Post Syndicated from jzb original https://lwn.net/Articles/1033657/

NGINX has announced
the preview release of the nginx-acme
module, which adds native support to NGINX for the Automatic
Certificate Management Environment (ACME) protocol:

NGINX’s native support for ACME brings a variety of benefits that
simplify and enhance the overall SSL/TLS certificate management
process. Being able to configure ACME directly using NGINX directives
drastically reduces manual errors and eliminates much of the ongoing
overhead traditionally associated with managing SSL/TLS
certificates. It also reduces reliance on external tools like Certbot,
creating a more secure and streamlined workflow with fewer
vulnerabilities and a smaller attack surface.

Post Syndicated from jzb original https://lwn.net/Articles/1033646/

Version 1.25 of Go has
been released. Notable changes include support for generating debug
information in the DWARF 5 format,
“container awareness”
when setting the maximum number of CPUs to be used, and a new testing/synctest
package with support for testing concurrent code. See the release notes for a comprehensive
list of changes in 1.25.

Post Syndicated from jzb original https://lwn.net/Articles/1033634/

Version
2.0 of Syncthing, a
continuous file synchronization utility, has been released. Notable
changes in 2.0 include multiple connections for synchronizing metadata
and file data, a new logging format, as well as a switch from LevelDB
to SQLite for Syncthing’s backend. This the first release in the 2.0
series, and the release notes advise users to “expect some rough
edges and keep a sense of adventure“.

Post Syndicated from jzb original https://lwn.net/Articles/1033588/

Security updates have been issued by Debian (apache2, kernel, linux-6.1, openjdk-17, and pgpool2), Fedora (glib2, matrix-synapse, openjpeg, python3-docs, and python3.13), Oracle (gdk-pixbuf2, glibc, java-1.8.0-openjdk, kernel, libxml2, python-requests, python3.11-setuptools, and thunderbird), SUSE (amber-cli, apache-commons-lang3, eclipse-jgit, go1.23, go1.24, govulncheck-vulndb, grub2, icinga2, kubernetes1.23, libgcrypt, python3, python313, sccache, slurm, tiff, and webkit2gtk3), and Ubuntu (linux-oracle).

Post Syndicated from jzb original https://lwn.net/Articles/1032604/

The Arch Linux project is
especially well-known in the Linux community for two things: its
rolling-release model and the quality of the documentation in the ArchWiki. No
matter which Linux distribution one uses, the odds are that eventually
the ArchWiki’s documentation will prove useful. The Debian project
recognized this and has sought to improve its own documentation game
by inviting ArchWiki maintainers Jakub Klinkovský and Vladimir
Lavallade to DebConf25 in
Brest, France, to speak about how Arch manages its wiki. The talk has
already borne fruit with the launch of an effort to revamp the Debian
wiki.

Post Syndicated from jzb original https://lwn.net/Articles/1033414/

Debian’s GNU/Hurd
team has announced
the release of Debian GNU/Hurd 2025:

This is a snapshot of Debian “sid” at the time of the stable Debian
“Trixie” release (August 2025), so it is mostly based on the same
sources. It is not an official Debian release, but it is an official
Debian GNU/Hurd port release. […]

Debian GNU/Hurd is currently available for the i386 and amd64
architectures with about 72% of the Debian archive, and more to
come!

See the FAQ and configuration
guide for more on the GNU/Hurd port.

Post Syndicated from jzb original https://lwn.net/Articles/1033134/

The Debian Project has released its latest stable version, Debian 13
(“trixie”), which will be supported through 2030. This release
includes GNOME 48, KDE Plasma 6.3, Xfce 4.20,
Linux 6.12, GCC 14.2, Python 3.13, and
systemd 257.

This release contains over 14,100 new packages for a total count of
69,830 packages, while over 8,840 packages have been removed as
“obsolete”. 44,326 packages were updated in this release. The overall
disk usage for “trixie” is 403,854,660 kB (403 GB), and is made up of
1,463,291,186 lines of code. […]

With this broad selection of packages and its traditional wide
architecture support, Debian once again stays true to its goal of
being “The Universal Operating System“. It is suitable for many
different use cases: from desktop systems to netbooks; from
development servers to cluster systems; and for database, web, and
storage servers. At the same time, additional quality assurance
efforts like automatic installation and upgrade tests for all packages
in Debian’s archive ensure that “trixie” fulfills the high
expectations that users have of a stable Debian release.

Trixie adds riscv64 as an officially supported architecture, and
drops i386 as a regular architecture. Users with i386 systems should
not upgrade to trixie; the project recommends reinstalling them as
amd64, or retiring the hardware. See the release
notes and issues
to be aware of before installing or upgrading to trixie.

Post Syndicated from jzb original https://lwn.net/Articles/1032753/

The AlmaLinux project has announced
the availability of packages to enable native NVIDIA driver support,
including CUDA and Secure Boot, for AlmaLinux 9 and 10.

When AlmaLinux started just 5 years ago, this wouldn’t have been
possible. With NVIDIA’s open source version of their graphics drivers
things have changed. This open source version is slowly becoming the
flagship driver, with new products being added exclusively to it. With
the help of some incredible people in the open source ecosystem and
the AlmaLinux community, we were able to do something that has yet to
be done in the EL ecosystem – ship Secure Boot signed, open source,
NVIDIA kernel modules.

Full documentation is available
on the AlmaLinux wiki.

Post Syndicated from jzb original https://lwn.net/Articles/1032026/

There is a great deal of misunderstanding, and some misinformation, about the
Trusted
Platform Module (TPM); to combat this, Debian developer Jonathan
McDowell would like to clear the air and help users understand what it
is good for, as well as what it’s not. At DebConf25 in Brest, France,
he delivered a
talk about TPMs that explained what they are, why people might be
interested in using them, and how users might do so on a Debian
system.

Post Syndicated from jzb original https://lwn.net/Articles/1032736/

Version
0.10.0 of the Tuba
fediverse client has been released. Notable changes in this release
include a new post composer, an in-app web browser, search history,
and many other refinements. See this thread for
more details and highlights.

Post Syndicated from jzb original https://lwn.net/Articles/1032700/

Security updates have been issued by AlmaLinux (kernel and python3.12-setuptools), Fedora (perl-Crypt-CBC and unbound), Gentoo (FontForge, GPL Ghostscript, Mozilla Network Security Service (NSS), and PAM), Oracle (gdk-pixbuf2, jq, kernel, mod_security, ncurses, python-requests, and python3-setuptools), Red Hat (python-requests and socat), SUSE (docker, kernel-livepatch-MICRO-6-0-RT_Update_2, kernel-livepatch-MICRO-6-0-RT_Update_4, kernel-livepatch-MICRO-6-0-RT_Update_5, kernel-livepatch-MICRO-6-0-RT_Update_6, kernel-livepatch-MICRO-6-0-RT_Update_7, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, kernel-livepatch-MICRO-6-0_Update_5, kernel-livepatch-MICRO-6-0_Update_6, kubeshark-cli, libgcrypt, pam-config, perl, python-requests, python311, and python313), and Ubuntu (linux-raspi).

Post Syndicated from jzb original https://lwn.net/Articles/1032622/

Proxmox Virtual Environment 9.0, based on Debian 13
(“trixie”), has been released. Notable
new features include snapshots for thick-provisioned LVM shared
storage, affinity rules for high availability (HA) clusters, and a
modernized mobile web interface for managing Proxmox systems. See the
release
notes and known
issues for more details about the release.

Post Syndicated from jzb original https://lwn.net/Articles/1031750/

A pair of packages containing fortune “cookies” that were
deemed offensive have been removed from the upcoming Debian 13
(“trixie”) release. This has, of course, led to a lengthy discussion
and debate about what does, or does not, belong in the
distribution. It may also lead to a general resolution (GR) to decide
whether Debian’s code
of conduct (CoC) applies to the contents of packages.

Post Syndicated from jzb original https://lwn.net/Articles/1032193/

Linuxiac reports
that another malicious package has been uploaded to the Arch User
Repository (AUR). This time around the package was
google-chrome-stable, which installed a remote-access trojan
along with Google Chrome.

The good news—if you can call it that—is that the google-chrome-stable
package was available on the AUR only for a few hours before the
malware hidden inside was discovered. Still, it did get a few upvotes,
which suggests at least some users ended up installing it.

The Arch Linux project had to warn users about a similar attack
less than a month
ago when a user uploaded three browser packages that also
installed a malicious script identified as a remote-access trojan.

Post Syndicated from jzb original https://lwn.net/Articles/1031943/

GitHub director of developer policy, Felix Reda, has published
a blog post about a GitHub-commissioned study by Open Forum Europe, Fraunhofer ISI and
the European University
Institute. The study finds, not surprisingly, “a profound
mismatch between the importance of open source maintenance and the
public attention it receives“; it calls for a European sovereign
tech fund (STF) modeled after Germany’s Sovereign Tech Agency.

The study proposes two alternative institutional setups for the
EU-STF: either the creation of a centralized EU institution (the
moonshot model), or a consortium of EU member states that provide the
initial funding and apply for additional resources from the EU budget
(the pragmatic model). In both cases, to make the fund a success, the
minimum contribution from the upcoming EU multiannual budget should be
no less than €350 million. This would not be enough to meet the open
source maintenance need, but it could form the basis for leveraging
industry and national government co-financing that would make a
lasting impact.

The European Union is currently starting negotiations for its
2028-2034 budget, the Multiannual
Financial Framework; GitHub and others hope to persuade EU legislators to
include a European STF in that framework.

Post Syndicated from jzb original https://lwn.net/Articles/1031919/

Security updates have been issued by AlmaLinux (firefox, icu, kernel-rt, libtpms, redis:6, redis:7, and sqlite), Fedora (chromium and cloud-init), Oracle (icu, java-1.8.0-openjdk, java-21-openjdk, kernel, nodejs:22, perl, and sqlite), SUSE (docker, java-1_8_0-openj9, libxml2, python-starlette, and thunderbird), and Ubuntu (cloud-init, linux-azure, linux-azure-5.4, linux-azure-fips, linux-raspi,
linux-raspi-5.4, and perl).

Post Syndicated from jzb original https://lwn.net/Articles/1031836/

The HeliumOS project has announced
the release of HeliumOS 10. It is relatively new image-based (“atomic”)
desktop distribution based on packages from CentOS Stream and
AlmaLinux, with a goal of providing 10 years of
support. HeliumOS 10 uses the KDE Plasma Desktop, Zsh as its
default shell, and Btrfs as its default filesystem.

Post Syndicated from jzb original https://lwn.net/Articles/1031701/

Till Kamppeter, co-founder and lead of the OpenPrinting project, has
put out a call for sponsors after being laid off by Canonical:

I want to continue doing OpenPrinting for a living, and need a way to
do so. I am currently working with the Linux Foundation to make
OpenPrinting an [organization] which can receive sponsor funding. So now
I am looking for sponsors.

Even greater would be, if independent of this somebody could hire
me to continue OpenPrinting…

Post Syndicated from jzb original https://lwn.net/Articles/1031066/

Fedora’s quality
team is looking to reduce the scope of test coverage and change
the project’s release criteria to drop some features from the list of
release blockers. This is, in part, an exercise in getting rid of
criteria, such as booting from optical media, that are less relevant.
It is also a necessity, since the Red Hat team focusing on Fedora
quality assurance (QA) is only half the size it was a year ago.

Post Syndicated from jzb original https://lwn.net/Articles/1031287/

Version
0.1 of the Wayback
project has been released:

Wayback is an X11 compatibility layer that allows for running full
X11-only desktop environments using Wayland. It is essentially an X11
server backed by Wayland, leveraging wlroots and Xwayland. Our goal is
for Wayback to eventually be a completely drop-in replacement to the
Xorg binary, thus reducing maintenance burden for distro
maintainers.

Ever since Wayback was announced on June 28, we have been making lots
of progress to get it as stable and functional as possible, and while
this is a preview release it is already daily-driveable by users with
simple requirements, as long as they don’t mind bugs.

The release is considered alpha-quality and is missing a number of
features, including multi-monitor
support and DPMS,
but adventurous users can find the code here.