Post Syndicated from jzb original https://lwn.net/Articles/1057509/
The Linux From
Scratch (LFS) project provides step-by-step instructions on
building a customized Linux system entirely from source. Historically,
the project has provided separate System V and systemd editions,
which gave users a choice of init systems. Bruce Dubbs has announced
the project will no longer produce the System V version:
There are two reasons for this decision. The first reason is
workload. No one working on LFS is paid. We rely completely on
volunteers. In LFS there are 88 packages. In BLFS there are over
1000. The volume of changes from upstream is overwhelming the
editors. In this release cycle that started on the 1st of September
until now, there have been 70 commits to LFS and 1155 commits to BLFS
(and counting). When making package updates, many packages need to be
checked for both System V and systemd. When preparing for release, all
packages need to be checked for each init system.The second reason for dropping System V is that packages like GNOME
and soon KDE’s Plasma are building in requirements that require
capabilities in systemd that are not in System V. This could
potentially be worked around with another init system like OpenRC, but
beyond the transition process it still does not address the ongoing
workload problem.[…] As a personal note, I do not like this decision. To me LFS is
about learning how a system works. Understanding the boot process is a
big part of that. systemd is about 1678 “C” files plus many data
files. System V is “22” C files plus about 50 short bash scripts and
data files. Yes, systemd provides a lot of capabilities, but we will
be losing some things I consider important.
The next version, 13.0, is expected in March and will only focus on
systemd.
Post Syndicated from jzb original https://lwn.net/Articles/1057506/
Security updates have been issued by AlmaLinux (freerdp, kernel, python3, and python3.12-wheel), Debian (alsa-lib, chromium, openjdk-25, phpunit, tomcat10, tomcat11, and tomcat9), Fedora (openqa, pgadmin4, phpunit10, phpunit11, phpunit12, phpunit8, phpunit9, and yarnpkg), Mageia (python-django), SUSE (alloy, cups, dpdk, expat, glib2, java-1_8_0-ibm, java-1_8_0-openj9, java-25-openjdk, kernel, libpainter0, libsoup, libxml2, openssl-3, python-filelock, python-wheel, python312-Django6, thunderbird, traefik2, udisks2, wireshark, and xen), and Ubuntu (glib2.0, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, python3.14, python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4, and tracker-miners).
Post Syndicated from jzb original https://lwn.net/Articles/1056417/
Inside this week’s LWN.net Weekly Edition:
Post Syndicated from jzb original https://lwn.net/Articles/1054751/
Creating an ebook in EPUB format is easy,
for certain values of “easy”. All one really needs
is a text editor, a few command-line utilities; also needed is a working
knowledge of XHTML, CSS, along with an understanding of the format’s
structure and required boilerplate. Creating
a well-formatted and attractive ebook is a bit harder. However, it can be
made easier with an application custom-made for the purpose. Sigil is an EPUB editor that
provides the tooling authors and publishers may be looking for.
Post Syndicated from jzb original https://lwn.net/Articles/1056384/
We have received the sad news that Didier Spaier, maintainer of the
blind-friendly Slackware-based Slint distribution, has recently passed
away. Philippe Delavalade, who posted the announcement to the
Slint mailing list, said:
Early 2015, I asked on the slackware list if brltty could be added
in the installer; Didier answered promptly that he could do it on
slint. Afterwards, he worked hard so that slint became as accessible
as possible for visually impaired people.You all know that all these years, he tried and succeeded to answer
as quickly as possible to our issues and questions.He will be irreplaceable.
Post Syndicated from jzb original https://lwn.net/Articles/1056376/
The Open Source Initiative (OSI) has announced
that it will not be holding the 2026 spring board election. Instead,
it will be creating a working group to “review and improve OSI’s
” and provide recommendations by
board member selection process
September 2026:
The public election process was designed to gather community
priorities and improve board member selection, while final
appointments remained with the board.Over time, that nuance has become a source of understandable
confusion for community members. Many reasonably expected elections to
function as elections normally do, and in fact, the board has
generally adopted the electorate’s recommendations. When a process
feels unclear, trust suffers. When trust suffers, engagement becomes
harder. This is especially problematic for an organization whose
mission depends on legitimacy and credibility. […]OSI tried its experiment for the right reasons, but a variety of
factors resulted in “elections” that are performatively democratic
while being gameable and representative of only a small group, and
we’ve learned from the results. Now we are making space to align our
director selection process with our bylaws, to rebuild trust, and to
develop better, more durable and truly representative participation in
which the global stakeholder community can be heard.
LWN covered the
previous OSI election in March 2025.
Post Syndicated from jzb original https://lwn.net/Articles/1055539/
Creating fair governance models for open-source projects is not
easy; defining criteria for participants to receive membership and
voting rights is a particularly thorny problem for projects that have
elections for representative bodies. The Fedora
Council, the project’s top-level governance body, is wrestling
with that conundrum now. This was triggered by a Fedora special-interest
group (SIG) granting temporary membership to at least one person for the
sole purpose of allowing them to vote in the most recent Fedora
Engineering Steering Council (FESCo) election. That opened a large can
of worms about what it means to be a contributor and how contributors
can be identified for voting purposes.
Post Syndicated from jzb original https://lwn.net/Articles/1056330/
Security updates have been issued by AlmaLinux (java-1.8.0-openjdk), Debian (openssl), Fedora (assimp, chromium, curl, freerdp, gimp, and harfbuzz), Mageia (glibc, haproxy, iperf, and python-pyasn1), Red Hat (image-builder, openssl, and osbuild-composer), Slackware (mozilla), SUSE (avahi, cups, gio-branding-upstream, google-osconfig-agent, java-11-openjdk, java-17-openjdk, java-21-openjdk, kernel-firmware, libmatio-devel, libopenjp2-7, nodejs22, php8, python-python-multipart, python311-urllib3_1, qemu, and xen), and Ubuntu (ffmpeg, jaraco.context, openssl, and openssl, openssl1.0).
Post Syndicated from jzb original https://lwn.net/Articles/1056159/
The Xfce team has announced that
it will be providing funding to Brian Tarricone to work on xfwl4,
a Wayland compositor for Xfce:
Xfwl4 will not be based on the existing xfwm4 code. Instead, it
will be written from scratch in rust, using smithay building
blocks.The first attempt at creating an Xfce Wayland compositor involved
modifying the existing xfwm4 code to support both X11 and Wayland in
parallel. However, this approach turned out to be the wrong path
forward for several reasons:
- Xfwm4 is architected in a way that makes it very difficult to put the window management behavior behind generic interfaces that don’t include X11 specifics.
- Refactoring Xfwm4 is risky, since it might introduce new bugs to X11. Having two parallel code bases will allow for rapid development and experimentation with the Wayland compositor, with zero risk to break xfwm4.
- Some X11 window management concepts just aren’t available or supported by Wayland protocols at this time, and dealing with those differences can be difficult in an X11-first code base.
- Using the existing codebase would require us to use C and
wlroots, even if a better alternative is available.
Work has already commenced on the project, and the project hopes to
share a development release in mid-2026.
Post Syndicated from jzb original https://lwn.net/Articles/1056158/
Security updates have been issued by AlmaLinux (kernel, kernel-rt, python-urllib3, python3.11-urllib3, and python3.12-urllib3), Debian (imagemagick, openjdk-11, openjdk-17, and openjdk-21), Fedora (bind, bind-dyndb-ldap, chromium, ghostscript, glibc, mingw-glib2, mingw-harfbuzz, mingw-libsoup, mingw-openexr, and qownnotes), Mageia (kernel-linus), Red Hat (osbuild-composer), SUSE (go1.24-openssl, go1.25-openssl, govulncheck-vulndb, kernel, nodejs22, openCryptoki, openvswitch3, python-pyasn1, python311, and qemu), and Ubuntu (git-lfs, node-form-data, and screen).
Post Syndicated from jzb original https://lwn.net/Articles/1055053/
The GNU Privacy Guard (GPG)
project decided to break from the OpenPGP standard for email
encryption in 2023, and instead adopted its own homegrown LibrePGP specification. The GPG 2.4
branch, the last one to adhere to OpenPGP, will be reaching the end of
life in mid-2026. The Fedora project is currently having a discussion
about how that affects the distribution, its users, and what to offer
once 2.4 is no longer receiving updates.
Post Syndicated from jzb original https://lwn.net/Articles/1055996/
Curl creator Daniel Stenberg has written a blog
post explaining why the project is ending its bug-bounty
program, which started in April 2019:
The never-ending slop submissions take a serious mental toll to
manage and sometimes also a long time to debunk. Time and energy that
is completely wasted while also hampering our will to live.I have also started to get the feeling that a lot of the security
reporters submit reports with a bad faith attitude. These “helpers”
try too hard to twist whatever they find into something horribly bad
and a critical vulnerability, but they rarely actively contribute to
actually improve curl. They can go to extreme efforts to argue and
insist on their specific current finding, but not to write a fix or
work with the team on improving curl long-term etc. I don’t think we
need more of that.There are these three bad trends combined that makes us take this
step: the mind-numbing AI slop, humans doing worse than ever and the
apparent will to poke holes rather than to help.
Stenberg writes that he still expects “the best and our most
” to continue informing the project when
valued security reporters
security vulnerabilities are discovered. The program will officially
end on January 31, 2026.
Post Syndicated from jzb original https://lwn.net/Articles/1055958/
Security updates have been issued by AlmaLinux (gimp, glib2, go-toolset:rhel8, golang, java-17-openjdk, java-21-openjdk, kernel, net-snmp, pcs, and thunderbird), Debian (apache2, imagemagick, incus, inetutils, libuev, openjdk-17, php7.4, python3.9, shapelib, taglib, and zvbi), Fedora (mingw-glib2, mingw-harfbuzz, mingw-libsoup, mingw-openexr, pgadmin4, python3.11, python3.12, python3.9, and wireshark), Gentoo (Asterisk, Commons-BeanUtils, GIMP, inetutils, and Vim, gVim), Mageia (kernel), Oracle (glib2, java-17-openjdk, java-21-openjdk, and libpng), Red Hat (java-17-openjdk, java-21-openjdk, kernel, and kernel-rt), SUSE (azure-cli-core, bind, buildah, chromium, coredns, glib2, harfbuzz, kernel, kernel-firmware, libheif, libvirt, openCryptoki, openvswitch, podman, python, python-urllib3, rabbitmq-server, and vlang), and Ubuntu (cjson).
Post Syndicated from jzb original https://lwn.net/Articles/1055675/
Version
1.5.0 of the GNU Guix package manager and the Guix System have
been released. Notable improvements include the ability to run the
Guix daemon without root privileges, support for 64-bit RISC-V, and
experimental support for the GNU Hurd kernel.
The release comes with ISO-9660 installation images, virtual
machine images, and with tarballs to install the package manager on
top of your GNU/Linux distro, either from source or from
binaries—check out the download page. Guix users can update by running
guix pull.It’s been 3 years since the previous release. That’s a lot of time,
reflecting both the fact that, as a rolling release, users
continuously get new features and update by running guix pull; but it
also shows a lack of processes, something that we had to address
before another release could be made.During that time, Guix received about 71,338 commits by 744 people,
which include many new features.
LWN last looked at Guix in
February 2024.
Post Syndicated from jzb original https://lwn.net/Articles/1055672/
Greg Kroah-Hartman has released the 6.18.7 and 6.12.67 stable kernels. As always, each
contains important fixes throughout the tree. Users are advised to
upgrade.
Post Syndicated from jzb original https://lwn.net/Articles/1055671/
Security updates have been issued by AlmaLinux (kernel), Debian (bind9, chromium, osslsigncode, and python-urllib3), Fedora (freerdp, ghostscript, hcloud, rclone, rust-rkyv0.7, rust-rkyv_derive0.7, and vsftpd), Mageia (avahi and harfbuzz), SUSE (alloy, avahi, busybox, cargo-c, corepack22, corepack24, curl, docker, dpdk, exiv2-0_26, ffmpeg-4, firefox, glib2, go1.24, go1.25, gpg2, haproxy, kernel, kernel-firmware, keylime, libpng16, librsvg, libsodium, libsoup, libsoup2, libtasn1, log4j, net-snmp, open-vm-tools, openldap2_5, ovmf, pgadmin4, php7, podman, python-filelock, python-marshmallow, python-pyasn1, python-tornado, python-urllib3, python-virtualenv, python3, python311-pyasn1, python311-weasyprint, rust1.91, rust1.92, util-linux, webkit2gtk3, and wireshark), and Ubuntu (libxml2 and pyasn1).
Post Syndicated from jzb original https://lwn.net/Articles/1055485/
ReactOS, an open-source project
to develop an operating system that is compatible with Microsoft
Windows NT applications and drivers, is celebrating 30
years since the first commit to its source tree. In that time
there have been more than 88,000 commits from 301 contributors, for a
total of 14,929,578 lines of code. There is, of course, much left to
do.
It’s been such a long journey that many of our contributors today,
including myself, were not alive during this event. Yet our mission to
deliver “your favorite Windows apps and drivers in an open-source
environment you can trust” continues to bring people together. […]We’re continuing to move ReactOS forward. Behind the scenes there are
several out-of-tree projects in development. Some of these exciting
projects include a new build environment for developers (RosBE), a new
NTFS driver, a new ATA driver, multi-processor (SMP) support, support
for class 3 UEFI systems, kernel and usermode address space layout
randomization (ASLR), and support for modern GPU drivers built on
WDDM.
Post Syndicated from jzb original https://lwn.net/Articles/1055484/
Security updates have been issued by AlmaLinux (gpsd), Debian (inetutils and modsecurity-crs), Fedora (cpp-httplib, curl, mariadb11.8, mingw-libtasn1, mingw-libxslt, mingw-python3, rclone, and rpki-client), Oracle (gimp, glib2, go-toolset:rhel8, golang, kernel, mariadb-devel:10.3, and thunderbird), Red Hat (buildah, go-toolset:rhel8, golang, grafana, kernel, kernel-rt, multiple packages, openssl, osbuild-composer, podman, and skopeo), Slackware (bind), SUSE (ffmpeg-4, libsodium, libvirt, net-snmp, open-vm-tools, ovmf, postgresql17, postgresql18, python-FontTools, python-weasyprint, and webkit2gtk3), and Ubuntu (glib2.0 and opencc).
Post Syndicated from jzb original https://lwn.net/Articles/1055327/
Version
3.0.0 of the pandas data
analysis and manipulation library for Python has been
released. Notable changes include a dedicated
string type (str), new “copy-on-write” behavior, and much more. This release also removes
a number of features that were deprecated in prior versions of pandas;
developers are advised to upgrade to pandas 2.3 and ensure code is
working without warnings before moving to 3.0. See the release
notes for the full changelog.