PR#63: Fix _topic_map.yml indentation and Modularity.adoc formatting - fedora-docs/release-notes

		`@@ -42,47 +42,53 @@`
		`Topics:`
		`- Name: Fedora Modularity`
		`File: Modularity`
		`- - Name: Kernel`
		`- File: Kernel`
		`+ # - Name: Kernel`
		`+ # File: Kernel`
		`- Name: Installation`
		`File: Installation`
		`- Name: Security`
		`File: Security`
		`- - Name: Mail Servers`
		`- File: Mail_Servers`
		`- - Name: X.Org`
		`- File: Xorg`
		`+ # - Name: Mail Servers`
		`+ # File: Mail_Servers`
		`+ - Name: Domain Controllers`
		`+ File: Domain_Controllers`
		`+ - Name: ARM Architectures`
		`+ File: ARM_Architectures`
		`+ # - Name: X.Org`
		`+ # File: Xorg`
		`- Name: Changes in Fedora for Desktop Users`
		`Dir: desktop`
		`Topics:`
		`- Name: Desktop`
		`File: Desktop`
		`- - Name: Networking`
		`- File: Networking`
		`- - Name: Internationalization`
		`- File: I18n`
		`+ # - Name: Networking`
		`+ # File: Networking`
		`+ # - Name: Internationalization`
		`+ # File: I18n`
		`- Name: Changes in Fedora for Developers`
		`Dir: developers`
		`Topics:`
		`- Name: Development Tools`
		`File: Development_Tools`
		`- - Name: C`
		`+ - Name: C and C++`
		`File: Development_C`
		`- - Name: Containers`
		`- File: Containers`
		`- - Name: Boost`
		`- File: Development_Boost`
		`- - Name: D`
		`- File: Development_D`
		`+ # - Name: Containers`
		`+ # File: Containers`
		`+ # - Name: D`
		`+ # File: Development_D`
		`- Name: Go`
		`File: Development_Go`
		`- - Name: Haskell`
		`- File: Development_Haskell`
		`+ # - Name: Haskell`
		`+ # File: Development_Haskell`
		`+ - Name: Java`
		`+ File: Development_Java`
		`+ - Name: Perl`
		`+ File: Development_Perl`
		`- Name: Python`
		`File: Development_Python`
		`- Name: Ruby`
		`File: Development_Ruby`
		`- Name: Web Development`
		`File: Development_Web`
		`- - Name: Revision History`
		`- File: Revision_History`
		`+ # - Name: Revision History`
		`+ # File: Revision_History`

en-US/Revision_History.adoc

file modified

+2 -4

		`@@ -1,8 +1,6 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[appe-Release_Notes-Revision_History]]`
		`- == Revision History`
		`+ = Revision History`
		`+ include::en-US/entities.adoc[]`

		`26.01-3`:: Sun Jul 30 2017, (docs AT lists.fedoraproject.org), First AsciiDoc version.

en-US/desktop/Desktop.adoc

file modified

+5 -30

		`@@ -1,32 +1,7 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-desktop]]`
		`- == Desktop`
		`-`
		`- [[sect-desktop-gnome3.24]]`
		`- === GNOME 3.24: Portland`
		`-`
		`- The GNOME 3 desktop environment has been upgraded to GNOME 3.24. This new version includes a number of major new features and enhancements, as well as many smaller improvements and bug fixes:`
		`-`
		`- * Night Light is a new feature that subtly changes the screen color according to the time of day, which can help to reduce sleeplessness if you use your computer at night.`
		`-`
		`- * Weather information is now included in the notifications area to show a simple summary of the day’s weather, and links to the Weather application.`
		`-`
		`- * Other GNOME applications that have been improved for 3.24 include Web, Photos, Polari, Games, Calendar and the Calculator.`
		`-`
		`- More detailed information about GNOME 3.24 can be found in the link:++https://help.gnome.org/misc/release-notes/3.24/++[release notes].`
		`-`
		`- [[sect-desktop-lxqt-spin]]`
		`- === New Spin: LXQt Desktop`
		`-`
		- Fedora LXQt provides a lightweight, well-integrated LXQt desktop environment. In addition to LXQt itself, it provides a small, well selected collection of applications, such as the [application]QupZilla browser, which combines the rendering engine frtom [application]Chromium with a nice Qt experience. As all applications use the same Qt5 toolkit and the Breeze theme known from KDE, the desktop provides a unified and well-integrated style and theming. In addition, [package]breeze-gtk is provided to allow the user to integrate GTK applications too.
		`-`
		`- The LXQt Desktop spin is available for download from link:++http://spins.fedoraproject.org/++[http://spins.fedoraproject.org/].`
		`-`
		- To contact other LXQt users and maintainers of the LXQt spin, connect to the `#fedora-lxqt` IRC channel on irc.freenode.net or send an email to the LXQt List at link:++https://admin.fedoraproject.org/mailman/listinfo/users++[users@lists.fedoraproject.org].
		`-`
		`- [[sect-desktop-fontconfig-cache]]`
		`- === Fontconfig Cache Moved to /usr`
		`+ = Desktop`
		`+ include::en-US/entities.adoc[]`

		- Prior to this update, the [package]fontconfig cache files were placed in the `/var/cache/fontconfig` directory. This location was incompatible with the `OStree` model used by Fedora Atomic, which prevented using the same package for Atomic and other Fedora variants. To fix this incompatibility, the cache files have been moved to `/usr/lib/fontconfig/cache`.
		`+ [[sect-desktop-dnfdragora]]`
		`+ == dnfdragora replaces Yumex-DNF`
		+ Previous releases of Fedora have included https://github.com/timlau/yumex-dnf/blob/develop/README.md[Yumex-DNF] as a graphical user interface for package management. Yumex-DNF is no longer under active development and so it has been replaced in Fedora 27 by https://github.com/manatools/dnfdragora[dnfdragora]. dnfdragora is a new DNF frontend that is written in Python 3 and uses https://github.com/libyui/libyui[libYui], the widget abstraction library written by SUSE, so that it can be run using Qt 5, GTK+ 3, or ncurses interfaces.

en-US/desktop/I18n.adoc

file modified

+2 -9

		`@@ -1,10 +1,3 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-i18n]]`
		`- == Internationalization`
		`-`
		`- [[sect-i18n-pinyin]]`
		`- === libpinyin 2.0`
		`-`
		`- libpinyin 2.0 helps Chinese Pinyin users to increase their input speed by needing fewer key presses. ibus-libpinyin with libpinyin 2.0 provides 1-3 sentence candidates and improves the dictionary. Also the libpinyin license has changed to GPLv3+.`
		`+ = Internationalization`
		`+ include::en-US/entities.adoc[]`

en-US/desktop/Networking.adoc

file modified

+2 -18

		`@@ -1,19 +1,3 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-networking]]`
		`- == Networking`
		`-`
		`- [[sect-networking-openvpn]]`
		`- === OpenVPN Rebased to Version 2.4.3`
		`-`
		- [application]OpenVPN has been rebased to version 2.4.3. This update adds many improvements, notably improved elliptic curve cryptography support (`ECDH`), support for `AES-GCM`, and additional encryption layer of the control channel (the [option]`--tls-crypt` option), and a type of cipher negotiation which allows for gradually upgrading client ciphers to stronger ones without significant added complexity. Additionally, there is now a seamless client IP and port available, allowing clients to change their IP address or port without having to fully renegotiate an established tunnel.
		`-`
		`- For a full list of changes in this version, see the link:++https://github.com/OpenVPN/openvpn/blob/v2.4.3/Changes.rst++[upstream changelog on GitHub].`
		`-`
		- Overall integration with [application]systemd has also improved, and systemd can now better manage OpenVPN processes. This update ships with brand new systemd unit files, which add additional security hardening. These new unit files are preferred over the old `openvpn@.service` file. The same unit files are used in other Linux distributions which use systemd, ensuring a more consistent behavior and usage between different systemd-based systems. See installed documentation in `/usr/share/doc/openvpn/README.systemd` for more information about this topic.
		`-`
		`- .Additional Notes`
		- In other changes, Certificate Revocation List (`CRL`) checking is now done by [command]`SSL` libraries directly. These libraries have a far more strict acceptance policy than the approach previously used in OpenVPN. For example, if your CRL file has expired, this will have an impact on every user, regardless of whether their certificates are revoked or not.
		`-`
		`- Additionally, OpenVPN in Fedora 26 currently use the [package]compat-openssl10 and [package]compat-openssl10-pkcs11-helper compatibility packages, which are considered to be a workaround until more thorough testing can be done on OpenSSL 1.1, which has only been introduced in OpenVPN recently. In a later update, the OpenVPN package is expected to be upgraded to make use of the newer [package]openssl-1.1 library.`
		`+ = Networking`
		`+ include::en-US/entities.adoc[]`

en-US/developers/Containers.adoc

file modified

+2 -20

		`@@ -1,22 +1,4 @@`
		`- [[sect-containers]]`

		`+ [[sect-containers]]`
		`+ = Containers`
		`include::en-US/entities.adoc[]`
		`-`
		`- == Containers`
		`-`
		`- [[overlay2-for-docker]]`
		`- === OverlayFS is now default for Docker`
		`-`
		`- The default storage option for Docker is now OverlayFS via the Overlay2 driver, which provides better performance. Overlay2 provides performance advantages in memory sharing compared to devicemapper. Additionally, support for SELinux for the Overlay file systems have been added.`
		`-`
		`- [NOTE]`
		`- ===`
		- Overlay is not a POSIX-compliant file system and there could be problems with running containers on Overlay. Therefore, you can easily switch back to devicemapper in these cases. For more information about switching storage options, check the documentation for the [command]`atomic storage` commands.
		`- ===`
		`-`
		`- Upgraded systems will not be affected.`
		`-`
		`- [[docker-sdk-for-python-version-2]]`
		`- === Docker SDK for Python, version 2`
		`-`
		- A new version of Docker SDK for Python, the Python library which communicates with the Docker engine API, has been added to Fedora 26. It provides a new, high-level, user-focused API provided as `docker.DockerClient`. This obsoletes the existing [package]python-docker-py package. The functionality is now provided by the [package]python2-docker and [package]python3-docker packages. The `docker.Client` class has been renamed to `docker.APIClient`. Note that the version 2 of Docker SDK is not backwards compatible with the versions earlier than 1.10.6 of the library.

en-US/developers/Development_Boost.adoc

file removed

-12

		`@@ -1,12 +0,0 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`- [[sect-boost]]`
		`- == Boost`
		`-`
		`- [[sect-boost-boost163]]`
		`- === Boost 1.63`
		`-`
		`- Boost has been upgraded to version 1.63. Apart from a number of bugfixes and improvements to existing libraries, this brings six new libraries compared to Fedora 25: Boost.Compute, Boost.DLL, Boost.Hana, Boost.Metaparse, Boost.Fiber and Boost.QVM.`
		`-`
		`- For more information, see the link:++http://www.boost.org/users/history/version_1_63_0.html++[Boost 1.63 Release Notes].`

en-US/developers/Development_C.adoc

file modified

+14 -27

		`@@ -1,33 +1,20 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-c]]`
		`- == C`
		`-`
		`- [[sect-gcc-gcc7]]`
		`- === GNU Compiler Collection (GCC) Rebased to 7.1`
		`-`
		`- The [application]GNU Compiler Collection (GCC) has been rebased to version 7.1, a major new release that provides a number of new features as well as many improvements and bugfixes. In addition to offering the new GCC to developers, Fedora packages have been recompiled using the new version. See link:++http://gcc.gnu.org/gcc-7/changes.html++[Changes, New Features, and Fixes in the GCC 7 Release Series].`
		`-`
		`- Developers should see link:++https://gcc.gnu.org/gcc-7/porting_to.html++[Porting to GCC 7] for detailed information on how to update their codebases to work with the new compilers.`
		`-`
		`- [[sect-c-glibc-2-25]]`
		`- === The GNU C Library Version 2.25`
		`-`
		`- The GNU C Library in Fedora 26 has been rebased to version 2.25, which brings many improvements and bug fixes over the previous version. Notable changes include:`
		`-`
		- * Additional support for floating-point extensions for C (TS 18661-1:2014) including new functions like `strfromd`, `strfromf`, and `strfroml`.
		`-`
		- * The function `explicit_bzero`, from OpenBSD, has been added to `libc`. It is intended to be used instead of `memset()` to erase sensitive data after use.
		`-`
		- * The `getentropy` and `getrandom` functions, and the `<sys/random.h>` header file, have been added.
		`+ = C and C++`
		`+ include::en-US/entities.adoc[]`

		- * GDB pretty printers have been added for `mutex` and `condition` variable structures in POSIX Threads.
		`+ [[sect-boost]]`
		`+ == Boost 1.64`
		`+ The http://www.boost.org[Boost C++ libraries] have been upgraded to version 1.64. Apart from a number of bugfixes and improvements to existing libraries, this brings a new library compared to Fedora 26, Boost.Process.`
		`+ For more information, see the http://www.boost.org/users/history/version_1_64_0.html[Boost 1.64 release notes].`

		`- * Tunables feature added to allow tweaking of the runtime for an application program.`
		`+ [[sect-c-glibc]]`
		`+ == GNU C Library 2.26`
		`+ Fedora 27 ships with version 2.26 of the GNU C Library (glibc). New features include:`

		`- * New improved algorithms for condition variables and read-write locks for POSIX Threads.`
		`+ * A per-thread malloc cache has been added that significantly improves the malloc API family of functions on certain multithreaded workloads.`
		`+ * Unicode 10.0.0 support for character encodings, character type info, and transliteration tables.`
		`+ * Improvements in the DNS stub resolver including runtime detection of changed DNS servers (/etc/resolv.conf changes) and use of those new servers without needing to restart the process.`

		`- * Security fixes for link:++https://nvd.nist.gov/vuln/detail/CVE-2016-6323++[CVE-2016-6323], and link:++https://nvd.nist.gov/vuln/detail/CVE-2015-5180++[CVE-2015-5180].`
		`+ Security improvements include fixes for the following vulnerabilities: CVE-2017-12132, CVE-2017-1000366, CVE-2010-3192, CVE-2017-12133.`

		`- Detailed release are available as part of the link:++https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html++[upstream release notice].`
		`+ More information about this version of the GNU C Library can be found in https://sourceware.org/ml/libc-alpha/2017-08/msg00010.html[the release notes].`

en-US/developers/Development_D.adoc

file modified

+2 -9

		`@@ -1,10 +1,3 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-d]]`
		`- == D`
		`-`
		`- [[sect-d-ldc]]`
		`- === LLVM-based D Compiler (LDC) v1.1.0`
		`-`
		`- The LDC D compiler has been updated to version 1.1.0. More information about this release is contained in the link:++https://github.com/ldc-developers/ldc/releases/tag/v1.1.0++[LDC 1.1.0 release note].`
		`+ = D`
		`+ include::en-US/entities.adoc[]`

en-US/developers/Development_Go.adoc

file modified

+6 -12

		`@@ -1,17 +1,11 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-development-go]]`
		`- == Go`
		`-`
		`- [[sect-development-golang]]`
		`- === Golang 1.8`
		`+ = Go`
		`+ include::en-US/entities.adoc[]`

		`- The latest Go release, version 1.8, brings changes to the implementation of the toolchain, runtime, and libraries. There are also two minor changes to the language specification. This release maintains the Go v1 promise of compatibility and so the Go Project expects almost all Go programs to continue to compile and run as before.`

		`- More detail can be found in the link:++https://tip.golang.org/doc/go1.8++[Go 1.8 Release Notes].`
		`+ [#go-upgraded-to-1.9]`
		`+ == Golang 1.9`

		`- [[sect-development-golang-pie]]`
		`- === Golang Buildmode PIE`
		`+ Fedora 27 brings Golang 1.9, which includes performance improvements, bug fixes, and new features. Most notably, support for type aliasing, parallel compilation, and direct bit manipulation has been added. For a complete list of changes, see upstream change notes at link:https://tip.golang.org/doc/go1.9[https://tip.golang.org/doc/go1.9].`

		- Fedora 26 changes the default build mode for golang in Fedora packaging macros to `buildmode=pie`, which results in the production of _Position Independent Executables_. Also, the Fedora hardned linker flags are passed to the external linker, reducing the vulnerability of the generated binaries.
		`+ With this release, support for the ppc64 architecture has been left out from the Fedora Golang packages due to the fact that the ppc64 port of 'GC' is not feature-complete.`

en-US/developers/Development_Haskell.adoc

file modified

+2 -11

		`@@ -1,12 +1,3 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-haskell]]`
		`- == Haskell`
		`-`
		`- [[sect-development-ghc80]]`
		`- === Glasgow Haskell Complier v8.0`
		`-`
		`- The Glasgow Haskell Compiler (GHC) has been upgraded from version 7.10 to version 8.0.2, all Haskell packages in Fedora have been rebuilt and many have been updated. This GHC release brings much improved support for aarch64, ppc64, and ppc64le as well as many new features, fixes, and improvements.`
		`-`
		`- More information about the new features in GHC version 8 can be found in the release notes for versions link:++https://downloads.haskell.org/~ghc/8.0.2/docs/html/users_guide/8.0.1-notes.html++[8.0.1] and link:++https://downloads.haskell.org/~ghc/8.0.2/docs/html/users_guide/8.0.2-notes.html++[8.0.2].`
		`+ = Haskell`
		`+ include::en-US/entities.adoc[]`

en-US/developers/Development_Java.adoc

file added

+17

		`@@ -0,0 +1,17 @@`
		`+ [[sect-java]]`
		`+ = Java`
		`+ include::en-US/entities.adoc[]`
		`+`
		`+ [[sect-java-java9]]`
		`+ == Java 9 Technology Preview`
		+ Fedora 27 includes a technology preview of Java 9, offered through the `java-9-openjdk` and `java-9-openjdk-devel` and new `java-9-openjdk-jmod` packages.
		`+`
		`+ Java 8 remains the default JDK for this release. The inclusion of Java 9 / OpenJDK 9 will allow developers to develop and test their applications for the next version of Java in parallel while everyone can continue using the stable Java 8 for daily use.`
		`+`
		`+ More information about the new features of OpenJDK 9 is available from http://openjdk.java.net/projects/jdk9/[the OpenJDK website].`
		`+`
		`+ [[sect-java-decouple]]`
		`+ == System Java Setting Decoupled from Java Command Setting`
		+ In earlier versions of Fedora, Java applications installed from RPMs were run in the JVM that was found using the `PATH` environment variable. From this release, Java applications will be run using the default system JVM, which will be OpenJDK 8 in Fedora 27, without refering to `PATH`. Users will still be able to override the default by using the `JAVA_HOME` environment variable.
		`+`
		`+ More detail about this revised configuration can be found on the https://fedoraproject.org/wiki/Changes/Decouple_system_java_setting_from_java_command_setting[change page].`

en-US/developers/Development_Perl.adoc

file added

+22

		`@@ -0,0 +1,22 @@`
		`+ [[sect-perl]]`
		`+ = Perl`
		`+ include::en-US/entities.adoc[]`
		`+`
		`+ [[sect-perl-core]]`
		`+ == Packaging of the Perl Core Modules`
		+ The release of Fedora 27 brings a change in the way that the Perl core modules are packaged by Fedora. In Perl, the core modules are the standard set of modules that ship with the Perl interpreter. Previously in Fedora, the Perl core modules were split into a number of subpackages in such a way that installing the `perl` package did not install the full set of Perl core modules. This behaviour was not what was expected by most Perl users and so, from Fedora 27, installing the `perl` package now installs the full set of Perl core modules. It is still possible to install only a minimal Perl interpreter by installing just the `perl-interpreter` package.
		`+`
		`+ [[sect-perl-526]]`
		`+ == Perl 5.26`
		`+ A new version of perl is released every year and version 5.26 is 2017's stable release. This release includes three updates with widespread effects:`
		`+`
		`+ ."." no longer in @INC`
		`+ For security reasons, the current directory (".") is no longer included by default at the end of the module search path (@INC). This may have widespread implications for the building, testing and installing of modules, and for the execution of scripts.`
		`+`
		+ .`do` may now warn
		+ `do` now gives a deprecation warning when it fails to load a file which it would have loaded had "." been in @INC.
		`+`
		`+ .In regular expression patterns, a literal left brace "{" must be escaped`
		`+ Unescaped literal { characters in regular expression patterns are no longer permitted. Use a pattern like "\{" or "[{]" to specify a match to a left brace.`
		`+`
		`+ For more information about this release, please see the http://search.cpan.org/dist/perl-5.26.0/pod/perldelta.pod[5.26.0 perldelta] web page.`

en-US/developers/Development_Python.adoc

file modified

+5 -40

		`@@ -1,42 +1,7 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-python]]`
		`- == Python`
		`-`
		`- [[sect-python-3-6]]`
		`- === Python 3.6`
		`-`
		`- Python 3.6 will be the default Python 3 stack in Fedora 26. This is an upgrade from 3.5 which was included in Fedora 25. All packages which depend on Python 3 must be rebuilt. User-written Python 3 scripts and applications may require a small amount of porting; however, Python 3.5 is forward compatible with Python 3.6 for the most part.`
		`-`
		`- Notable new features include:`
		`-`
		- * Formatted string literals (f-strings): `f"This will be evaluated to foo's value: {foo}"`
		`-`
		- * The order of elements in `+**kwargs: keyword+` arguments now preserve their order
		`-`
		- * The new `secrets` module provides handy helpers for secure token generation in various formats
		`-`
		- * Underscores in numeric literals let you break up magic constants to make them easier to read: `1_000_000`
		`-`
		- * File system path protocol: Many more standard library APIs, including the builtin `open()`, now support `pathlib.Path` and `pathlib.PurePath` objects
		`-`
		`- * A range of performance improvements.`
		`-`
		`- For more detailed information see the link:++https://fedoramagazine.org/python-3-6-0-fedora-26/++[Fedora Magazine announcement article] or the link:++https://docs.python.org/3.6/whatsnew/3.6.html++[upstream release notes]. Note the link:++https://docs.python.org/3.6/whatsnew/3.6.html#porting-to-python-3-6++[Porting to Python 3.6] section, which lists important information for developers who need to port their Python 3.5 applications.`
		`-`
		`- [[sect-python-classrom]]`
		`- === Python Classroom Lab`
		`-`
		`- Fedora 26 brings in a new Python Classroom Lab. A variant of Fedora targeted at teachers and students of the Python programming langugae. A ready to use environment with Python, PyPy 3, virtualenv, tox, git, Jupyter Notebook and more. It's ready in three variants: as a GNOME powered desktop or headless for Vagrant and Docker.`
		`-`
		`- Find out more about the Python Classroom Lab on the link:++https://labs.fedoraproject.org/en/python-classroom/++[Fedora Labs] website.`
		`-`
		`- [[sect-python-cutf8-locale]]`
		`- === Python 3 C.UTF-8 locale`
		`-`
		`- An ongoing challenge within the Python 3 series has been determining a sensible default strategy for handling the “7-bit ASCII” text encoding assumption currently implied by the use of the default C locale.`
		`-`
		- Starting with Fedora 26, the Fedora system Python includes a backport of Python 3.7's upcoming link:++https://docs.python.org/dev/whatsnew/3.7.html#pep-538-legacy-c-locale-coercion++[locale coercion] feature, which means the Python 3 stack will automatically coerce the C locale to C.UTF-8 by setting the `LC_CTYPE` environment variable (if neither it nor `LC_ALL` are already set) before configuring the process locale. Automatically setting `LC_CTYPE` this way means that both the core interpreter and locale-aware C extensions (such as `readline`) will assume the use of UTF-8 as the default text encoding, rather than ASCII.
		`+ = Python`
		`+ include::en-US/entities.adoc[]`

		`- Full details of this new Python feature are contained in link:++https://www.python.org/dev/peps/pep-0538/++[PEP 538 -- Coercing the legacy C locale to a UTF-8 based local].`
		`+ [[sect-python-sudo-pip]]`
		`+ == Making sudo pip Safe (Again)`
		+ The location where sudo pip3 installs modules has been changed to /usr/local/lib/pythonX.Y/site-packages, and sudo pip3 is henceforth safer to use. No other changes in user experience are expected. Sudo pip3 is not considered a standard way to install Python packages. Virtual environment and pip3 install --user should still be the prefered options. Additionally, Fedora will increase it's compliance with the Filesystem Hierarchy Standard, as user-installed host-specific Python modules will now be correctly located under /usr/local.

en-US/developers/Development_Ruby.adoc

file modified

+11 -18

		`@@ -1,22 +1,15 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-ruby]]`
		`- == Ruby`
		`-`
		`- [[sect-ruby-ruby24]]`
		`- === Ruby 2.4`
		`-`
		`- Ruby 2.4 is the latest stable version of Ruby. Many new features and improvements are included, for example:`
		`-`
		`- * hash table improvements`
		`-`
		`- * unify Fixnum and Bignum into Integer`
		`-`
		`- * String supports Unicode case mappings`
		`+ = Ruby`
		`+ include::en-US/entities.adoc[]`

		`- * performance and debugging improvements`
		`+ [[sect-ruby-rails]]`
		`+ == Ruby on Rails 5.1`
		`+ Ruby on Rails has been updated to version 5.1 in Fedora 27. Some of the highlights in Rails 5.1 include:`

		`- Ruby 2.4 includes updates to soname and so Ruby packages that use binary extensions should be rebuilt. Nevertheless, since the Ruby community paid great attention to source compatibility, no changes to your code are needed.`
		`+ * Drop jQuery as a default dependency`
		`+ * Yarn, Webpack and Capybara integration`
		`+ * Encrypted secrets support`
		`+ * Parameterized mailers support`
		`+ * Virtual/generated column support for MySQL and MariaDB`

		`- More information about Ruby 2.4 can be found in the Ruby community's link:++https://www.ruby-lang.org/en/news/2016/12/25/ruby-2-4-0-released/++[ Ruby 2.4.0 Release Notes].`
		`+ For more information, please see the http://guides.rubyonrails.org/v5.1/5_1_release_notes.html[Ruby on Rails 5.1 Release Notes].`

en-US/developers/Development_Tools.adoc

file modified

+12 -12

		`@@ -1,17 +1,17 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-development-tools]]`
		`- == Development Tools`
		`-`
		`- [[sect-pkgconf]]`
		`- === pkgconf as System pkg-config Implementation`
		`+ = Development Tools`
		`+ include::en-US/entities.adoc[]`

		- In Fedora 26, the pkg-config implementation has been switched to pkgconf. This is a newer, actively-maintained implementation of pkg-config that offers more advanced support for `.pc` files and provides a library interface for developers to integrate pkg-config processing into their applications.
		`+ [[sect-development-tools-debuginfo]]`
		`+ == Debuginfo Package Improvements`
		+ To observe what a program is doing, Fedora provides additional meta-data about code that is installed and runs on your system. These can be used together with tracers, profilers and debuggers to better understand what is running on your system (or to understand crashes or failures better). Previously, these debug info meta-data packages were fairly large, containing lots of information about multiple sub-packages together. With Fedora 27, these debug info meta-data packages have been split up into smaller sub-packages, making it possible to install just the debuginfo for one specific sub-package or library. The source files needed for debuggers (but not necessarily for tracers and profilers) have been separated out into their own debugsource package and it is now possible to install multiple, different versions or architectures of the debug info packages at the same time. For example, when trying to introspect a program installed in a container or virtual machine that is a different version of the package installed on the host, or when both a 32 bit and 64 bit version of a library is available.

		`- More information about pkgconf can be found at link:++http://pkgconf.org/++[pkgconf.org].`
		`+ [[sect-development-tools-bodhi]]`
		`+ == Bodhi Now Handles Non-RPM Artifacts`
		`+ Bodhi, the https://bodhi.fedoraproject.org/[Fedora Updates System], can now handle more than just RPM files. If it can be tagged in https://koji.fedoraproject.org/koji/[Koji], it should be accepted by Bodhi. The release of Bodhi 3.0.0 enables:`

		`- [[sect-development-tools-coredumpctl]]`
		`- === Enable systemd-coredump by Default`
		`+ * Support for updating non-RPM artifacts, like modules.`
		`+ * Support for complex package dependencies, which enables Fedora to start packaging Rust packages and allows Fedora to do a better job expressing valid ranges of supported dependency versions for existing packages.`
		`+ * Support, via https://pagure.io/pungi[Pungi], for generating OSTrees that are more consistent with Fedora’s release day OSTrees.`

		- By default, core dumps from crashing programs are now stored by systemd-coredump, rather than created in the crashing process's current working directory by ABRT. They may be extracted using the `coredumpctl` tool. For example, simply run `coredumpctl{nbsp}gdb` to view a backtrace for the most recent crash in gdb. For more information on this change, refer to the manpages `coredumpctl(1)`, `systemd-coredump(8)`, and `coredump.conf(5)`.
		`+ More information about this update to Bodhi can be found in the https://bodhi.fedoraproject.org/docs/release_notes.html[Bodhi 3.0.0 release notes] and the related https://fedoraproject.org/wiki/Changes/BodhiNonRPMArtifacts[Fedora change page].`

en-US/developers/Development_Web.adoc

file modified

+10 -17

		`@@ -1,21 +1,14 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-web-development]]`
		`- == Web Development`
		`-`
		`- [[webdev_php]]`
		`- === PHP 7.1`
		`-`
		`- The popular web development language PHP has been upgraded from 7.0 to 7.1 for Fedora 26. Pacakges providing extensions to PHP have been rebuilt to use the new release; developers using extensions from non-packaged sources should update them. While most common PHP applications should be able to use the new release without issue, impacted developers should review the links below for information provided by upstream PHP about the upgrade.`
		`-`
		`- * link:++http://php.net/manual/en/migration71.php++[Migrating from PHP 7.0.x to PHP 7.1.x]`
		`-`
		`- * link:++https://raw.githubusercontent.com/php/php-src/PHP-7.1/UPGRADING++[PHP 7.1 UPGRADE NOTES]`
		`+ = Web Development`
		`+ include::en-US/entities.adoc[]`

		`- * link:++https://raw.githubusercontent.com/php/php-src/PHP-7.1/UPGRADING.INTERNALS++[PHP 7.1 INTERNALS UPGRADE NOTES]`
		`+ [[sect-web-development-node]]`
		`+ == Node.js 8`
		`+ Fedora 27 includes Node.js 8, which is the current version of the platform. This release line will become a Node.js Long Term Support (LTS) release at the end of October 2017. Some of the highlights of Node.js 8 include:`

		`- [[webdev_zend]]`
		`- === Zend Framework 3.0`
		`+ * http2 support`
		`+ * experimental support for Node API (N-API)`
		`+ * a significant update to the V8 JavaScript runtime that includes major improvements in performance and developer-facing APIs`
		`+ * version 5 of the npm client`

		- Fedora 26 offers the latest version 3 of the popular PHP framework, `Zend`. Zend 3 offers increased performance, support for PHP 7, improved link:++https://docs.zendframework.com/++[project documentation], and more. For detailed information, refer to the upstream release announcement at link:++https://framework.zend.com/blog/2016-06-28-zend-framework-3.html++[Zend Framework 3 Released!] or their link:++https://docs.zendframework.com/tutorials/migration/to-v3/overview/++[migration guides].
		`+ For more information about the range of updates and new features introduced in Node.js 8, please see the https://medium.com/the-node-js-collection/node-js-8-big-improvements-for-the-debugging-and-native-module-ecosystem-58454861f2fc[release announcement].`

en-US/entities.adoc

file modified

+2 -2

		`@@ -4,8 +4,8 @@`
		`:COMMONBUGS_URL: http://fedoraproject.org/wiki/Common_F26_bugs`
		`:HOLDER: Fedora Project Contributors`
		`:KERNEL: 4.8`
		`- :NEXTVER: 27`
		`+ :NEXTVER: 28`
		`:PREVVER: 26`
		`:PRODUCT: Fedora Documentation`
		`- :PRODVER: Rawhide`
		`+ :PRODVER: 27`
		`:YEAR: 2017`

en-US/index.adoc

file modified

+1 -3

		`@@ -1,8 +1,6 @@`
		`-`
		`+ = Release Notes`
		`include::en-US/entities.adoc[]`

		`- == Release Notes`
		`-`
		`Release Notes for Fedora {PRODVER}`

		`[abstract]`

en-US/sysadmin/ARM_Architectures.adoc

file added

		`@@ -0,0 +1,9 @@`
		`+ [[sect-ARM]]`
		`+ = ARM Architectures`
		`+ include::en-US/entities.adoc[]`
		`+`
		`+ [[sect-ARM-aarch64]]`
		`+ == aarch64 Single Board Computer Disk Images`
		`+ Fedora now includes disk images for 64 bit ARM (aarch64) Single Board Computer (SBC) devices, for example the Pine64 or Raspberry Pi 3. In the same manner as for the ARMv7 SBC images, there will be a single disk image for each of Fedora's Minimal, Server and Workstation Editions that will cover all supported devices.`
		`+`
		`+ More information about Fedora on ARM and the supported devices can be found on the https://fedoraproject.org/wiki/Architectures/ARM[ARM Architecture page].`

en-US/sysadmin/Domain_Controllers.adoc

file added

+49

		`@@ -0,0 +1,49 @@`
		`+ [[sect-domain-controllers]]`
		`+ = Domain Controllers`
		`+ include::en-US/entities.adoc[]`
		`+`
		`+ [[sect-domain-controllers-samba-changes]]`
		`+ == Samba changes`
		`+`
		`+ Samba project completed conversion of Samba AD DC to support MIT Kerberos. Fedora 27 is the first Fedora version to include Samba AD domain controller functionality.`
		`+`
		`+ The Samba AD process will take care of starting the MIT KDC and it will load a KDB (Kerberos Database) driver to access the Samba AD database. When`
		`+ provisioning an AD DC using 'samba-tool' it will take care of creating a correct kdc.conf file for the MIT KDC.`
		`+`
		`+ For further details, see: link:++https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC++[upstream's documentation].`
		`+`
		`+ Important changes to note:`
		`+`
		`+ * Two different deployment modes are now supported for Samba domain controller:`
		`+ - Traditional domain controller (NT-style domain controller)`
		`+ - Active Directory domain controller (new mode).`
		`+ * Samba upgraded to version 4.7.`
		+ * The default for `client max protocol` has changed to `SMB3_11`, which means that `smbclient` (and related commands) will work against servers without SMB1 support. It is possible to use the `m/--max-protocol` option to overwrite the `client max protocol` option temporarily.
		+ * Encryption support in `smbclient` (option `-e/--encrypt`) works with SMB3 servers as well (Windows Server 2012 or later, Samba 4.0.0 or later).
		+ * The change to `SMB3_11` as default also means `smbclient` no longer negotiates `SMB1` unix extensions by default, when talking to a Samba server with `unix extensions = yes`. As a result, some commands are not available, e.g. `posix_encrypt`, `posix_open`, `posix_mkdir`, `posix_rmdir`, `posix_unlink`, `posix_whoami`, `getfacl` and `symlink`. Using `-mNT1` reenables them, if the server supports SMB1.
		+ * `smbclient` learned a new command 'deltree' that is able to do a recursive deletion of a directory tree.
		+ * The dynamic port range for RPC services has been changed from the old default value `1024-1300` to `49152-65535`. This port range is not only used by a Samba AD DC, but also applies to all other server roles including NT4-style domain controllers. The new value has been defined by Microsoft in Windows Server 2008 and newer versions. To make it easier for Administrators to control those port ranges we use the same default and make it configurable with the option: `rpc server dynamic port range`. The `rpc server port` option sets the first available port from the new `rpc server dynamic port range` option. The option `rpc server port` only applies to Samba provisioned as an AD DC.
		`+`
		`+ Samba AD DC with MIT Kerberos does not have all the features of Heimdal Kerberos build. Missing features, compared to a Heimdal Kerberos build, are:`
		`+`
		`+ * PKINIT support`
		`+ * S4U2SELF/S4U2PROXY support`
		`+ * Read-only domain controller support (RODC). This functionality is not fully working with Heimdal Kerberos build either.`
		`+`
		`+`
		`+ [[sect-domain-controllers-freeipa-changes]]`
		`+ == FreeIPA changes`
		`+`
		`+ FreeIPA has been upgraded to version 4.6. This is a major FreeIPA release which supports Python 3.`
		`+`
		`+ Major changes compared to FreeIPA 4.4 which was shipped in Fedora 26:`
		`+`
		`+ * FreeIPA is using Python 3 now`
		`+ * Security defaults are in line with the rest of Fedora. In particular, newly issued certificates default to SHA-256.`
		+ * Smartcard support was added to FreeIPA and SSSD. New `ipa-advise` recipes are available to configure FreeIPA-enrolled clients and servers to support smartcard authentication.
		`+ * FreeIPA web UI can now be accessed using smartcard authentication. This feature is not enabled by default.`
		`+ * Kerberos PKINIT is enabled by default on new installations with an integrated Certificate Authority. This allows to use smartcards to login to FreeIPA-enrolled hosts and obtain Kerberos tickets.`
		+ * Kerberos authentication indicator `pkinit` is automatically issued when Kerberos PKINIT pre-authentication succeeds. As result, elevated security requirements can be assigned to Kerberos services that require to only smartcard (`pkinit`), multi-factor (`otp`), or RADIUS (`radius`) authentication to succeed prior accessing them.
		`+ * Users from trusted Active Directory domains can now login to FreeIPA web UI and perform self-service operations.`
		`+ * FreeIPA can now be installed in an environment subject to FIPS 140-2 requirements.`
		`+`

en-US/sysadmin/Installation.adoc

file modified

+5 -78

		`@@ -1,80 +1,7 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-installation]]`
		`- == Installation`
		`-`
		`- [[sect-installation-anaconda]]`
		`- === Anaconda Changes`
		`-`
		`- This section covers changes in the [application]Anaconda installer, including changes in the graphical and text mode interactive installers, Kickstart, and installer boot options.`
		`-`
		`- [[sect-installation-anaconda-gui]]`
		`- ==== Changes in the Graphical Interface`
		`-`
		`- * A new, alternate partitioning interface provided by the the [application]blivet-gui tool is now available in the manual partitioning screen. Unlike the existing partitioning interface, [application]blivet-gui allows you to configure partitioning from the "bottom up": for example, in case of LVM you first create physical volumes, then a volume group, and then logical volumes, while in the old interface, you start with logical volumes and everything else is created automatically at first.`
		`- +`
		`- The previous partitioning interface continues to be available as alongside the new one. For additional information, see the link:++https://fedoraproject.org/wiki/Changes/AnacondaBlivetGUI++[Fedora Project Wiki].`
		`-`
		`- * The installer now shows more detailed indication of current progress during all phases of the installation.`
		`-`
		`- [[sect-installation-anaconda-tui]]`
		`- ==== Changes in the Text Mode Interface`
		`-`
		`- * The text mode interface now supports setting up IP over Inifiniband IPoIB connections in the Networking screen.`
		`-`
		`- * The built-in help system, which was previously available in the graphical installation interface, has been extended to the text mode interface.`
		`-`
		`- * The [application]Initial Setup post-setup text mode interface now runs on all available consoles.`
		`-`
		`- [[sect-installation-kickstart]]`
		`- ==== Kickstart Changes`
		`-`
		- * A new command, [command]`snapshot`, has been added to provide LVM snapshot support for devices in an LVM thin pool. The command has the following syntax:
		`- +`
		`- [subs="macros"]`
		`- ----`
		`- snapshot pass:quotes[_vg/lv_] --name pass:quotes[_snapshot_name_] --when [post-install\|pre-install]`
		`- ----`
		`- +`
		`- Available options are:`
		`-`
		- ** [option]`--name=` - provide a name for the snapshot.
		`-`
		- ** [option]`--when=` - controls when the snapshot will be created. Use `pre-install` to create the snapshot before the installation begins, but after commands in the [command]`%pre` part of the Kickstart are executed, or use `post-install` to create the snapshot after the installation and after commands in the [command]`%post` part of the Kickstart are executed.
		`-`
		- * Three new options are now available for the [command]`autopart` command:
		`-`
		- ** [option]`--nohome` - do not create a separate `/home` partition or volume if one would be created under partitioning rules
		`-`
		- ** [option]`--noboot` - do not create a separate `/boot` partition or volume
		`-`
		- ** [option]`--noswap` - do not create any swap space
		`-`
		`- [[sect-installation-anaconda-boot-options]]`
		`- ==== Changes in Anaconda Boot Options`
		`-`
		- * The [option]`inst.waitfornet=` boot option is now available. Use it to force the installer to wait for network connectivity before starting the installer interface for a specified number of seconds - for example, [option]`inst.waitfornet=30` to wait 30 seconds.
		`-`
		- * A new option named [option]`inst.ksstrict` is available. You can use it during a Kickstart-based installation to treat Kickstart warnings and error, meaning they will be printed on the output and the installation will terminate. Without specifying this option, warnings are printed to the log and the installation proceeds.
		`-`
		`- [[sect-installation-anaconda-other]]`
		`- ==== Other Anaconda Changes`
		`-`
		`- * Driver Update Disks can now be loaded from local disk devices.`
		`-`
		- * `Installclass` can now modify rules for storage checks and their constraints.
		`-`
		`- [[sect-installation-fmw]]`
		`- === ARM Support in Fedora Media Writer`
		`-`
		`- Fedora Media Writer has gained the ability to write ARM images to SD cards and other portable media. Users, including those on Windows and macOS as well as on Fedora, will now be able to write Fedora images easily for Raspberry Pi 2 and above and for other supported ARM devices. Please note that this applies only for ARM devices where there are no changes or tweaks that need to be done to the Fedora image.`
		`-`
		`- More information about this latest release of Fedora Media Writer can be found in the link:++https://github.com/MartinBriza/MediaWriter/releases/tag/4.1.0++[FMW 4.1.0 Release Notes].`
		`-`
		`- [[sect-installation-dnf-20]]`
		`- === DNF Rebased to 2.0`
		`-`
		`- [application]DNF, Fedora's package manager, has been rebased to version 2.0, which brings many bugfixes and improvements over [application]DNF 1.x, as well as changes required to fix incompatibilities with [application]Yum, the predecessor of DNF. This required the introduction of certain incompatibilities between DNF 2.0 and DNF 1.x. See link:++http://dnf.readthedocs.io/en/latest/dnf-1_vs_dnf-2.html++[Changes in DNF-2 compared to DNF-1] for details.`
		`+ = Installation`
		`+ include::en-US/entities.adoc[]`

		`- DNF 2.0 provides usability improvements, including better messages during resolution errors, showing whether a package was installed as a weak dependency, better handling of obsolete packages, fewer tracebacks, and others.`
		`+ [[sect-installation-trim]]`
		`+ == TRIM pass down to encrypted disks`
		+ With this change Fedora becomes more friendly to SSD drives. During the installation procedure, any newly created storage with LUKS encryption (newly formatted encrypted partitions, logical volumes, and so on) is configured to use the `discard` option which enables https://en.wikipedia.org/wiki/Trim_(computing)[TRIM]. This potentially increases the lifetime of SSD drives while not affecting encrypted data security and it has no effect on HDDs.

en-US/sysadmin/Kernel.adoc

file modified

+2 -13

		`@@ -1,14 +1,3 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-kernel]]`
		`- == Kernel`
		`-`
		`- [[sect-kernel-aarch64-48bitva]]`
		`- === aarch64 48-bit Virtual Address Space`
		`-`
		`- Before Fedora 26, the aarch64 kernel in Fedora used a 42-bit process virtual address (VA) space and due to the way aarch64 paging works, this constrained the maximum physical address as well. The 42-bit VA was fairly limiting for some applications, but aarch64 processors also have support for 48-bit VAs.`
		`-`
		`- For Fedora 26, Fedora has introduced a 48-bit VA and so larger aarch64 processes won't be constrained by the virtual or physical limitations of a 42-bit VA. This change also helps with things like hugetlb's and potentially provides a performace boost. Additionally, it allows Fedora to boot on a class of machines that have the majority of their RAM higher in the address space.`
		`-`
		`- Its unlikely a desktop user will notice the change, except possibly that Fedora might now boot on additional hardware. A server user might find that there is more RAM available for in-memory databases etc.`
		`+ = Kernel`
		`+ include::en-US/entities.adoc[]`

en-US/sysadmin/Mail_Servers.adoc

file modified

+2 -15

		`@@ -1,16 +1,3 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-mail-servers]]`
		`- == Mail Servers`
		`-`
		`- [[sect-mail-servers-cyrus-imapd]]`
		`- === Cyrus IMAP Server Upgraded to Version 3`
		`-`
		- In Fedora 26, the [application]Cyrus IMAP server (`cyrus-imapd`) has been upgraded to version 3. This version brings significant new functionality, but it also has some new internal database formats. It has also changed the defaults for some important configuration settings. For these reasons it is important that you read and follow link:++https://cyrusimap.org/imap/download/upgrade.html#shut-down-existing-cyrus++[upstream's upgrade documentation] before you initiate an update to Fedora 26.
		`-`
		`- Important changes to note:`
		`-`
		- * Cyrus version 3 has changed the defaults for two important configuration options: `unixhierarchysep` and `altnamespace`. You may need to add them with their previously default value of `0` if these are not present in your existing configuration.
		`-`
		- * Cyrus version 3 no longer supports the `berkeley` database type. If you have essential databases in that format, it is important that you convert them to a different format before you update your system. However, if you have already updated, don't panic. The default Fedora configuration does use this format, but only for non-essential databases which you will rebuild while following the update documentation linked above.
		`+ = Mail Servers`
		`+ include::en-US/entities.adoc[]`

en-US/sysadmin/Modularity.adoc

file modified

+14 -13

		`@@ -1,20 +1,21 @@`
		`-`
		`+ [[sect-modularity]]`
		`+ = Fedora Modularity`
		`include::en-US/entities.adoc[]`

		`- [[sect-modularity]]`
		`- == Fedora Modularity`
		`+ Modularity is the initiative to disconnect the lifecycle of applications from each other and from the lifecycle of the operating system, while still maintaining the ease of use of a typical Linux distribution. This work has produced two changes that have been incorporated into Fedora 27: Host and Platform and Modular Server.`
		`+`
		`+ [[sect-modularity-host-platform]]`
		`+ == Host and Platform`
		`+ The Host and Platform change is an evolution of the Base Runtime module concept that was introduced in the Fedora 26 Boltron Release, splitting the minimal system further into independent modules, which gives greater flexibility when composing and maintaining the base system.`

		`- Fedora Modularity is attempting to disconnect the lifecycles of applications from each other and also from that of the operating system, while still maintaining the ease of use of a typical Linux distribution. More information about this work is available in the link:++https://docs.pagure.org/modularity/++[Fedora Modularity documentation].`
		`+ * The Host module delivers hardware enablement components such as the kernel, bootloaders, firmware, possibly additional device drivers and other components closely linked to these.`

		`- [[sect-modularity-server-preview]]`
		`- === Modular Server Preview`
		`+ * The Platform module defines the operating system release and includes various base userspace components ranging from the C library and init system to system management & deployment tools, container runtime and possibly several services that are commonly considered to be part of the base system experience.`

		`- Fedora 26 contains a "preview" release of a modular Fedora Server Edition.`
		`+ The Host and Platform modules are independent, making it possible to run the same Host with different Platforms and vice versa. Each of the two modules has its own life cycle, update cadence and versioning scheme.`

		`- .Not for production use`
		`- [IMPORTANT]`
		`- ===`
		`- The Fedora 26 Modular Server Preview is a working version of the Server Edition but it is still a prototype and so it should not be used in a production environment.`
		`- ===`
		`+ [[sect-modularity-modular-server]]`
		`+ == Modular Server`
		`+ The Modular Server change promotes the work done in the Fedora 26 Boltron Release to the Fedora Server Edition. In Fedora 27, the Fedora Server Edition is created and delivered using the Modularity infrastructure pipeline and the Host and Platform design concept.`

		`- The purpose of this preview release is to request feedback from the user community. The Modularity Working Group would like to hear from anyone experimenting with the preview about how it does or does not meet their expectations. Contact details for the Modularity Working Group are on the link:++https://docs.pagure.org/modularity/++[Fedora Modularity home page].`
		`+ Other Fedora Editions and Spins will not change in this release; users who want to use Fedora to create a server (as opposed to capital-S Fedora Server) without Modularity can use one of the other editions, for example the Fedora Cloud Base Image, or the "Everything" network installer.`

en-US/sysadmin/Security.adoc

file modified

+27 -36

		`@@ -1,56 +1,47 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-security]]`
		`- == Security`
		`-`
		`- [[security-crypto]]`
		`- === System-wide Crypto Policy`
		`-`
		`- The security of network communications is a high priority for the Fedora project, with strong TLS providing the first line of defense against traffic inspection. Two systems negotiating a TLS connection must agree on a common cipher to encrypt their communications, and as ciphers become deprecated, it is important to exclude them.`
		`-`
		`- The ciphers that an administrator might consider adequately secure are determined by vulnerabilities published against specific ciphers. The acceptable cipher suite applies to all communications on the internet, and is not specific to any one system or daemon. To ease administration and increase adminsitrator confidence in the system's security posture, Fedora has been configuring various software to use a system-global configuration so that TLS ciphers need only be updated in one place.`
		`+ = Security`
		`+ include::en-US/entities.adoc[]`

		- With Fedora 26, two more things will use the system-wide crypto policy, `OpenSSH` and `Java`.
		`+ [[sect-security-kerberos-kcm]]`
		`+ == Kerberos KCM credential cache by default`
		`+ Fedora 27 defaults to a new Kerberos credential cache type called Kerberos Cache Manager (KCM), implemented in the sssd-kcm service, that is better suited for containerized environments and also provides a better user experience in the general case. Key features of KCM include:`

		`- .OpenSSH Crypto`
		- OpenSSH clients will use system preferred key exchange algorithms, encryption ciphers, and message authentication code (MAC) algorithms. This is enabled by an `Include` directive in `/etc/ssh/ssh_config` to include directives in `/etc/ssh/ssh_config.d/*.conf`, which pulls in `/etc/crypto-policies/back-ends/openssh.config`.
		`+ * Kerberos credential caches are handled by a userspace deamon with a UNIX socket entry point. That means the UIDs and GIDs of the cache owners are subject to UID namespacing, which is beneficial in containerized environments.`
		`+ * The UNIX socket can be mounted into containers on demand, thus allowing one or more containers to share a single Kerberos credential cache.`
		`+ * The KCM deamon is stateful. While no functionality that benefits from that is implemented in F-27, the deamon will allow automatic refreshes of a user's Kerberos credentials if needed.`

		`- .Java Crypto`
		- OpenJDK has been modified to read additional security properties from the generated crypto policies file at `/etc/crypto-policies/back-ends/java.config`
		+ Information about using KCM can be found in `man sssd-kcm` and also in `man sssd-secrets`, because KCM uses sssd-secrets for data storage. Additional information is contained in the https://docs.pagure.org/SSSD.sssd/design_pages/kcm.html[SSSD Design Page for KCM].

		- This change may affect connections to legacy systems that do not support more strict crypto policies. While it is possible to switch the system profile from DEFAULT to LEGACY, or to set `security.useSystemPropertiesFile=false` in a project's `java.security` file (refer to link:++https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html++[]), it would be best to also update legacy applications to modern security standards.
		`+ [[sect-security-krb5-appl]]`
		`+ == krb5-appl Packages Removed`
		+ The `krb5-appl-clients` and `krb5-appl-servers` packages are considered to be obsolete and have been removed from Fedora. These packages provided Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Users should to move to more modern security tools, such as openssh.

		`- [[sect-security-openssl110]]`
		`- === OpenSSL 1.1.0`

		`- The introduction of OpenSSL 1.1.0 in Fedora 26 brings many big improvements, new cryptographic algorithms, and API changes that allow for keeping the ABI stable in future upgrades. There is also now a compat-openssl10 package in Fedora that provides OpenSSL 1.0.2 for dependent applications that cannot move to 1.1.0 yet.`
		`+ [#sect-defauilt-ciopher-in-openvpn-changed-to-256-bit-aes-gcm]`
		`+ == Default cipher in OpenVPN changed to 256-bit AES-GCM`

		`- There is more information about OpenSSL 1.1.0 in the link:++https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes++[ OpenSSL wiki].`
		+ OpenVPN configurations utilizing the newer `openvpn-server@.service` unit file now use a stronger cipher for the VPN tunnel by default. The default is changed from the Blowfish algorithm using 128-bit keys to the newer AES-GCM algorithm with 256-bit keys.

		`- [[sect-security-opensc]]`
		`- === OpenSC Replaces Coolkey`
		+ To ensure backwards compatibility, this new default also enables clients still using the not recommended Blowfish algorithm to connect by utilizing the `--ncp-ciphers` feature being available in OpenVPN{nbsp}2.4.

		`- Fedora 26 is not shipping the Coolkey PKCS#11 module in the NSS database by default. Instead, there will be the OpenSC PKCS#11 module, which supports more different Smart Cards. The Coolkey package will be removed in Fedora 27. If other applications were using Coolkey, they should be able to switch to OpenSC.`
		+ To facilitate an easy migration path away from Blowfish for clients not supporting AES-GCM, these clients can now add or change the `--cipher` option in the client configuration to either `AES-256-CBC` or `AES-128-CBC` without needing to do any other server changes.

		- In case you still need Coolkey in the NSS DB, you can add it manually using [command]`modutil -dbdir /etc/pki/nssdb -add "CoolKey PKCS #11 Module (manual)" -libfile libcoolkeypk11.so -force` (the different name is used to prevent automatic removals when updating coolkey package).

		`- Soon (during F26 cycle) there will be fully-featured 0.17.0 update to OpenSC with all the tested features and cards that should serve as a complete replacement of Coolkey.`
		`+ [#sect-openshh-server-now-follows-system-wide-crypto-policies]`
		`+ == OpenSSH Server now follows system-wide crypto policies`

		`- [[sect-security-sssd]]`
		`- === SSSD fast cache for local users`
		`+ Fedora defines system-wide crypto policies, which are followed by cryptographic libraries and tools, including OpenSSH clients. This allows administrators to use different system-wide security levels. With this update, OpenSSH Server adheres to these system-wide crypto policies, too.`

		`- SSSD has shipped with a very fast memory cache in the last couple of Fedora releases. However, using this cache conflicts with nscd's caching and nscd has been disabled by default. That degrades performance, because every user or group lookup must open the local files.`
		+ This modification is implemented using a script, which places configuration generated according to currently defined crypto policies into the OpenSSH Server's configuration file. The script is executed by systemd when the `sshd` service is started. It is, therefore, necessary to restart the `sshd` service for changes to crypto-policy configuration to take effect.

		`- From Fedora 26, a new SSSD "files" provider will resolve users from the local files. That way, the "sss" NSS module can be configured before the files module in nsswitch.conf and the system can leverage sss_nss caching for both local and remote users. As a result, user and group resolution in Fedora will be much faster.`

		`- [[sect-security-authconfig-cleanup]]`
		`- === Authconfig cleanup`
		`+ [#sect-ssh-1-support-removed-from-openssh]`
		`+ == SSH-1 support removed from OpenSSH`

		- Obsolete and unmaintainable code was removed from [command]`authconfig`. Notably:
		`+ The SSH-1 protocol is obsolete and no longer considered secure. As such, it is not supported by the default OpenSSH client binaries packaged for Fedora. This changes removes support for the SHH-1 protocol altogether by removing the openssh-clients-ssh1 subpackage.`

		`- * The graphical interface ([package]system-config-authentication) and the interactive text mode, which relied on old and unmaintained libraries (GTK+2 and Glade) have been removed from the distribution.`

		- * The command line tool, which has been deprecated previously, continues to be part of the distribution for legacy reasons. However, some deprecated and obsolete functionality such as support for `WINS` and `HESIOD` has been removed in this release.
		`+ [#sect-libcurl-switches-to-using-openssl]`
		`+ == libcurl switches to using OpenSSL`

		- The removal effort is happening because current modern environments support automatic configuration of remote user identities using `Realmd` and `SSSD` and do not require manual configuration through an interactive interface such as [package]system-config-authentication. Some of the existing authconfig command line functionality is being preserved due to it still retaining some usefulness in certain environments, and to support the [command]`auth` command in Kickstart. Removing parts of the code base that are no longer maintainable makes it easier to continue providing this functionality.
		`+ The libcurl library now uses OpenSSL for TLS and crypto (instead of NSS). TLS certificates and keys stored in the NSS database need to be exported to files for libcurl to be able to load them. See link:http://pki.fedoraproject.org/wiki/NSS_Database[http://pki.fedoraproject.org/wiki/NSS_Database] for instructions on how to work with the NSS database.`

en-US/sysadmin/Xorg.adoc

file modified

+2 -19

		`@@ -1,20 +1,3 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-x-org]]`
		`- == X.Org`
		`-`
		`- [[sect-x-org-synaptics]]`
		`- === Retire Synaptics Driver`
		`-`
		`- [package]xorg-x11-drv-synaptics has been the main X.Org touchpad driver for over a decade. Since Fedora 22, it has been superseded by [package]xorg-x11-drv-libinput which aims to provide a better touchpad experience.`
		`-`
		`- Starting with Fedora 26:`
		`-`
		`- * a fresh installation of Fedora will install [package]xorg-x11-drv-libinput instead of [package]xorg-x11-drv-synaptics;`
		`-`
		`- * an upgrade from an earlier Fedora will install [package]xorg-x11-drv-libinput and remove [package]xorg-x11-drv-synaptics;`
		`-`
		`- * users that need the synaptics driver will need to manually install [package]xorg-x11-drv-synaptics-legacy, which will install the synaptics driver and give it precedence over the libinput driver;`
		`-`
		`- * removing [package]xorg-x11-drv-synaptics-legacy will remove the synaptics driver and the system will automatically revert to the libinput driver.`
		`+ = X.Org`
		`+ include::en-US/entities.adoc[]`

en-US/welcome/Feedback.adoc

file modified

+4 -6

		`@@ -1,16 +1,14 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-Release_Notes-Feedback]]`
		`- == Feedback`
		`+ = Feedback`
		`+ include::en-US/entities.adoc[]`

		`Thank you for taking the time to provide your comments, suggestions, and bug reports to the Fedora community; this helps improve the state of Fedora, Linux, and free software worldwide.`

		`- === Providing Feedback on Fedora Software`
		`+ == Providing Feedback on Fedora Software`

		`To provide feedback on Fedora software or other system elements, please refer to link:++http://fedoraproject.org/wiki/BugsAndFeatureRequests++[Bugs And Feature Requests]. A list of commonly reported bugs and known issues for this release is available from link:{COMMONBUGS_URL}[Common F26 Bugs] on the wiki.`

		`- === Providing Feedback on Release Notes`
		`+ == Providing Feedback on Release Notes`

		`If you feel these release notes could be improved in any way, you can provide your feedback directly to the beat writers. There are several ways to provide feedback, in order of preference:`

en-US/welcome/Hardware_Overview.adoc

file modified

+12 -14

		`@@ -1,13 +1,11 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-hardware-overview]]`
		`- == Hardware Overview`
		`+ = Hardware Overview`
		`+ include::en-US/entities.adoc[]`

		`Fedora {PRODVER} provides software to suit a wide variety of applications. The storage, memory and processing requirements vary depending on usage. For example, a high traffic database server requires much more memory and storage than a business desktop, which in turn has higher requirements than a single-purpose virtual machine.`

		`[[hardware_overview-specs]]`
		`- === Minimum System Configuration`
		`+ == Minimum System Configuration`

		`The figures below are a recommended minimum for the default installation. Your requirements may differ, and most applications will benefit from more than the minimum resources.`

		`@@ -19,28 +17,28 @@`

		`.Low memory installations`
		`[NOTE]`
		`- ===`
		`+ ====`
		`Fedora {PRODVER} can be installed and used on systems with limited resources for some applications. Text, VNC, or kickstart installations are advised over graphical installation for systems with very low memory. Larger package sets require more memory during installation, so users with less than 768MB of system memory may have better results preforming a minimal install and adding to it afterward.`

		`For best results on systems with less than 1GB of memory, use the DVD installation image.`
		`- ===`
		`+ ====`

		`[[hardware_overview-resolution]]`
		`- === Display resolution`
		`+ == Display resolution`

		`.Graphical Installation requires 800x600 resolution or higher`
		`[NOTE]`
		`- ===`
		`+ ====`
		`Graphical installation of Fedora requires a minimum screen resolution of 800x600. Owners of devices with lower resolution, such as some netbooks, should use text or VNC installation.`

		`Once installed, Fedora will support these lower resolution devices. The minimum resolution requirement applies only to graphical installation.`
		`- ===`
		`+ ====`

		`[[hardware_overview-graphics]]`
		`- === Graphics Hardware`
		`+ == Graphics Hardware`

		`[[hardware_overview-graphics-legacy_gpus]]`
		`- ==== Minimum Hardware for Accelerated Desktops`
		`+ === Minimum Hardware for Accelerated Desktops`

		`Fedora {PRODVER} supports most display adapters. Modern, feature-rich desktop environments like GNOME3 and KDE Plasma Workspaces use video devices to provide 3D-accelerated desktops. Older graphics hardware may not support acceleration:`

		`@@ -51,12 +49,12 @@`
		`* Radeon prior to R300 (Radeon 9500)`

		`[[hardware_overview-graphics-cpu_acceleration]]`
		`- ==== CPU Accelerated Graphics`
		`+ === CPU Accelerated Graphics`

		Systems with older or no graphics acceleration devices can have accelerated desktop environments using LLVMpipe technology, which uses the CPU to render graphics. LLVMpipe requires a processor with `SSE2` extensions. The extensions supported by your processor are listed in the `flags:` section of `/proc/cpuinfo`

		`[[hardware_overview-graphics-desktops]]`
		`- ==== Choosing a Desktop Environment for your hardware`
		`+ === Choosing a Desktop Environment for your hardware`

		`Fedora {PRODVER}'s default desktop environment, GNOME3, functions best with hardware acceleration. Alternative desktops are recommended for users with older graphics hardware or those seeing insufficient performance with LLVMpipe.`

en-US/welcome/Overview.adoc

file modified

+2 -4

		`@@ -1,8 +1,6 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-overview]]`
		`- == Overview`
		`+ = Overview`
		`+ include::en-US/entities.adoc[]`

		`As always, Fedora continues to develop and integrate the latest free and open source software. The following sections provide a brief overview of major changes from the last release of Fedora.`

en-US/welcome/Welcome.adoc

file modified

+4 -6

		`@@ -1,8 +1,6 @@`
		`-`
		`- include::en-US/entities.adoc[]`
		`-`
		`[[sect-welcome_to_fedora]]`
		`- == Welcome to Fedora`
		`+ = Welcome to Fedora`
		`+ include::en-US/entities.adoc[]`

		`The Fedora Project is a partnership of Free software community members from around the globe. The Fedora Project builds open source software communities and produces a Linux distribution called Fedora.`

		`@@ -25,7 +23,7 @@`
		`* link:++http://fedoraproject.org/wiki/Join++[Participate in the Fedora Project]`

		`[[sect-need-help]]`
		`- === Need Help?`
		`+ == Need Help?`

		`There are a number of places you can get assistance should you run into problems.`

		`@@ -34,6 +32,6 @@`
		You may also find assistance on the `#fedora` channel on the IRC net `irc.freenode.net`. Keep in mind that the channel is populated by volunteers wanting to help, but folks knowledgeable about a specific topic might not always be available.

		`[[sect-providing-help]]`
		`- === Want to Contribute?`
		`+ == Want to Contribute?`

		`You can help the Fedora Project community continue to improve Fedora if you file bug reports and enhancement requests. Refer to link:++http://fedoraproject.org/wiki/BugsAndFeatureRequests++[Bugs And Feature Requests] on the Fedora Wiki for more information about bug and feature reporting. Thank you for your participation.`