Across the various Fedora teams, the primary focus is squarely on preparations for the upcoming Fedora 45 release, driven by the impending July 15th mass rebuild and critical change proposal deadlines. Concurrently, a massive, project-wide infrastructure migration is underway as multiple groups transition their repositories, issue trackers, and CI/CD pipelines away from legacy systems like Pagure.io toward Forgejo and GitLab. Security and system stability also remain top priorities, highlighted by the enforcement of mandatory 2FA for packagers, active patching of high-severity CVEs in groups like EPEL and Perl, and proposals to gate stable release updates on reverse dependency checkers (rmdepcheck). Finally, there is a strong, unified push to improve contributor onboarding and cross-team collaboration through standardized documentation, centralized Kanban boards, and the restructuring of community governance, such as the formalization of the new Atomic SIG and the proposed AI Working Group.
Announcements
The Fedora Council has paused the Community Initiatives process effective immediately, noting that the current framework has proven ineffective for surfacing new ideas. Consequently, the AI Developer Desktop proposal has been closed as an official initiative, though independent exploration and collaboration within the community are still highly encouraged. While existing approved initiatives (Fedora Forge, Atomic, and Docs 2026) will continue their scheduled terms, the Council is actively seeking community feedback on a proposed "sandbox" lifecycle process to better evaluate and champion future innovations in a more open, transparent way.
For Fedora 45 contributors, several critical deadlines are approaching to ensure a smooth release. The F45 Mass Rebuild is scheduled to begin on July 15, 2026; maintainers needing to exclude packages must add a noautobuild file to their dist-git repositories. Also due on July 15 is the keepalive deadline for Spins and Labs, requiring maintainers to acknowledge their tracking tickets and ensure packages are up to date to guarantee inclusion in the upcoming release. Finally, a list of long-term FTBFS (Fails To Build From Source) packages failing since F42 has been published; these will be retired around August 5 unless maintainers intervene to fix them or request an exemption from FESCo.
Council
The Council discussed the Draft Council Proposal for the Fedora Innovation Lifecycle (also tracked in Ticket #564), which aims to create a structured pathway for experimental features, though some members raised concerns about potential process overhead. In other community news, the Council is exploring Open Collective for external fundraising targeting the Fedora Linux 45 cycle, seeking to address moderator burnout by formalizing support and escalation pathways, and reviewing the Authorized Analytics Volunteer Agreement to safely manage community health data under GDPR. Additionally, a recap of the 2026 Strategy Summit was published, highlighting discussions on governance, engineering, and community initiatives, while a ticket regarding FESCo election voting rights was closed and deferred to FESCo.
On the infrastructure and legal side, updates were debated for the Fedora Forge usage policy regarding repository archiving, and AI agent context was merged into the Council Tickets tracker. Legal and trademark discussions continued regarding FedoraCVE.org, 3rd-party community sites, Red Hat's EU CRA Stewardship proposal, and confusing Weblate Terms & Conditions for translators, where it was affirmed that the Fedora Project Contributor Agreement takes precedence. Finally, the Council agreed to migrate the historical Fedora Budget repository and acknowledged the need to enhance Fedora's public-facing presence.
Decisions
- Fedora Atomic Naming: The Council approved the use of the "Fedora Atomic" name for bootable container base images of Fedora.
- Provenpackager Revocation Disclosure: The Council decided not to publicly disclose the confidential details or voting record of a past provenpackager revocation incident, opting instead to focus on improving the project's Conflict of Interest policy to prevent future governance issues.
Learn more about the Council team.
FESCo
This week, FESCo focused on reviewing upcoming Fedora 45 Change Proposals and refining packaging policies. Key community discussions centered around disabling DNF vendor changes by default, enabling Shadow Stack on x86_64, and adding Stratis storage support to Anaconda. During their weekly meeting, the committee postponed discussions on the Forgejo dist-git migration and the Engineering representative's responsibilities to gather more input. Furthermore, FESCo is seeking volunteers and feedback for an upcoming proposal to make 2FA mandatory for all packagers, following the recent enforcement and grace period announcement of 2FA for provenpackagers.
Decisions
- Cryptography Libraries: Dropped the signoff requirement from the defunct "Fedora crypto team" for new cryptography libraries. FESCo will act as the gatekeeper until a new public review process is established.
- ELN Draft Builds: Permitted the ELNBuildSync (EBS) service to use and promote draft builds in Koji side-tags inherited from
eln-build for ELN rebuild batches.
- Non-responsive Maintainer: Approved adding
ankursinha and jflory7 as additional admins to the ledger package.
- Change: Lazarus with multiple widgetsets: Approved the proposal to offer the Lazarus IDE built with multiple widgetsets.
- Change: LLVM 23: Approved the system-wide update of all LLVM sub-projects to version 23.
- Change: Grub EFI For Confidential Computing: Approved the introduction of an independent, minimal GRUB bootloader package for UEFI to quickly boot Unified Kernel Images (UKI).
Learn more about the FESCo team.
Mindshare
During the Mindshare Committee meeting, members highlighted the impending shutdown of Pagure.io at the end of the month, urging contributors to migrate any remaining repositories to avoid disruptions. The committee also reviewed a funding request for All Things Open 2026, noting a need for more local community engagement and outreach to staff the event before approving the budget. Meanwhile, on the forums, the Polish Fedora community discussed their upcoming infrastructure migration and confirmed that their continued use of Fedora domains and logos complies with the project's Community Sites and Accounts trademark guidelines.
Decisions
- Assigned new term owners for the committee's charter areas: @theprogram will lead Regional Event Support, @t0xic0der will lead Digital Ambassadorship, and @jnsamyak will lead the Recognition Service.
- Decided to hold an asynchronous ticket vote to select the Fedora Council Representative, with @t0xic0der and @jnsamyak running as candidates.
- Deferred the budget vote for All Things Open 2026 pending further outreach to identify and include more local attendees.
Learn more about the Mindshare team.
Diversity & Inclusion
During their weekly meeting, the DEI team reviewed early survey feedback from the 2026 Fedora Mentor Summit, noting that the topic-based mentor lunches were highly praised, though ambient noise levels were a concern to address for next year. In infrastructure news, the team successfully completed their migration to Forgejo and is currently updating their issue templates to match the new platform. The team also concluded a discussion regarding age verification legislation, deciding that any official project-wide stance falls under the purview of the Fedora Council rather than the DEI team.
Planning is officially underway for the 2026 Fedora Week of Diversity, which is targeted for October. The team is organizing a 2-3 hour virtual event featuring short 10-20 minute talks and is currently brainstorming an overarching theme, with "Respect the Culture" as an initial proposal. There are immediate opportunities for contributors to get involved with the event by volunteering for speaker management, event logistics, content marketing, and design roles.
Decisions
Learn more about the Diversity & Inclusion team.
Workstation / GNOME
This week, the Workstation Working Group focused heavily on desktop stability and upcoming upstream improvements during their July 7 meeting. Key technical discussions highlighted the need for better GNOME Shell reliability during power management events and GPU resets, particularly on AMD and hybrid graphics systems. The group also debated desktop crashes caused by inotify instance exhaustion—likely tied to web process leaks in Epiphany—and plans to consult the Linux UAPI Group for a resolution. On the feature side, GNOME Shell is adopting SVG cursor support to eliminate blurry pointers on high-resolution displays, and progress continues on integrating voice control (Anthony) with IBus.
In the community forums, a user started a discussion regarding the new in-kernel NTFS driver (NTFSPLUS) merged in Linux 7.1. The user noted that the driver is currently disabled in Fedora's kernel configuration and inquired if there are plans to enable it as a module or by default, replacing the existing ntfs-3g symlink.
Decisions
- The Working Group agreed to consult the Linux Userspace API (UAPI) Group to help resolve the ongoing
inotify resource management issues.
- Matthias Clasen will engage with the upstream release team to monitor new package dependencies and will advocate for rearchitecting Mutter to better survive GPU resets.
- Due to member unavailability during the first half of August, the group decided to adjust the schedule for upcoming meetings.
Learn more about the Workstation / GNOME team.
KDE
The rollout of KDE Apps (Gear) 26.04 on Fedora 43 appears to have successfully reached users. Previously, this update was blocked because it required a newer version of the gpgme package (2.0+), which would have introduced a soname bump that conflicts with Fedora's stable release update policies. Recent user feedback confirms that a workaround or solution has been implemented, and the KDE Gear 26.04 update is now actively landing on Fedora 43 systems.
Learn more about the KDE team.
Server
In their July 8th meeting, the Server Working Group focused on streamlining Fedora 45 release testing and expanding server documentation. The team reviewed ongoing pull requests for DNSmasq and PXE boot configuration, noting successful validation for UEFI clients while continuing to troubleshoot legacy BIOS network loading issues. Additionally, the group discussed the initial steps for organizing Kiwi development for the upcoming Fedora home server spin-off, identifying the need for a comprehensive development environment setup guide, and shared various homelab storage use cases involving NFS, Samba, and Syncthing.
To improve community engagement in quality assurance, the group is overhauling its testing tracking by moving to a Kanban-style project board on the Fedora Forge. This new system will feature individual tickets for specific tests, making it significantly easier for community contributors to pick up testing tasks, run them in local virtual machines, and report results for each new Rawhide build.
Decisions
- For release testing, the group will create one ticket per test on a project board, including the build date in the title. Tests will start in a "To Do" column and move to either "Passed" or "Failed." Upon a new build release, the ticket titles will be updated and moved back to "To Do."
Learn more about the Server team.
Infrastructure
The Infrastructure team is preparing for the Fedora 45 mass rebuild starting July 15, which includes enabling autosigning for the f45-rebuild tag. On the monitoring and operations front, the team successfully removed legacy Nagios and collectd systems, fully transitioning to Zabbix, and refined COPR Zabbix warnings to reduce alert fatigue. Hardware maintenance is ongoing, with several RHEL10 virthosts being reinstalled with minimal downtime. Additionally, recent Koji server timeouts caused by wiki scrapers overloading proxies were identified and resolved.
In development news, major progress was made on Private Issues functionality for Forgejo, and CI infrastructure was expanded with new Forgejo Actions runners. To improve code quality, the team merged a pull request to restore pre-commit hooks in the infra/ansible repository, pinning them to hashes and introducing an .ansible-lint-ignore file to allow for gradual compliance. Furthermore, discussions are underway regarding Datanommer PostgreSQL operations, specifically exploring a migration to Kubernetes using CloudNativePG and upgrading to Timescale/PG18.
Decisions
- Squash commits were enabled for the
infra/ansible repository.
- The OpenQA memory alert threshold in Zabbix was increased to 95% to reduce unnecessary notifications during heavy loads.
- The
copr/certbot role was officially moved to the main ansible/roles directory.
- The
openshift-apps playbooks are actively being converted to use the app-actions role, with a significant batch of playbooks successfully migrated and merged this week.
Learn more about the Infrastructure team.
Release Engineering
This week, Release Engineering focused heavily on preparations for the upcoming Fedora 45 cycle, with the F45 Mass Rebuild scheduled for July 15th and the creation of F47 release signing keys underway. Significant infrastructure improvements are also in progress, including the successful production migration of the fedora-scm-requests repository to Forgejo and the ongoing integration of Konflux CI with Fedora's Forgejo using a newly established global bot account. Additionally, Koji tags were configured to allow image-builder to build for ELN, and a script issue preventing the creation of detached signatures for the butane release was resolved.
Contributors should be aware that the web-based git blame feature in Fedora Package Sources has been disabled to mitigate abuse from AI scrapers; users are advised to clone repositories and use git blame locally instead. Maintainers receiving orphaned package warnings for oxygen-icon-theme dependencies can safely ignore them, as this is a known false positive stemming from its migration to kf6-oxygen-icons and will not result in auto-retirement. Finally, multiple packages were unretired, and stalled EPEL requests were processed to keep community packages moving forward.
Decisions
- Fedora 45 Spins: The Robotics Spin will be dropped starting with the Fedora Linux 45 release.
- Koji Policies: Following FESCo approval, the Koji hub policy was updated to allow draft builds for ELN within specific
eln-build-side* tags to improve the reliability of ELN rebuild batches.
- Infrastructure Security: Web-based
git blame endpoints in dist-git are intentionally blocked due to massive crawler abuse.
- Konflux CI Integration: The team decided to use a global
konflux-bot token via Pipelines-as-Code global repository settings rather than distributing secrets to individual tenant namespaces, improving security and simplifying operations.
Learn more about the Release Engineering team.
Quality
The Quality team successfully concluded the Kernel 7.1 test week and is currently reviewing the Fedora 45 change list to plan upcoming test days for major transitions like RPM 6.1, GNOME 51 Alpha, and Stratis Anaconda support. There are several new opportunities for community testing and feedback, including a newly developed GTK4 frontend for DNF5 and a secure automated build workflow for pre-built NVIDIA kernel modules. Furthermore, contributors can now show off their team affiliation using the new Quality group on Discourse, which syncs with FAS and provides a custom bug flair for user profiles.
In testing infrastructure and policy, a major proposal was introduced to gate all stable release updates on rmdepcheck, a reverse dependency static checker designed to prevent updates from breaking dependencies in Fedora and EPEL. Tooling continues to improve, with the openQA dist-git PR test feature nearing production and new event banner features merged into testdays-web. Internally, the team is also discussing process refinements, including experimenting with four-week sprints and maintaining a curated board of accessible issues for new contributors.
Learn more about the Quality team.
Design
The Fedora Design team has finalized the F45 wallpaper and officially launched the Fedora 46 Wallpaper Epic. The F46 design will be inspired by a famous STEM figure whose last name begins with "U," with a community inspiration vote and mindmap session scheduled for July and August. Alongside release artwork, the team is actively developing branding for several community projects, including a lobster mascot for the LoLa AI Package Manager, a logo for the Testing Farm's Artemis provisioning service, and a Mobility SIG logo for the Phosh Tour.
There are several excellent opportunities for community engagement this week. Anyone in the Fedora community is welcome to contribute to the F46 Wallpaper sketches and drafts phase. Additionally, designers can jump into fun, low-pressure tasks like creating an avatar for the Matrix Moderation Bot or helping to illustrate Community Personas that will visually represent the diverse types of Fedora contributors.
Decisions
- The Fedora 46 Wallpaper will be inspired by a famous STEM figure whose last name begins with "U".
- The Community Personas project was converted into a larger Epic to be properly scoped and broken down into smaller tickets during the upcoming sprint.
- The upstream
fedora-logos repository will be adopted and moved off pagure.io into the Fedora Design Team space to ensure it is maintained.
Learn more about the Design team.
Docs
This week, the Fedora Docs team focused heavily on structural improvements and cross-team collaboration. A major initiative was proposed to unify Fedora Multimedia Documentation, aiming to consolidate scattered guides on third-party codecs and hardware drivers into a single authoritative source to improve the user experience. To support this and other cross-team efforts, the team is organizing a "Fedora Docs Captain" pilot program with the Kernel, Multimedia, and AI/ML groups to decentralize documentation leadership and pair subject-matter experts with Docs team sponsors. Additionally, efforts to improve contributor engagement are underway, including welcoming a new volunteer writer and restructuring the contributor guides (and its introductory article) into a dedicated, highly visible module on the landing page.
Behind the scenes, several repository alignment tasks were completed to streamline workflows and avoid confusion for existing contributors. The team successfully finalized a standardized issue labeling system and common README format across the organization. Furthermore, all project boards were migrated from individual repositories to the organization level to provide a better overview of ongoing work.
Decisions
- Project Boards: All project boards have been successfully migrated to the organization level, and per-repository boards should no longer be used (Ticket #48).
- Issue Labels: A simplified, standardized set of issue labels (categorized by type, effort, priority, and status) has been finalized and deployed across all repositories within the docs organization (Ticket #40).
- Repository READMEs: A common README format has been approved and successfully implemented across key documentation repositories (Ticket #36).
- Repository Alignment: The overarching repository alignment tracker was closed, with any remaining incomplete subtasks now being tracked in their own dedicated issues (Ticket #18).
Learn more about the Docs team.
Internationalization
During the Internationalization meeting, the team discussed upcoming changes for Fedora 45, highlighting that an initial draft for the LibreOffice Dictionaries change has been submitted. Contributors are encouraged to propose any additional Self-Contained Changes before the July 21st deadline. The group also reviewed the upcoming release schedule, noting the major toolchain updates deadline on July 13th and the mass rebuild starting on July 15th.
To help with ongoing maintenance, a call to action was issued for Fedora 43 bug triaging. Contributors are asked to engage by reviewing the 45 remaining bugs reported against Fedora 43 to either fix them or move them to a later release.
Learn more about the Internationalization team.
EPEL
This week, the EPEL community evaluated a proposal to gate all stable release updates on rmdepcheck, a reverse dependency static checker designed to prevent updates from breaking package installability. While the initiative is generally supported to ensure stability, mailing list discussions highlighted concerns regarding transient CI network failures and the potential burden of fixing dependent packages maintained by unresponsive contributors. Additionally, maintainers are coordinating major incompatible updates to resolve severe CVEs. This includes a planned upgrade of ffmpeg in EPEL 9—which will first receive a 5.1.10 patch before transitioning to version 7.1.5 via epel9-next—and an update to rust-routinator 0.15.2 that removes a vulnerable, off-by-default feature.
Decisions
During the weekly meeting, the steering committee voted to approve a documentation pull request clarifying the policy against building packages against non-default modules. The committee also initiated asynchronous in-ticket voting for the ffmpeg and rust-routinator incompatible update requests to prevent blocking contributors from moving forward.
Learn more about the EPEL team.
ELN
The ELN SIG met on July 7 to discuss significant infrastructure and tooling upgrades. Notably, ELNBuildSync 1.3.2 has successfully migrated from CentOS Stream hosting to Fedora Infrastructure, and FESCo has approved draft build support in EBS, which is currently being prepared for deployment. The Content Resolver has also been ported to dnf5 by new contributor James Troy, cutting run times in half (from 6-7 hours down to 2-3). Additionally, the team is finalizing bootc images and coordinating with release engineering to ensure they are properly synced to Fedora's Quay registry.
To align ELN with RHEL 11 expectations, the SIG is preparing to migrate several image types to use image-builder in the pungi configurations, starting with qcow2 guest images and modernizing the boot.iso. Contributors should prepare for the upcoming Fedora 45 mass-rebuild, which will trigger a flurry of activity to fix build failures. There are also immediate opportunities for contributors to help resolve the remaining ~17 failures and OpenSSL 4.0 porting issues from the recent ELN mass rebuild.
Decisions
- Transition ELN non-cloud images (starting with
qcow2 and boot.iso) to image-builder to lead RHEL 11 development, with cloud images to follow pending coordination.
- Publish
bootc images to a dedicated quay.io/fedora/eln-bootc repository rather than grouping them with other containers.
- Delay the production deployment of Koji draft build support in EBS until after upcoming maintainer PTO to ensure stability.
Learn more about the ELN team.
Atomic
During their weekly meeting, the Fedora Atomic Initiative discussed ongoing efforts to migrate the fedora-bootc repository to the unified pipeline. While organizational access on the forge is ready, the team must implement a workaround for the Konflux service account token by creating a dedicated FAS account for repository owners to properly restrict namespace access. Contributors also briefly discussed the future of boot media, noting a shared desire for a neutral Anaconda GUI installer capable of pointing to any bootc registry. In the forums, community interest continues to grow around the proposal to create a systemd-sysexts SIG, which aims to build and distribute systemd system-extensions for atomic systems.
Decisions
- Following the Fedora Council's approval of the "Atomic" name, the group officially agreed to formalize the Atomic SIG.
- The team will set up a wiki page for the new SIG and request a dedicated Fedora calendar so contributors can subscribe specifically to Atomic meetings without inheriting events from all other Fedora SIGs.
Learn more about the Atomic team.
CoreOS
During the CoreOS meeting, the team reviewed the upcoming Fedora 45 release schedule, noting the mass rebuild on July 15 and the change proposal deadline on July 21. Contributors discussed submitting official change requests for Ignition Native Butane Support and the Ignition submodule split to increase visibility across the broader Linux community. The team also evaluated enabling UEFI boot and TPM support on AWS. Because requiring TPM would drop support for legacy instance types, they opted to defer TPM enforcement to future unified kernel image (UKI) releases to avoid disrupting existing users.
In community discussions, interest continues to grow around the proposal to create a systemd-sysexts SIG. This Special Interest Group aims to build and distribute systemd system-extensions using Fedora content, providing a new way to extend atomic systems with software that doesn't run well in containers or Flatpaks. Contributors interested in helping set up official builds (likely in Konflux), documentation, and distribution methods are encouraged to join the effort.
Decisions
- The team agreed not to enable TPM support on current Fedora CoreOS AWS AMIs to avoid breaking compatibility with legacy instance types. Instead, TPM support will be applied exclusively to the sealed/UKI images once they are ready.
Learn more about the CoreOS team.
Alternative Images
During the Alternative Images meeting, the project's migration from Pagure to GitLab was reported as complete for both the website and image building. A remaining task—and an opportunity for contributors—is to retire the old Pagure repositories or update their README files to point to the new locations. In broader news relevant to the Linux community, CentOS Stream 9 and 10 are rolling out new Secure Boot certificates and shims. The quarterly image builds were paused to wait for final package updates (such as fwupd for CentOS Stream 9) and will commence next week.
Additionally, CentOS Stream RISC-V repositories are now built, signed, and ready. The team is currently waiting on a CentOS infrastructure ticket to create the necessary targets and tags before they can begin generating the RISC-V images.
Decisions
- The quarterly image builds were scheduled for next week to ensure all new Secure Boot certificates and updated packages are fully integrated.
- The initial RISC-V rollout will consist of two specific images: a generic
qcow2 image meant for virtual machines and a raw image designed for P550 hardware.
Learn more about the Alternative Images team.
AI & ML
This week, the AI & ML group announced that pre-built binary NVIDIA open kernel modules are now available for community testing outside of the AI Desktop Remix. On the organizational front, the group is heavily focused on improving contributor onboarding and defining its community structure. Active discussions include evolving the SIG into the "Fedora AI Working Group" to reflect a broader scope encompassing both hardware enablement and open AI best practices, creating a welcoming first-page navigation experience, and establishing a formal "Skills Reviewers" sub-team to curate shared AI skills.
To avoid conflating general community participation with hardware privileges, a proposal is underway to scope gpu01 host access exclusively to the ai-packagers-sig while keeping the main ai-ml-sig open to all interested users. This infrastructure management theme is also reflected in ongoing efforts to clean up GitLab group mappings.
Decisions
Learn more about the AI & ML team.
RISC-V
The RISC-V group is currently progressing through the F45 rebuild, which is approximately 20% complete, and preparing for the upcoming F46 mass rebuild expected around July 15. On the infrastructure side, Jason Montleon successfully consolidated the RISC-V kernel repositories, moving builds from GitHub to Copr and integrating 'omni' kernels directly into the RISC-V Koji. Additionally, a proposal has been drafted regarding migrating the RISC-V documentation from the Wiki to Forge, presenting a great opportunity for community feedback and contributor engagement.
During the July 7th meeting, the team highlighted ongoing hardware developments, notably the active investigation of virtualization on RVA23 hardware (SpacemiT K3) alongside upstream QEMU and kernel developers. While there are known issues currently being documented for upstream resolution, hardware capacity is expanding, with a new K3 unit en route to serve as an additional Koji builder. Contributors should also note that general group activity is expected to slow down through July and August due to summer holidays.
Learn more about the RISC-V team.
Security
During the Security SIG meeting (agenda outlined in the forum discussion), the team focused on establishing official Fedora representation on the linux-distros mailing list to better coordinate embargoed CVEs. To support this, the group will draft a formal policy for reading members into embargoed issues to present to FESCo. The SIG also discussed the organization of security documentation, concluding that upcoming systemd and SELinux hardening guides will be published in Fedora's Quick Docs to ensure optimal search engine visibility for end users.
Discussions regarding the Cyber Resilience Act (CRA) and the formulation of a "Vulnerability and Incident Response Policy" were deferred to the next meeting due to time constraints. Contributors interested in shaping Fedora's security policies, managing vulnerability responses, or writing technical security documentation are highly encouraged to join the upcoming meetings and assist with these foundational efforts.
Decisions
- Bugzilla will be used to manage private tickets for
linux-distros issues until the new Forge platform fully supports private issues.
- The SIG will draft a formal policy for handling embargoed security information and present it to FESCo for feedback and approval.
- Initial security hardening documentation will be placed in Quick Docs rather than the Security SIG team pages to improve discoverability.
Learn more about the Security team.
Perl
This week's activity in the Perl group focused entirely on package maintenance and security updates. The most critical update for the broader Linux community was the version bump of perl-DBI to 1.650 across multiple branches (PRs 3, 4, and 5), which successfully patched three security vulnerabilities: CVE-2026-14739, CVE-2026-14740, and CVE-2026-14380.
Other routine maintenance included version bumps for perl-WWW-Salesforce to 0.400 and perl-Razor-Agent to 2.88. For contributors managing database dependencies, a pull request for perl-Test-mysqld was merged to utilize -any virtual provides for MariaDB and MySQL, which should streamline future package builds and dependency resolution without causing disruptive surprises.
Decisions
- Security Patches: The group approved and merged updates for
perl-DBI to version 1.650 to resolve CVE-2026-14739, CVE-2026-14740, and CVE-2026-14380.
- Dependency Management: The group decided to implement
-any virtual provides for MariaDB/MySQL dependencies in perl-Test-mysqld.
- Package Updates: Version bump pull requests were approved and merged for
perl-WWW-Salesforce (0.400) and perl-Razor-Agent (2.88).
Learn more about the Perl team.
Python
Elliott Sales de Andrade initiated a discussion on updating Zarr to v3, noting that the current v2 build fails to build from source (FTFBS) on Python 3.15. While an initial mass prebuild attempt a year and a half ago encountered several failures, those underlying issues have since been resolved or the affected packages have been retired.
To successfully move forward with the Zarr v3 update, contributor assistance is currently needed to review the python-donfig package.
Learn more about the Python team.
Other Discussions
- How can we improve the Changes Process?: Discussion continued on improving the Fedora Changes process. Maxwell G summarized the feedback, noting support for both a git-based approach and the current wiki workflow, while highlighting the pain points of split discussions across devel@, Discourse, and other platforms. He proposed focusing first on the discussion process, suggesting keeping initial feedback on the devel list and posting read-only digests to Discourse, and asked for co-owners for a formal FESCo proposal on this matter.
- F45 Change Proposal: Enable Shadow Stack by Default on x86_64 (system-wide): Aoife Moloney announced a proposed change for Fedora 45 to enable Shadow Stack protection by default on supported x86_64 machines for applications built with gcc, clang, and rustc. Christoph Erhardt clarified that this protection applies to all binaries carrying the
SHSTK note, regardless of the programming language they were written in.
- Proposal: gate all stable release updates on rmdepcheck: Adam Williamson proposed gating all stable release updates (Fedora and EPEL) on the
rmdepcheck reverse dependency static checker to prevent updates that cause unsatisfiable dependencies. The proposal received strong support, with discussions on whether to extend this to Rawhide and Branched, how to handle waivers, and the technical implementation details, leading to a consensus to submit a lightweight FESCo ticket for approval.
- Packages providing Flatpak sandbox escapes via vulnerable MIME Type Handler: Sebastian Wick raised concerns about packages like
wine providing Flatpak applications a way to escape sandboxes via vulnerable MIME type handlers that execute arbitrary code. The discussion explored the root causes, the responsibilities of different projects (Flatpak, Wine, Freedesktop), and potential solutions, with Michael Cronenworth agreeing to drop the .desktop file registration in favor of the binfmt-misc handler in the core wine RPM to mitigate the issue in Fedora.
- F45 Change Proposal: Disable Vendor Change by Default (system-wide): Aoife Moloney announced a Fedora 45 change proposal to disable automatic vendor changes in DNF5 by default, preventing packages from silently switching vendors during transactions. The discussion highlighted that while some users prefer the current behavior for testing third-party repos like Copr, the change provides better consistency and safety, especially for derivatives like Fedora Asahi Remix, and still allows explicit vendor changes via command-line options.
- Looking for zig co-maintainer for Fedora and EPEL: Jan Drögehoff sought a co-maintainer for the
zig package, especially for EPEL, and Marko Kostic volunteered to help. After some initial issues with FAS account synchronization, Marko was successfully added as a co-maintainer, and Rénich Bon Ćirić also joined to assist.
- Help needed with matrix-synapse: Kevin Fenzi bumped an older thread asking for help with maintaining
matrix-synapse, inquiring if there had been any progress on getting Synapse's latest version to build on F44 and below.
- Spins and Labs Keepalive Deadline: 2026-07-15: Aoife Moloney reminded maintainers of Fedora spins and labs to acknowledge their Pagure tickets by July 15, 2026, to confirm their inclusion in Fedora 45. Dan requested and received a ticket for the Cinnamon spin.
- review request - dupeguru - a GUI tool to find duplicate files: Carl Byington submitted a review request for
dupeguru, a Python/Qt5 GUI tool for finding duplicate files. Barry asked about Qt6 support, and Carl noted an outstanding upstream pull request for the conversion.
- Looking for a new maintainer for Phoc and Phosh DE packages: Tomi Lähteenmäki sought new maintainers for several Phoc and Phosh packages due to a lack of time. Sam Day volunteered to take over as the primary maintainer for
phoc, phosh, phosh-mobile-settings, phosh-tour, and stevia.
- Other discussions included a list of new packages in Fedora Linux, an issue with GCC plugins packaging for AFL++, troubleshooting s390x cloud images hanging on libvirt/qemu, an F45 Change Proposal to adopt PURL Metadata, the Fedora 45 Mass Rebuild Notification, a request for a sponsor for the sckoc package, a request to unretire sugar packages, and the announcement of the Koji 1.36.1 release.
Orphaning packages
- EPEL SIG should clean up their own mess: Leigh Scott expressed frustration over being expected to maintain the EPEL Cinnamon stack, stating it wasn't his responsibility and giving notice to orphan and retire the entire stack. This led to a discussion about appropriate communication and the structural issues with Bugzilla assignments for EPEL packages.
- Orphaning hexchat: Kevin Fenzi announced plans to orphan the
hexchat package, suggesting it be retired since upstream was archived in 2024 and it currently fails to build in Rawhide. He recommended users switch to zoitechat, a GTK3 drop-in replacement that recently entered Fedora.
- List of long term FTBFS packages to be retired in August: Miro Hrončok posted the second weekly reminder listing long-term FTBFS (Fails To Build From Source) packages scheduled to be retired from Fedora 45 on August 5, 2026. Dominik 'Rathann' Mierzejewski requested a PR to add mingw subpackages to the
gsm package to resolve a dependency issue.
Package updates
- Protobuf update: Petr Menšík provided an update on the Protobuf rebase, noting that he prepared updates for the
protobuf-c and protobuf3-c libraries, ensuring compatibility and creating a COPR repository for testing.
- [heads-up] mutter and gnome-desktop3/4 soname version bump for rawhide: Milan Crha coordinated rebuilds for packages affected by the
mutter and gnome-desktop3/4 soname version bumps in the GNOME 51.alpha updates. Sam Day assisted by rebuilding phoc, phosh, phosh-mobile-settings, and stevia in the side tag, allowing the update to be successfully pushed to Rawhide.
- libical 4.0 for rawhide (when?): Milan Crha provided an update on the transition to
libical 4.0 in Rawhide, listing packages that build successfully, those with available patches, and those with generic build failures. Mamoru TASAKA backported a PR for cairo-dock-plug-ins to assist with the transition.
- [heads-up] gvfs dropped 'archive' and 'afp' in 1.61.1 (rawhide): Milan Crha notified maintainers that
gvfs dropped 'archive' and 'afp' support in version 1.61.1, causing build failures for packages like nemo. Leigh Scott quickly rebuilt nemo in the side tag to resolve the issue.
- OCaml 5.5.0 rebuilds: Jerry James announced and completed a mass rebuild of OCaml packages for the update to OCaml 5.5.0 in a side tag, which was subsequently merged into Rawhide.
- RFC: incompatible update for routinator for Fedora and EPEL 9 and 10: Michel Lind issued an RFC for an incompatible update to
routinator (version 0.15.2) for Fedora and EPEL to address multiple high-severity CVEs and a path traversal vulnerability. He disabled automatic pushes and submitted a FESCo request for approval.
- Sequoia-PGP updates with PQC support: Fabio Valentini announced updates to
sequoia-pgp applications and libraries that include support for Post-Quantum Cryptography (PQC) algorithms following the ratification of RFC 9980.
- gnome-shell 51.alpha update for rawhide changes gnome-shell api to 51: Milan Crha notified maintainers that the
gnome-shell 51.alpha update changes the API to 51, requiring updates for several GNOME shell extensions.
- [Scitech]LabPlot rebuild for liborigin update: Alexander Ploumistos requested rebuilds of
LabPlot for F43, F44, and F45 following the release of liborigin 3.0.4, and confirmed the removal of obsolete transition tags from version 2.0.0.
New contributor introductions
- Ikar's introduction: Ikar introduced themselves as a software engineer and long-time Linux user looking to contribute around 5 hours a week to Fedora.
- Mohab Soliman's introduction: Mohab Soliman, a mechatronics engineer from Egypt, introduced themselves and expressed interest in contributing to Fedora's engineering and gaming parts.
- Raul Perez' introduction: Raul Perez, a software engineer from Spain, introduced himself and shared his extensive background with Linux and open source, expressing a desire to start with small contributions to Fedora.