 5.9.x

Xfce

LXQt

  • LXQt version 0.11.x where x is not common for all components as there were bugfix releases for some of them.
  • Qt5 only packages: with similar theming for gtk apps (breeze theme).
  • Essential apps: Include only essential apps by default to improve user experience after installation (avoiding to clean up useless stuffs), reducing the size of the image and reducing the footprint on disk
  • dnfdragora for graphical package management: This is a shining new feature, because dnfdragora will hit F27, but for LXQt Spin, there will not be yumex-dnf.
  • Openbox window manager but with possibility to switch to Kwin for nice graphical effects.

Mate-Compiz

Cinnamon

  • Cinnamon Desktop: Version 3.4
  • Theme: A new default theme, arc-dark.
  • Slick-Greeter: Slick-Greeter is now used as the LightDM login greeter, providing HiDPI support and better visual integration with Cinnamon.
  • dnfdragora: dnfdragora is now used instead of yumex-dnf for graphical package management.
  • Blueberry: Blueberry is now the bluetooth widget.
  • MP3 support: MP3 playback support for gstreamer applications is now included.

Labs

Design Suite

  • Blender: Updated to 2.79 with automatic support of high resolution display
  • Entangle: Updated to 0.79 with more DSLR cameras support
  • Gimp: included wavelet decompose add-on
  • Gnome Books:A e-books manager application for GNOME
  • Gnome ToDo: Personal task manager for GNOME
  • Gpick: updated to 0.2.6rc1 with enabled GTK3 support. Sampling currently works on Gnome on X session
  • Hugin: updated to 2017.0.0
  • Inkscape: Updated to version 0.92.2. SVG format now complies to W3C standard meaning saved files handles 96dpi.

Upgrading to the Latest Release

To learn how to upgrade to the latest release from a recent Fedora release using DNF, see here.