Post Syndicated from jzb original https://lwn.net/Articles/996214/
Fedora Linux 41 has been
released. See the “what’s new” pages for Fedora
Workstation and Fedora
KDE, to learn more about the latest in those editions. There is
also a new Fedora
Miracle Window Manager Spin that offers the Miracle tiling window manager for
Wayland.
Post Syndicated from jzb original https://lwn.net/Articles/996108/
Debian Developer Russell Coker has written
up an analysis of the remote exploit of CUPS
announced in September:
He seems to have a different experience to me of reporting bugs, I
have had plenty of success getting bugs fixed without hyping them. I
just report the bug, wait a while, and it gets fixed. […] I
was quite confident that my systems wouldn’t be at any risk.When it was published my opinion was proven to be correct, it
turned out to be a series of CUPS bugs.
Post Syndicated from jzb original https://lwn.net/Articles/996104/
The Open Source Initiative
(OSI) has announced
the release of version
1.0 of the Open Source AI Definition:
The OSAID offers a standard by which community-led, open and public
evaluations will be conducted to validate whether or not an AI system
can be deemed Open Source AI. This first stable version of the OSAID
is the result of multiple years of research and collaboration, an
international roadshow of workshops, and a year-long co-design process
led by the Open Source Initiative (OSI).
LWN covered the
OSAID process, and final release candidate, on October 25.
Post Syndicated from jzb original https://lwn.net/Articles/995159/
The Open Source Initiative
(OSI) has been working on defining Open Source AI—that is what
constitutes an AI system that can be used, studied, modified, and
shared for any purpose—for almost two
years. Its board will
be voting on the Open Source AI Definition (OSAID) on Sunday,
October 27, with the 1.0 version slated to be published on
October 28. It is never possible to please everyone in
such an endeavor, and it would be folly to make that a goal. However,
a number of prominent figures in the open-source community have voiced
concerns that OSI is setting the bar too low with the OSAID—which
will undo decades of community work to cajole vendors into adhering to
or respecting the original Open Source
Definition (OSD).
Post Syndicated from jzb original https://lwn.net/Articles/995353/
Version
14.0 of the privacy-focused Tor browser has been released.
This is our first stable release based on Firefox
ESR 128, incorporating a year’s worth of changes shipped upstream
in Firefox. As part of this process we’ve also completed our annual
ESR transition audit, where we reviewed and addressed over 200 Bugzilla issues for changes in Firefox that
may negatively affect the privacy and security of Tor Browser
users. Our final reports from this audit are now available in the tor-browser-spec
repository on our Gitlab instance.
Post Syndicated from jzb original https://lwn.net/Articles/995337/
Jakub Kadlčík announced
on his blog that Fedora’s Copr build system will
be dropping support for building modules
(groups of RPM packages that are built, installed, and shipped
together) soon:
The Fedora Modularity project never really took off, and building
modules in Copr even less so. We’ve had only 14 builds in the last two
years. It’s not feasible to maintain the code for so few
users. Modularity has also been retired
since Fedora 39 and will die with RHEL 9.
Modularity features in Copr are now deprecated, and it will not be
possible to submit new module builds after April 2025. LWN covered some of the
problems with Fedora’s modularity initiative in 2019.
Post Syndicated from jzb original https://lwn.net/Articles/993665/
In July, at the GNOME annual general meeting (AGM),
held at GUADEC
2024,
the message from the GNOME Foundation board was that all was well,
financially speaking. Not great, but the foundation was on a
break-even budget and expected to go into its next fiscal year with a
similar budget and headcount. On October 7, however, the board announced
that it had had to make some cuts, including reducing its staff by
two people. This is not, however, strictly a GNOME problem: similar
organizations, such as the Python Software Foundation (PSF), KDE e.V.,
and the Free Software Foundation Europe (FSFE) are seeing declines in
fundraising while also being affected by inflation.
Post Syndicated from jzb original https://lwn.net/Articles/995293/
Security updates have been issued by Debian (dmitry, libheif, and python-sql), Fedora (suricata and wireshark), SUSE (cargo-c, libeverest, protobuf, and qemu), and Ubuntu (golang-1.22, libheif, unbound, and webkit2gtk).
Post Syndicated from jzb original https://lwn.net/Articles/995140/
The AlmaLinux project has introduced a new edition called “Kitten”,
which will serve as “the direct upstream for AlmaLinux OS and is
“. Not intended for production use, the
the primary point for the AlmaLinux community to engage and influence
the future of AlmaLinux OS
first release is based on CentOS Stream 10 source, which
will eventually be the basis for Red Hat Enterprise Linux (RHEL)
10:
Because we anticipated many changes in 10, we wanted to get a head
start on building AlmaLinux OS 10. Earlier this year we started
setting up infrastructure and the build pipeline for AlmaLinux OS 10,
and started testing using CentOS Stream 10’s code. Based on this
preparation work, we are excited to share that we have successfully
built a preview of AlmaLinux OS 10 that we are calling AlmaLinux OS
Kitten 10.
The first Kitten release previews a number of ways that AlmaLinux will
diverge from RHEL 10, including re-enabling frame pointers,
including Simple Protocol for Independent Computing Environments
(SPICE), and adding packages for Firefox and Thunderbird, which have
been dropped from CentOS Stream 10 in favor of Flatpak versions. New
installation images for Kitten will be built quarterly. See the release
notes for download links, installation instructions, and more
information.
Post Syndicated from jzb original https://lwn.net/Articles/994962/
Version 1.1.0 of the bootc utility for
performing transactional, in-place operating system updates using Open Container Initative (OCI)
images, has been released. This release “officially stabilizes all
” for bootc and includes a number of bug fixes. LWN covered bootc in June.
APIs
Post Syndicated from jzb original https://lwn.net/Articles/993787/
Sigstore is a
project that is meant to simplify and improve the process of signing,
verifying, and protecting software. It is a relatively new project, declared
“generally available” in 2022. Python is an early adopter of sigstore; it started providing
signatures for CPython artifacts with Python 3.11
in 2022. This is in addition to the OpenPGP signatures it has been
providing since at
least 2001. Now, Seth Michael Larson—the Python Software
Foundation (PSF) security
developer-in-residence—would like to deprecate the PGP
signature and move to sigstore exclusively by next year. If that
happens, it will involve some changes in the way that Linux
distributions verify Python releases, since none of the major
distributions have processes for working with sigstore.
Post Syndicated from jzb original https://lwn.net/Articles/993498/
Email has become somewhat unfashionable as a collaboration tool for
open-source projects, but there are still a number of projects—such as
PostgreSQL and the Linux kernel—that expect contributors to send and
review patches via email. The aerc
mail client is aimed at developers looking for a text-based, efficient, and
extensible client that is meant to be used for working with Git and
email. It uses Vim-style keybindings by default, and has an interface
inspired by tmux that
lets users manage multiple accounts, mails, and embedded terminals at once.
Post Syndicated from jzb original https://lwn.net/Articles/994436/
Security updates have been issued by AlmaLinux (buildah, containernetworking-plugins, and skopeo), Fedora (pdns-recursor and valkey), Mageia (unbound), Red Hat (fence-agents, firefox, java-11-openjdk, python-setuptools, python3-setuptools, resource-agents, and thunderbird), SUSE (etcd-for-k8s, libsonivox3, rubygem-puma, and unbound), and Ubuntu (apr, libarchive, linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, nano, and vim).
Post Syndicated from jzb original https://lwn.net/Articles/994320/
Version 4.0.0 of the LibreSSL TLS/cryptography stack
has been released. Changes include a cleanup of the MD4 and MD5
implementations, removal of unused DSA methods, changes in libtls
protocol parsing to ignore unsupported TLSv1.1 and TLSv1.0 protocols,
and many more internal changes and bug fixes.
Post Syndicated from jzb original https://lwn.net/Articles/994098/
Version
1.4 of the Inkscape
open-source vector-graphics editor has been released. Highlights of
this release include a filter gallery, import for Affinity Designer
files, internal links in exported PDFs, and more. See the release
notes for all of the new features. LWN previewed the 1.4 release
in early October.
Post Syndicated from jzb original https://lwn.net/Articles/993895/
It is too early to say what the outcome will be in the ongoing fight between Automattic and WP Engine, but the WordPress community at large is already the
loser. Automattic founder and CEO Matt Mullenweg has been using
his control of the project, and the WordPress.org infrastructure, to
punish WP Engine and remove some dissenting contributors from discussion
channels. Most recently, Mullenweg has instituted a hostile fork of a
WP Engine plugin and the forked plugin is replacing the original
via WordPress updates.
Post Syndicated from jzb original https://lwn.net/Articles/993660/
Version
24.10 of the Ubuntu distribution is out. This release includes GNOME 47, Linux 6.11,
security enhancements for managing Personal Package Archives (PPAs),
experimental security controls for Snap packages, and more.
Post Syndicated from jzb original https://lwn.net/Articles/993433/
Security updates have been issued by AlmaLinux (firefox, mod_jk, and thunderbird), Debian (apache2 and firefox-esr), Fedora (crosswords, logiops, p7zip, and perl-App-cpanminus), Red Hat (.NET 6.0, firefox, git, kernel, kernel-rt, openssl, and thunderbird), SUSE (buildah, json-lib, kernel, Mesa, mozjs78, pgadmin4, podman, podofo, qatlib, redis7, roundcubemail, rusty_v8, and seamonkey), and Ubuntu (dotnet6, dotnet8, nginx, and ruby-webrick).
Post Syndicated from jzb original https://lwn.net/Articles/993073/
In the early days of open source, it was a struggle to get companies
to accept the concept and trust its development model.
Now, companies have few qualms about using it, but do tend to take open source and
those who maintain it for granted. The struggle now is to find ways
to compensate producers of the software, sustain the open‑source
commons, and avoid burning out maintainers. The Open Source Pledge project is
an effort to persuade companies to pay maintainers by making it a social
norm. On October 8, the project is launching a marketing campaign to raise
awareness and try to get a larger conversation started around paying
maintainers.
Post Syndicated from jzb original https://lwn.net/Articles/993203/
OpenBSD 7.6 has been released. Notable new
features include work to improve suspend/resume on modern hardware,
support for the arm64 Qualcomm Snapdragon X Elite laptops, as well as many
improvements in hardware support and driver bug fixes.
With this release all files that existed in the first commit
in the OpenBSD source repository have been updated,
modified or replaced at some point in time, reaching OpenBSD of Theseus.
See the changelog
for all changes between OpenBSD 7.5 and 7.6.