|
Fri, 03 Jul 2026 13:03:41 +0000 |
|
Security updates have been issued by AlmaLinux (389-ds-base, bind9.18, evince, fence-agents, freerdp, frr, frr10, gimp, gnutls, hplip, jmc, mariadb:11.8, mysql:8.4, php:7.4, postgresql-jdbc, postgresql:15, postgresql:16, valkey, xorg-x11-server, and xorg-x11-server-Xwayland), Debian (fastnetmon), Fedora (7zip, apptainer, cpp-httplib, mysql8.4, and nmap), Oracle (freerdp, giflib, glib2, glibc, kernel, libreoffice, libvirt, mariadb:10.11, postgresql, python3.11, python3.12, rrdtool, and thunderbird), Red Hat (buildah, podman, and skopeo), SUSE (alloy, apache2, buildah, c3p0, containerd, crun, cups, dhcpcd, dnsmasq, docker-stable, dracut, editorconfig-core-c, ffmpeg-7, fontforge, google-guest-agent, google-osconfig-agent, graphicsmagick, gstreamer-plugins-bad, gstreamer-plugins-good, helm, jackson-annotations, jackson-core, jackson-databind, jline3, kernel, kubectl-cnpg, lcms2, libslirp, libssh2_org, libxreaderdocument3, openbabel, openssl-3, pacemaker, perl-CGI-Session, perl-list-someutils-xs, python-lxml, python-tornado, python-tornado6, python3-onionshare, python311-python-engineio, sg3_utils, thunderbird, transmission, and trivy), and Ubuntu (cifs-utils, kernel, libvncserver, linux-aws-6.8, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm-6.8, linux-nvidia-lowlatency, linux-oracle-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia-tegra, linux-oracle-5.15, linux-raspi, linux-xilinx, nghttp2, nginx, perl, and vim).
|
|
Thu, 02 Jul 2026 20:58:45 +0000 |
|
In August 2025, the CalyxOS privacy-focused
Android distribution announced
that it was pausing all releases while it reworked its
release process, security protocols, and changed its signing keys
following the departure of one of its founders. The project has now announced
that it is "officially back from the hiatus " with the
7.2.2.0 release.
CalyxOS 7.2.2.0 is signed by us using a new
HSM-based, open-source signing solution we designed to enhance the
security of the entire signing process, ensure redundancy, and remove
single points of failure. You can verify CalyxOS 7.2.2.0 and future
builds following these
instructions. For anyone who is interested, the security audit
report of the HSM provisioning ceremony script can be found here.
In addition, we also went through significant infrastructure
improvements. In particular, we have set up a cleaner server structure
to streamline each release. In response to Google's less frequent AOSP
source code releases, our team developed scripts to reduce the
overhead in applying monthly patches and updates. Please keep in mind,
additional manual steps are still needed to compensate for AOSP
changes, such as requesting and storing kernel sources with each
update. Currently, our lead engineer is continuing the maintenance of
the base device trees for both LineageOS and CalyxOS to bridge the gap
created by the absence of Google Pixel device trees.
|
|
Thu, 02 Jul 2026 16:39:26 +0000 |
|
A few astute observers have noticed that some
content on kernel.org had disappeared and were understandably
concerned. Konstantin Ryabitsev has provided an update via
social.kernel.org:
There was an unfortunate error while changing the kernel.org
primary/secondary mirroring infrastructure, which resulted in the /pub
tree suddenly becoming empty. No data was lost, just public mirror
copies. Everything is now being restored, but deletes are fast and
restores are slow, so thank you for your patience!
The incident is
being tracked on the Linux Foundation's IT status page.
|
|
Thu, 02 Jul 2026 16:20:33 +0000 |
|
We were made aware today of an email sent to a reader that was
spoofed to appear to be from LWN. The message claimed, among other
things, that we were providing personal information about the reader
to another site user. As is explained in our privacy policy we do not,
and would not, provide such information.
If any other readers have received an odd message from LWN, it is
an attempt at a hoax; if in doubt, please check the DKIM header of the
email. Any email that does come from LWN will have a proper DKIM
signature in its headers.
If you receive such a message, please feel free to send it to us,
with its headers intact. But to reiterate, we are not providing any
user information upon request, nor banning any accounts. We hope this
will not be a recurring problem.
|
|
Thu, 02 Jul 2026 16:05:34 +0000 |
|
Aoife Moloney has, on behalf of the Fedora Council, posted an
announcement that the Fedora Council is "proposing we pause the
Community Initiatives process as an official project process "
because it has decided the current process is ineffective. It is also
closing discussion regarding the AI developer desktop
initiative covered by LWN in May.
The Fedora Objectives/Initiatives framework was never intended as a
mandatory prerequisite to do the work in Fedora. It supposed to help
by focusing the community on a certain work when needed, not to decide
what is allowed. The AI developer desktop initiative proposal
highlighted that the Community Initiatives process has failed to serve
as a good framework in Fedora where new ideas can surface, receive
respectful feedback, and gain Council support for work that fits the
project's present and/or future. This is something that the Council
must address.
As a first step, we would like to halt the community initiative
process immediately. Existing initiatives in flight (Fedora Forge,
Atomic, and Fedora Docs 2026) will continue with full Council
backing. Their underlying work will be completed as planned in their
current timeboxed state, though the administrative framework around
them may evolve.
As a second step, we would like to work out a new mechanism to allow
Council to set strategic direction in an open, transparent way that
more intentionally includes the community voice. We recognise that we
have to be better at being more open in our discussions and decision
making.
The council is considering the "sandbox" proposal as an
alternative or supplement to a process that replaces the Community
Initiatives.
|
|
Thu, 02 Jul 2026 14:06:08 +0000 |
|
The kernel community (like many other free-software projects) has recently
seen a large influx of patches developed with the assistance of large
language models (LLMs). Those patches tend to come from developers who
were previously unknown to the community. At the moment, though, the
memory-management developers are evaluating two large patch sets, developed
with LLM assistance, that were submitted by established and well-respected
developers. The rather different reception accorded to that work may give
insights into how LLM-generated contributions will be handled going
forward.
|
|
Thu, 02 Jul 2026 13:17:54 +0000 |
|
Security updates have been issued by AlmaLinux (giflib, kernel, mariadb:10.11, mod_http2, php, rrdtool, ruby, ruby:3.3, and ruby:4.0), Debian (jq and node-lodash), Fedora (caddy, hut, ipp-usb, kernel, opkssh, rclone, thunderbird, and transmission), SUSE (389-ds, 7zip, alsa, amazon-ecs-init, avahi, cadvisor, cosign, cups, dnsdist, docker, dracut, firefox, firewalld, giflib, glib-networking, glycin-loaders, google-cloud-sap-agent, google-guest-agent, gsasl, hauler, helm, ImageMagick, kernel, keylime, krb5, libaom, libexif, libgcrypt, libnfs, libssh2_org, loupe, lrzip, mutt, ncurses, nodejs22, openCryptoki, openssh, openssl-3, pacemaker, perl-Config-IniFiles, perl-CSS-Minifier-XS, perl-DBI, perl-JavaScript-Minifier-XS, perl-libwww-perl, postfix, python-click, python-idna, python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve, python-pip, python-pytest-html, python-python-dotenv, python-python-multipart, python-starlette, python-tornado6, python-zeroconf, python311, python311-jupyter-server, rpcbind, sed, sg3_utils, tar, tiff, and util-linux), and Ubuntu (kernel, linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-azure, linux-azure-5.15, linux-azure-fde-5.15, linux-fips, linux-gcp, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-realtime, linux, linux-aws, linux-aws-fips, linux-gcp, linux-gcp-fips, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-oracle, linux-realtime, linux-realtime-6.8, linux-oem-6.17, and linux-oem-7.0).
|
|
Thu, 02 Jul 2026 00:18:56 +0000 |
|
Inside this week's LWN.net Weekly Edition:
- Front: Xsnow protestware; Git 2.55; Rhombus; kernel hardening; More LSFMM+BPF coverage; 7.2 merge window; Secure Boot certificate expiration; Ceph and Garage; OSPM 2026.
- Briefs: Akrites; Mageia 10; Git 2.55.0; Podman 6.0; systemd v261; Creative Commons chat; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
|
|
Wed, 01 Jul 2026 17:07:42 +0000 |
|
When a BPF program is used to filter or redirect packets in the networking
subsystem, the program will often want to associate data with each packet as it
moves through the kernel. The kernel's
local BPF storage API, which
associates extra data with some kernel objects, provides a way to do that. (See also
the BPF map types that end
in STORAGE.)
Amery Hung and Jakub Sitnicki led two sessions
at the 2026
Linux Storage, Filesystem, Memory-Management, and BPF Summit
about how to make accesses to local storage data more efficient. Hung spoke
about general performance problems related to locking, while Sitnicki examined
the use of local storage in the networking subsystem in particular.
|
|
Wed, 01 Jul 2026 13:18:52 +0000 |
|
Linux users who have Secure Boot enabled on
their systems rely on certificates issued by Microsoft to verify the software
used to boot a system is trusted by the user. One of those certificates expired
recently, but that will not cause systems that are able to boot to stop doing
so. There are situations where the expiration may cause problems, however, and
the window for relying on existing signed binaries is shorter than it might
appear. Users and administrators will want to stay on top of these changes. Over
the last year, part of my job at Microsoft has been to work on this
problem. LWN wrote about the
certificate expiration in July 2025, and this article follows up with where
we are now.
|
|
Wed, 01 Jul 2026 13:15:44 +0000 |
|
Security updates have been issued by AlmaLinux (coreutils, galera and mariadb11.8, giflib, git-lfs, glibc, httpd, kernel, mariadb10.11, mod_md, perl-Archive-Tar, perl-IO-Compress, perl:5.32, rrdtool, ruby, ruby4.0, and thunderbird), Debian (debian-security-support, librabbitmq, and nginx), Fedora (chromium, collectd, maradns, python-django-haystack, python-jupytext, varnish, varnish-modules, and vmod-querystring), Oracle (firefox, git-lfs, kernel, nginx:1.24, openssl, perl-Archive-Tar, perl-IO-Compress, and uek-kernel), Red Hat (container-tools:rhel8), SUSE (7zip, apache2, buildah, cifs-utils, curl, docker, exiv2-0_26, libonnxruntime1, libsoup, nodejs22, opensc, pacemaker, perl-Config-IniFiles, podman, sg3_utils, socat, tar, tracker, and xdg-desktop-portal), and Ubuntu (curl, hplip, libgd-perl, libssh2, libyang, ruby2.7, ruby3.0, ruby3.2, ruby3.3, and tar).
|
|
Tue, 30 Jun 2026 17:53:49 +0000 |
|
Dee Harris has published a summary
of the recent "fireside chat" featuring Creative Commons founders Hal
Abelson, Lawrence (Larry) Lessig, Molly Van Houweling, and Glenn Otis
Brown. The chat was to mark the 25th anniversary
of Creative Commons and included a look back at its history as
well as a look at the landscape today:
Twenty-five years ago, a small group of people made a bet. They
believed that if you gave creators a simple set of tools and licenses
in language that a lawyer, a machine, and a human could all read,
millions of people might choose to share their work with the world
instead of locking it down.
The video
of the chat is available on YouTube.
|
|
Tue, 30 Jun 2026 13:09:28 +0000 |
|
Lisp-like languages have historically led the world in metaprogramming and
flexibility. While many modern languages have adopted the idea of macros,
Lisp-like languages such as
Racket have continued pushing the envelope,
attempting to make macros as easy as possible to incorporate into everyday
programs. On the other hand, Lisp's minimal, parenthesis-based syntax can be hard
to adapt to — to the point that Lisp is sometimes said to stand
for "Lots of Irritating Silly Parentheses".
Rhombus is a new programming
language that aims to have the best of both worlds, marrying Racket's
metaprogramming capabilities to a simple Python-like syntax and reasonable
standard-library defaults.
|
|
Tue, 30 Jun 2026 13:03:36 +0000 |
|
Security updates have been issued by AlmaLinux (git-lfs, perl-Archive-Tar, perl-IO-Compress, python3.12-urllib3, and runc), Debian (sogo), Fedora (perl-DBI and perl-Socket), Oracle (firefox, freerdp, git-lfs, libsoup, libxml2, mod_md, mysql, perl-Archive-Tar, perl-IO-Compress, python, python3.12-urllib3, rsync, thunderbird, tomcat, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (389-ds, 7zip, alsa, amazon-ecs-init, amazon-ssm-agent, ansible-core, apache2, atril, avahi, bind, bitcoin, capnproto, chromedriver, chromium, cosign, distribution, dnsdist, docker, dovecot24, dracut, firefox, firewalld, freeipmi, freerdp, giflib, gimp, gleam, glib-networking, glibc, glycin-loaders, golang-github-prometheus-alertmanager, google-cloud-sap-agent, google-guest-agent, graphite2, gsasl, hamlib, helm, himmelblau, ignition, imagemagick, istioctl, jackson-databind, jq, jupyter-jupyterlab-templates, keylime, krb5, ldns, libaom, libcaca, libgcrypt, libheif, libinput, libjxl, libnfs, libslirp-devel, libsolv, libzypp, zypper, libssh2_org, libvncserver, libyang, lldpd, logback, loupe, mbedtls, mbedtls-2, mcphost, mozjs128, mutt, nano, nginx, ocaml, ofono, openCryptoki, opencryptoki, opensc, openssh, openssl-3, papers, perl-compress-raw-zlib, perl-config-inifiles, perl-cpanel-json-xs, perl-crypt-passwdmd5, perl-DBI, perl-dbi, perl-html-parser, perl-http-daemon, perl-libwww-perl, perl-protocol-http2, postfix, postgresql14, postgresql15, postgresql16, python-aiohttp, python-biopython, python-click, python-ecdsa, python-idna, python-markdown, python-joblib,, python-paramiko, python-pdm, python-pip, python-py7zr, python-pydata-sphinx-theme, python-pyjwt, python-python-multipart, python-starlette, python-tornado6, python311-jupyter-ydoc, rpcbind, sed, sg3_utils, sqlite3, strongswan, tar, thunderbird, tomcat, tomcat10, tomcat11, trivy, unbound, util-linux, warewulf4, webkit2gtk3, xar, xwayland, yt-dlp, and zypper, libzypp, libsolv), and Ubuntu (libheif, nss, qemu, roundcube, and sqlite3).
|
|
Mon, 29 Jun 2026 20:22:59 +0000 |
|
Git maintainer Junio Hamano has announced
Git 2.55.0, which has non-merge commits from 100 people; 33 of
those are first-time contributors to the project. LWN recently covered some of
the noteworthy changes in 2.55, including new features for the
experimental "git history" command, addition of the Git fsmonitor
daemon for Linux systems, and more.
|