Post Syndicated from corbet original https://lwn.net/Articles/1036369/
Security updates have been issued by AlmaLinux (kernel, mod_http2, postgresql, postgresql:15, and python39:3.9), Debian (libsndfile), Mageia (ceph, glibc, and golang), Oracle (postgresql and python39:3.9), Red Hat (aide, postgresql:12, postgresql:13, postgresql:15, and postgresql:16), SUSE (git, govulncheck-vulndb, jetty-minimal, nginx, python-future, and ruby2.5), and Ubuntu (imagemagick).
Post Syndicated from corbet original https://lwn.net/Articles/1036218/
The GNOME Foundation has announced
that Steven Deobald will be leaving the position of Executive Director
after just four months.
We are extremely grateful to Steven for all this and more. Despite
these many positive achievements, Steven and the board have come to
the conclusion that Steven is not the right fit for the Executive
Director role at this time. We are therefore bidding Steven a fond
farewell.
Post Syndicated from corbet original https://lwn.net/Articles/1035727/
Arnd Bergmann started his Open
Source Summit Europe 2025 talk with a clear statement of position: 32-bit
systems are obsolete when it comes to use in any sort of new products. The
only reason to work with them at this point is when there is existing
hardware and software to support. Since Bergmann is the overall maintainer
for architecture support in the kernel, he is frequently asked whether
32-bit support can be removed. So, he concluded, the time has come to talk
more about that possibility.
Post Syndicated from corbet original https://lwn.net/Articles/1036041/
Linus has released 6.17-rc4 for testing.
“So it all looks fairly good.
Please do keep testing, and we’ll get 6.17 out in a timely manner and
in good shape.“
Post Syndicated from corbet original https://lwn.net/Articles/1035736/
Linus Torvalds has quietly changed
the maintainer status of bcachefs to “externally maintained”,
indicating that further changes are unlikely to enter the mainline anytime
soon. This change also suggests, though, that the immediate removal of
bcachefs from the mainline kernel is not in the cards.
Post Syndicated from corbet original https://lwn.net/Articles/1034966/
Keynote sessions at Open Source Summit events tend not to allow much time for
detailed talks, and the 2025 Open
Source Summit Europe did not diverge from that pattern. Even so,
Daniel Stenberg, the maintainer of the curl
project, managed to cram a lot into the 15 minutes given to him.
Like the maintainers of many other projects, Stenberg is feeling some
stress, and the problems appear to be getting worse over time.
Post Syndicated from corbet original https://lwn.net/Articles/1034604/
Inside this week’s LWN.net Weekly Edition:
Post Syndicated from corbet original https://lwn.net/Articles/1034849/
The Internet is a wonderful thing; it allows anybody to look up
information of interest. Included in all of that is the history of the
free-software development community; how we got to where we are says a lot
about why things are the way they are and what might come next. So the
takeover of Groklaw rings a loud alarm; we have been reminded that history
stored on the Internet is an ephemeral thing and cannot be expected to
remain available forever.
Post Syndicated from corbet original https://lwn.net/Articles/1034442/
Shadow stacks are a control-flow-integrity feature designed to defend
against exploits that manipulate a thread’s call stack. The kernel first
gained support for hardware-implemented shadow
stacks, for the x86 architecture, in the 6.6 release; 64-bit Arm
support followed in 6.13. This feature does not give user space much
control over the allocation of shadow stacks for new threads, though; a patch
series from Mark Brown may, after many attempts, finally be about
to change that situation.
Post Syndicated from corbet original https://lwn.net/Articles/1035110/
Security updates have been issued by Debian (ffmpeg, firebird3.0, and luajit), Fedora (chromium, python3-docs, and python3.13), Oracle (aide, firefox, glibc, libxml2, and tomcat), Red Hat (aide, git, kernel, kernel-rt, libarchive, pam, python-cryptography, python3, python3.12, and webkit2gtk3), SUSE (cmake3, ffmpeg-4, kernel, kubernetes1.18, libqt4, minikube, net-tools, pam, postgresql16, proftpd, python-urllib3, python311, python312, python36, tomcat10, tomcat11, and webkit2gtk3), and Ubuntu (nginx).
Post Syndicated from corbet original https://lwn.net/Articles/1034989/
Google has announced
a new set of restrictions on the ability of users to install apps on their
own devices:
Starting next year, Android will require all apps to be registered
by verified developers in order to be installed by users on
certified Android devices. This creates crucial accountability,
making it much harder for malicious actors to quickly distribute
another harmful app after we take the first one down. Think of it
like an ID check at the airport, which confirms a traveler’s
identity but is separate from the security screening of their bags;
we will be confirming who the developer is, not reviewing the
content of their app or where it came from.
Post Syndicated from corbet original https://lwn.net/Articles/1034944/
The Linux Foundation, in cooperation with a couple of other groups, has announced
the publication on the intersection of businesses and commercial
open-source software (deemed “COSS”). Everything, it seems, is great, and
COSS companies make a lot of money for their investors.
Even more encouraging, COSS project communities continue along
healthy growth paths after the company receives venture funding. In
essence, highly valued COSS companies tend to cultivate more
vibrant, diverse, and integral open source ecosystems, reinforcing
the idea that business value and community value are tightly
coupled in successful COSS models.
Post Syndicated from corbet original https://lwn.net/Articles/1034877/
Linus has released 6.17-rc3 (called
“3.17-rc3” in the email, but the tag in the repository is correct) for
testing. “Anyway, things seem fairly normal for this phase in the
“
release cycle, nothing stands out. Please keep testing,
Post Syndicated from corbet original https://lwn.net/Articles/1034857/
The 6.16.3 stable kernel update has been
released. It contains a set of ext4 filesystem fixes that are probably a
good thing for any 6.16 ext4 user to have.
Post Syndicated from corbet original https://lwn.net/Articles/1034813/
Version 8.0 of the FFmpeg
audio and video toolkit has been released.
Thanks to several delays, and modernization of our entire infrastructure,
this release ended up being one of our largest releases to date. In short,
its new features are:
- Native decoders: APV, ProRes RAW, RealVideo 6.0, Sanyo LD-ADPCM, G.728
- VVC decoder improvements: IBC, ACT, Palette Mode
- Vulkan compute-based codecs: FFv1 (encode and decode), ProRes RAW (decode only)
- Hardware accelerated decoding: Vulkan VP9, VAAPI VVC, OpenHarmony H264/5
- Hardware accelerated encoding: Vulkan AV1, OpenHarmony H264/5
- Formats: MCC, G.728, Whip, APV
- Filters: colordetect, pad_cuda, scale_d3d11, Whisper, and others
Post Syndicated from corbet original https://lwn.net/Articles/1033955/
The restartable sequences feature, which
was added to the 4.18 kernel in 2018, exists to enable better performance
in certain types of threaded applications. While there are users for
restartable sequences, they tend to be relatively specialized code; this is
not a tool that most application developers reach for. Over time, though,
the use of restartable sequences has grown, and it looks to grow further as
the feature is tied to new capabilities provided by the kernel. As
restartable sequences become less of a niche feature, though, some problems
have turned up; fixing one of them may involve an ABI change visible in
user space.
Post Syndicated from corbet original https://lwn.net/Articles/1033740/
Inside this week’s LWN.net Weekly Edition:
Post Syndicated from corbet original https://lwn.net/Articles/1034436/
Version
142.0 of the firefox browser has been released. Changes include a new
link preview feature (with optional “AI-generated key points
“), and
a “flexible exception list” for the strict
tracking protection feature that allows relaxing specific protections
on sites that otherwise will not work properly.
Post Syndicated from corbet original https://lwn.net/Articles/1034402/
Security updates have been issued by AlmaLinux (golang, openjpeg2, toolbox, and xterm), Debian (libxslt, mbedtls, openjdk-17, and webkit2gtk), Fedora (apptainer, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, rust-h2, and uv), Oracle (golang, kernel, and openjpeg2), Red Hat (kernel and xterm), SUSE (389-ds, cairo, container-suseconnect, kernel, lua51-luajit, postgresql13, and trivy), and Ubuntu (linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-oracle,
linux-oracle-6.14, linux-raspi, linux-realtime and openldap).
Post Syndicated from corbet original https://lwn.net/Articles/1034313/
The JetBrains blog presents the
results of the eighth annual Python Developers Survey, carried out in
partnership with the Python Software Foundation.
This year, 51% of all surveyed Python developers are involved in
data exploration and processing, with pandas and NumPy being the
tools most commonly used for this.Many of us in the Python pundit space have talked about Python as
being divided into thirds: One-third web development, one-third
data science and pure science, and one-third as a catch-all bin.We need to rethink that positioning now that one of those thirds is
overwhelmingly the most significant portion of Python.