All posts by jake

[$] Python is (mostly) made of syntactic sugar

Post Syndicated from jake original https://lwn.net/Articles/942767/

“Sugar” is, to a certain extent, in the eye of the beholder—at least when
it comes to syntax. Programming languages are often made up of a (mostly)
irreducible core, with lots of sugary constructs sprinkled on top—the syntactic sugar. No one
wants to be forced to do without the extra syntax—at least not for their
favorite pieces—but it is worth looking at how a language’s constructs can
be built from the core. That is just what Brett Cannon has been doing for
Python, on his blog and in talks,
including a talk at PyCon back in April (YouTube video).

Bugzilla Celebrates 25 Years With Special Announcements (Bugzilla blog)

Post Syndicated from jake original https://lwn.net/Articles/942937/

August 26 was the 25th anniversary of the release of the Bugzilla bug tracker as open-source software under the Mozilla Public License (MPL). A blog post for the occasion has some announcements, including several upcoming releases, help wanted, and a new legal entity to house the project:

Which now brings us to today, when I’m happy to announce the formation of Zarro Boogs Corporation, which will now be overseeing the Bugzilla Project. This is a taxable non-profit non-charitable corporation – we have filed with the IRS our intent to operate under US Tax Code §501(c)(4) (still pending approval from the IRS) meaning the IRS would require us to spend money raised on project expenses and not make a profit, but money donated to us will not earn you a tax deduction because we aren’t a charity (software development is not considered a charitable cause in the US). Unlike Thunderbird, which is a subsidiary of the Mozilla Foundation, we are an independent entity not owned by or associated with the Mozilla Foundation, although they have licensed the use of the Bugzilla trademark to us.

OpenTF Announces Fork of Terraform

Post Syndicated from jake original https://lwn.net/Articles/942770/

The OpenTF Foundation has announced that it is moving forward with its eponymous fork of HashiCorp Terraform, which was recently changed to a non-FOSS license by the company. The organization has applied to become part of the Linux Foundation, “with the end goal of having OpenTF as part of Cloud Native Computing Foundation“. There is a GitHub repository for its manifesto, but the code repository for OpenTF is private for now, with plans to open it up in the next week or two. Work has been going on for the last week and more developers are coming on board:

So far, four companies pledged the equivalent of 14 full-time engineers (FTEs) to the OpenTF initiative. We expect this number to at least double in the following few weeks. To give you some perspective, Terraform was effectively maintained by about 5 FTEs from HashiCorp in the last 2 years. If you don’t believe us, look at their repository.

Some of the people behind OpenTF are participating in a Hacker News thread, so more information can be found there as well.

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/942654/

Security updates have been issued by Debian (w3m), Fedora (libqb), Mageia (docker-containerd, kernel, kernel-linus, microcode, php, redis, and samba), Oracle (kernel, kernel-container, and openssh), Scientific Linux (subscription-manager), SUSE (ca-certificates-mozilla, erlang, gawk, gstreamer-plugins-base, indent, java-1_8_0-ibm, kernel, kernel-firmware, krb5, libcares2, nodejs14, nodejs16, openssl-1_1, openssl-3, poppler, postfix, redis, webkit2gtk3, and xen), and Ubuntu (php8.1).

[$] HashiCorp, Terraform, and OpenTF

Post Syndicated from jake original https://lwn.net/Articles/942346/

Over the years, there have been multiple examples of open-source software
that, suddenly, was no longer open source; on August 10, some further
examples were added to the pile. That happened when HashiCorp announced
that it would be switching the license on its products from the Mozilla Public
License 2.0
(MPL) to the Business Source License 1.1
(BSL or BUSL). At least one of the products affected by the change, the Terraform infrastructure-automation
tool, has attracted an effort to continue it as an open-source tool in the
form of a fork that would be maintained by the nascent OpenTF Foundation. That seems like a
sensible reaction to the move, but it also helps serve up yet another
reminder that code which is controlled by a single entity is normally
always at risk of such
adverse changes.

Security updates for Wednesday

Post Syndicated from jake original https://lwn.net/Articles/942514/

Security updates have been issued by Debian (mediawiki and qt4-x11), Fedora (java-17-openjdk, linux-firmware, and python-yfinance), Red Hat (kernel, kpatch-patch, and subscription-manager), SUSE (evolution, janino, kernel, nodejs16, nodejs18, postgresql15, qt6-base, and ucode-intel), and Ubuntu (inetutils).

LibreOffice 7.6 Community released

Post Syndicated from jake original https://lwn.net/Articles/942312/

The Document Foundation
has announced
the release of LibreOffice 7.6 Community
. It is the last release
using the existing numbering scheme as the office suite will move to date-based
release numbers starting with LibreOffice 24.2 in
February, 2024. Highlights of this release include support for
document themes, including import and export of them, a new navigation
panel for Impress and Draw, zoom-gesture support, font-handling
improvements, and lots more; the release
notes
have all the details.

LibreOffice 7.6 Community’s new features have been developed by 148
contributors: 61% of code commits are from the 52 developers employed by
three companies sitting in TDF’s Advisory Board – Collabora, Red Hat and
allotropia – or other organizations, 15% are from 7 developers at The
Document Foundation, and the remaining 24% are from 89 individual
volunteers.

Other 202 volunteers – representing hundreds of other people providing
translations – have committed localizations in 160 languages. LibreOffice
7.6 Community is released in 120 different language versions, more than any
other free or proprietary software, and as such can be used in the native
language (L1) by over 5.4 billion people worldwide. In addition, over 2.3
billion people speak one of those 120 languages as their second language
(L2).

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/942311/

Security updates have been issued by Debian (fastdds, flask, and kernel), Fedora (chromium, dotnet6.0, dotnet7.0, gerbv, java-1.8.0-openjdk, libreswan, procps-ng, and spectre-meltdown-checker), SUSE (chromium, kernel-firmware, krb5, opensuse-welcome, and python-mitmproxy), and Ubuntu (clamav, firefox, and vim).

Linux 6.5-rc7 released

Post Syndicated from jake original https://lwn.net/Articles/942248/

Linus Torvalds has released the 6.5-rc7 kernel
prepatch
, which looks to be the final release candidate before the likely
release of Linux 6.5 next Sunday. Torvalds released it a little earlier
than usual due to some travel; overall things look to be in good shape:

But apart from the timezone difference, everything looks entirely
normal. Drivers (GPU, networking and sound dominate – the usual
suspects, in other words) and architecture fixes. The latter are
mostly arm devicetree fixlets, but also some x86 cleanups and fallout
from the embargo last week.

Not a huge amount of patches, and I really get the feeling that a lot
of maintainers are on vacation. But I will be optimistic and also
blame it all being quiet on things working fairly well.

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/941935/

Security updates have been issued by Debian (open-vm-tools, openjdk-11, and openssh), Fedora (librsvg2, llhttp, opensc, and rust), Oracle (.NET 6.0, .NET 7.0, iperf3, microcode_ctl, postgresql:10, and python-requests), SUSE (openssl-1_0_0, perl-Cpanel-JSON-XS, postgresql12, and postgresql15), and Ubuntu (ceph, haproxy, heat, libpod, and postgresql-12, postgresql-14, postgresql-15).

[$] Kernel security reporting for distributions

Post Syndicated from jake original https://lwn.net/Articles/941745/

The call for topics for the Linux
Kernel
Maintainers Summit
went out on August 15; one proposed topic has
generated some interesting discussion about security-bug reporting for the
kernel.
A recent patch
to the kernel’s documentation about how to report security bugs recommends
avoiding posting to the linux-distros
mailing list
because its goals and rules do not mesh well with kernel
security practices. That led Jiri Kosina to suggest
a discussion on security reporting
, especially with regard to Linux
distributions.

[$] A per-interpreter GIL

Post Syndicated from jake original https://lwn.net/Articles/941090/

“Subinterpreters”, which are separate Python interpreters running in the
same process that can be
created using
the C API
, have been a part of Python since the previous century
(version 1.5 in 1997), but they are largely unknown and unused.
Eric Snow has been on something of a quest, since 2015 or so, to bring
better multicore processing to Python by
way of subinterpreters (or “multiple interpreters”). He has made it part
of the way there, with the
adoption of a separate global interpreter lock (GIL) for each
subinterpreter, which
was added for Python 3.12. Back in April, Snow gave a talk (YouTube video) at
PyCon about multiple interpreters, their status, and his plans for the
feature in
the future.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/941587/

Security updates have been issued by Debian (gst-plugins-ugly1.0, libreoffice, linux-5.10, netatalk, poppler, and sox), Fedora (chromium, ghostscript, java-1.8.0-openjdk-portable, java-11-openjdk, java-11-openjdk-portable, java-17-openjdk-portable, java-latest-openjdk-portable, kernel, linux-firmware, mingw-python-certifi, ntpsec, and php), Oracle (.NET 6.0, .NET 7.0, 15, 18, bind, bind9.16, buildah, cjose, curl, dbus, emacs, firefox, go-toolset and golang, go-toolset:ol8, grafana, iperf3, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, libcap, libeconf, libssh, libtiff, libxml2, linux-firmware, mod_auth_openidc:2.3, nodejs, nodejs:16, nodejs:18, open-vm-tools, openssh, postgresql:12, postgresql:13, python-requests, python27:2.7, python3, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, ruby:2.7, samba, sqlite, systemd, thunderbird, virt:ol and virt-devel:rhel, and webkit2gtk3), SUSE (docker, java-1_8_0-openj9, kernel, kernel-firmware, libyajl, nodejs14, openssl-1_0_0, poppler, and webkit2gtk3), and Ubuntu (golang-yaml.v2, intel-microcode, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop,
linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi,
linux-raspi-5.4, linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm,
linux-lowlatency, linux-oracle, linux-raspi, linux-oem-6.1, pygments, and pypdf2).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/941271/

Security updates have been issued by Debian (intel-microcode, kernel, and php-dompdf), Fedora (linux-firmware, OpenImageIO, and php), Oracle (aardvark-dns, kernel, linux-firmware, python-flask, and python-werkzeug), SUSE (container-suseconnect, go1.19, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, java-11-openjdk, kernel-firmware, kubernetes1.24, openssl-1_1, poppler, python-scipy, qatengine, ucode-intel, util-linux, and vim), and Ubuntu (dotnet6, dotnet7, php-dompdf, and velocity-tools).