|
Tue, 22 Oct 2024 19:20:45 +0000 |
|
The Image-Based Linux Summit has by now established itself as a yearly event.
Following on from last year's edition,
the third edition was held in Berlin on September 24, the
day before
All Systems Go! 2024 (ASG). The purpose of this event is to gather
stakeholders from various engineering groups and hold friendly but lively
discussions around the topic of image-based Linux — that is, Linux distributions
based around immutable images, instead of mutable root filesystems.
|
|
Tue, 22 Oct 2024 15:56:18 +0000 |
|
The AlmaLinux project has introduced a new edition called "Kitten",
which will serve as "the direct upstream for AlmaLinux OS and is
the primary point for the AlmaLinux community to engage and influence
the future of AlmaLinux OS ". Not intended for production use, the
first release is based on CentOS Stream 10 source, which
will eventually be the basis for Red Hat Enterprise Linux (RHEL)
10:
Because we anticipated many changes in 10, we wanted to get a head
start on building AlmaLinux OS 10. Earlier this year we started
setting up infrastructure and the build pipeline for AlmaLinux OS 10,
and started testing using CentOS Stream 10's code. Based on this
preparation work, we are excited to share that we have successfully
built a preview of AlmaLinux OS 10 that we are calling AlmaLinux OS
Kitten 10.
The first Kitten release previews a number of ways that AlmaLinux will
diverge from RHEL 10, including re-enabling frame pointers,
including Simple Protocol for Independent Computing Environments
(SPICE), and adding packages for Firefox and Thunderbird, which have
been dropped from CentOS Stream 10 in favor of Flatpak versions. New
installation images for Kitten will be built quarterly. See the release
notes for download links, installation instructions, and more
information.
|
|
Tue, 22 Oct 2024 14:52:01 +0000 |
|
|
|
Tue, 22 Oct 2024 13:59:16 +0000 |
|
Version 3.4.0 of the OpenSSL SSL/TLS library has been released. It adds a
number of new encryption algorithms, support for "directly fetched
composite signature algorithms such as RSA-SHA2-256 ", and more. See the
release notes for details.
|
|
Tue, 22 Oct 2024 13:36:58 +0000 |
|
Security updates have been issued by Debian (ffmpeg, ghostscript, libsepol, openjdk-11, openjdk-17, perl, and python-sql), Oracle (389-ds-base, buildah, containernetworking-plugins, edk2, httpd, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, kernel, python-setuptools, skopeo, and webkit2gtk3), Red Hat (buildah), Slackware (openssl), SUSE (apache2, firefox, libopenssl-3-devel, podman, and python310-starlette), and Ubuntu (cups-browsed, firefox, libgsf, and linux-gke).
|
|
Mon, 21 Oct 2024 18:20:33 +0000 |
|
Sasha Levin has announced a
new tree that is intended to perform continuous-integration tests of pull
requests aimed at the mainline. The plan is for this tree to hold more
finished work than sometimes ends up in linux-next; in a name that seems
destined to create typographical confusion, it is called "linus-next".
The linus-next tree aims to provide a more stable and testable
integration point compared to linux-next, addressing the runtime
issues that make testing linux-next challenging and focusing on
code that's about to be pulled by Linus.
|
|
Mon, 21 Oct 2024 16:47:54 +0000 |
|
Version 1.1.0 of the bootc utility for
performing transactional, in-place operating system updates using Open Container Initative (OCI)
images, has been released. This release "officially stabilizes all
APIs " for bootc and includes a number of bug fixes. LWN covered bootc in June.
|
|
Mon, 21 Oct 2024 15:08:53 +0000 |
|
Sigstore is a
project that is meant to simplify and improve the process of signing,
verifying, and protecting software. It is a relatively new project, declared
"generally available" in 2022. Python is an early adopter of sigstore; it started providing
signatures for CPython artifacts with Python 3.11
in 2022. This is in addition to the OpenPGP signatures it has been
providing since at
least 2001. Now, Seth Michael Larson—the Python Software
Foundation (PSF) security
developer-in-residence—would like to deprecate the PGP
signature and move to sigstore exclusively by next year. If that
happens, it will involve some changes in the way that Linux
distributions verify Python releases, since none of the major
distributions have processes for working with sigstore.
|
|
Mon, 21 Oct 2024 14:16:43 +0000 |
|
Security updates have been issued by Debian (asterisk, chromium, php-horde-mime-viewer, and php-horde-turba), Fedora (apache-commons-io, buildah, chromium, containers-common, libarchive, libdigidocpp, oath-toolkit, podman, rust-hyper-rustls, rust-reqwest, rust-rustls-native-certs, rust-rustls-native-certs0.7, rust-tonic, rust-tonic-build, rust-tonic-types, rust-tower, rust-tower-http, rust-tower-http0.5, rust-tower0.4, thunderbird, and unbound), SUSE (buildah, chromedriver, chromium, element-desktop, element-web, jetty-annotations, nodejs-electron, php7, php74, php8, podman, python3-virtualbox, qemu, thunderbird, and valkey), and Ubuntu (amd64-microcode).
|
|
Mon, 21 Oct 2024 13:40:34 +0000 |
|
The
Guix project has
disclosed a security vulnerability in the build daemon that the distribution uses to build and install software locally. The vulnerability allows an existing unprivileged user to get access to a
setuid binary, and from there potentially interfere with any other software built or installed on the computer. The project recommends upgrading the guix daemon now, to avoid the issue.
This exploit requires the ability to start a derivation build and the
ability to run arbitrary code with access to the store in the root PID
namespace on the machine the build occurs on. As such, this represents
an increased risk primarily to multi-user systems and systems using
dedicated privilege-separation users for various daemons: without
special sandboxing measures, any process of theirs can take advantage
of this vulnerability.
|
|
Sun, 20 Oct 2024 22:48:07 +0000 |
|
Linus has released 6.12-rc4 for testing.
"I'm not happy with how big this is - it's probably far from the biggest
rc4 ever, but it _is_ the biggest rc4 we've had in the 6.x series at least
in number of commits. "
|
|
Fri, 18 Oct 2024 14:25:27 +0000 |
|
The kernel's CPU scheduler currently offers several preemption modes that
implement a range of tradeoffs between system throughput and response time.
Back in September 2023, a discussion
on scheduling led to the concept of "lazy preemption", which could
simplify scheduling in the kernel while providing better results. Things
went quiet for a while, but lazy preemption has returned in the form of this patch series
from Peter Zijlstra. While the concept appears to work well, there is
still a fair amount of work to be done.
|
|
Fri, 18 Oct 2024 13:25:32 +0000 |
|
Security updates have been issued by AlmaLinux (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, and webkit2gtk3), Debian (apache2), Red Hat (expat), SUSE (cups-filters, jetty-minimal, OpenIPMI, and python-starlette), and Ubuntu (linux-azure, linux-azure, linux-azure-5.15, linux-azure, linux-azure-5.4, and oath-toolkit).
|
|
Thu, 17 Oct 2024 18:42:43 +0000 |
|
Version
1.82.0 of the Rust language has been released. There are a lot of new
features this time, including a cargo info command, tier-1 support
for 64-bit Apple Arm systems, a new native syntax (&raw) to create
raw pointers, changes to unsafe extern, unsafe attributes,
standardized rules around the handling of floating-point not-a-number
values, and more.
|
|
Thu, 17 Oct 2024 15:34:35 +0000 |
|
Email has become somewhat unfashionable as a collaboration tool for
open-source projects, but there are still a number of projects—such as
PostgreSQL and the Linux kernel—that expect contributors to send and
review patches via email. The aerc
mail client is aimed at developers looking for a text-based, efficient, and
extensible client that is meant to be used for working with Git and
email. It uses Vim-style keybindings by default, and has an interface
inspired by tmux that
lets users manage multiple accounts, mails, and embedded terminals at once.
|