LWN.net

The closed-source chat platform Discord announced on February 9 that it would soon require some users to verify their ages in order to access some content — although the company quickly added that the "vast majority" of users would not have to. That reassurance has to contend with the fact that the UK and other countries are implementing increasingly strict age requirements for social media. Discord's age verification would be done with an AI age-judging model or with a government photo ID. A surprising number of open-source projects use Discord for support or project communications, and some of those projects are now looking for open-source alternatives. Mastodon, for example, has moved discussion to Zulip. There are some alternatives out there, all with their own pros and cons, that communities may want to consider if they want to switch away from Discord.

Dianne Skoll, creator and maintainer of the command-line calendar and alarm program Remind, has announced the release of The Book of Remind. As the name suggests, it is a step-by-step guide to learning how to use Remind, and a useful supplement to the extensive remind(1) man page. The book is free to download.

Security updates have been issued by AlmaLinux (grafana), Debian (gegl, inetutils, libvpx, nova, and python-django), Fedora (azure-cli, chromium, microcode_ctl, python-azure-core, python3.14, and roundcubemail), Red Hat (grafana and osbuild-composer), SUSE (apptainer, dnsdist, istioctl, libsoup, openCryptoki, python-nltk, python311, python313, rclone, and thunderbird), and Ubuntu (libvpx, linux-azure, linux-azure-5.4, linux-azure-fips, and linux-intel-iotg).

Greg Kroah-Hartman has announced the 6.19.3, 6.18.13, 6.12.74, 6.6.127, 6.1.164, 5.15.201, and 5.10.251 stable kernels. As usual, each includes important fixes and users are advised to upgrade.

The kernel's unloved but performance-critical swapping subsystem has been undergoing multiple rounds of improvement in recent times. Recent articles have described the addition of the swap table as a new way of representing the state of the swap cache, and the removal of the swap map as the way of tracking swap space. Work in this area is not done, though; this series from Nhat Pham addresses a number of swap-related problems by replacing the new swap table structures with a single, virtual swap space.

Douglas DeMaio has announced that Jeff Mahoney's new governance proposal for openSUSE, which was published in January, is moving forward. The new structure would have three governance bodies: a new technical steering committee (TSC), a community and marketing committee (CMC), as well as the existing openSUSE board.

The discussions during the meeting proposed that the Technical Steering Committee should begin with five members with a chair elected by the committee. The group would establish clear processes for reviewing and approving technical changes, drawing inspiration from Fedora's FESCo model. Decisions for the TSC would use a voting system of +1 to approve, 0 for neutral, or -1 to block. A proposal passes without objection. A -1 vote would require a dedicated meeting, where a majority of attendees would decide the outcome. Objections must include a clear, documented rationale.

Discussions related to the Community and Marketing Committee would focus on outreach, advocacy, and community growth. It could also serve as an initial escalation point for disputes. If consensus cannot be reached at that level, matters would advance to the Board.

[...] No timeline for final adoption was announced. Project contributors will continue discussions through the GitLab repository and future community meetings.

Security updates have been issued by AlmaLinux (edk2, glibc, gnupg2, golang, grafana, nodejs:24, and php), Debian (gimp and kernel), Fedora (fvwm3), Mageia (microcode and vim), Oracle (edk2, glibc, kernel, nodejs:24, and php), Red Hat (python-s3transfer), SUSE (abseil-cpp, avahi, azure-cli-core, fontforge, go1.24, go1.25, golang-github-prometheus-prometheus, libpcap, libsoup2, libxml2-16, mupdf, nodejs22, openCryptoki, openjpeg2, patch, python-aiohttp, python-Brotli, python-pip, python311-asgiref, rust1.93, and traefik), and Ubuntu (inetutils, libssh, linux-gcp, linux-gke, linux-hwe-6.8, linux-lowlatency-hwe-6.8, linux-intel-iotg-5.15, linux-xilinx-zynqmp, linux-lowlatency, linux-nvidia-lowlatency, and trafficserver).

Inside this week's LWN.net Weekly Edition:

• Front: AI agent goes rogue; debuginfo; iocaine; revocable resource-management patches; 7.0 merge window; AccECN; LLMs and security; Humanitarian OpenStreetMap Team.
• Briefs: upki; Asahi Linux progress; DFSG processes; Fedora in Syria; Plasma 6.6.0; Vim 9.2; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The "More Accurate Explicit Congestion Notification" (AccECN) mechanism is defined by this RFC draft. The Linux kernel has been gaining support for AccECN with TCP over the last few releases; the 7.0 release will enable it by default for general use. AccECN is a subtle change to how TCP works, but it has the potential to improve how traffic flows over both public and private networks.

Justin Wheeler writes in Fedora Magazine that Fedora is now available in Syria once again:

Last week, the Fedora Infrastructure Team lifted the IP range block on IP addresses in Syria. This action restores download access to Fedora Linux deliverables, such as ISOs. It also restores access from Syria to Fedora Linux RPM repositories, the Fedora Account System, and Fedora build systems. Users can now access the various applications and services that make up the Fedora Project. This change follows a recent update to the Fedora Export Control Policy. Today, anyone connecting to the public Internet from Syria should once again be able to access Fedora.

[...] Opening the firewall to Syria took seconds. However, months of conversations and hidden work occurred behind the scenes to make this happen.

The Asahi Linux project, which is working to implement support for Linux on Apple CPUs, has published a detailed 6.19 progress report.

We've made incredible progress upstreaming patches over the past 12 months. Our patch set has shrunk from 1232 patches with 6.13.8, to 858 as of 6.18.8. Our total delta in terms of lines of code has also shrunk, from 95,000 lines to 83,000 lines for the same kernel versions. Hmm, a 15% reduction in lines of code for a 30% reduction in patches seems a bit wrong…

Not all patches are created equal. Some of the upstreamed patches have been small fixes, others have been thousands of lines. All of them, however, pale in comparison to the GPU driver.

The GPU driver is 21,000 lines by itself, discounting the downstream Rust abstractions we are still carrying. It is almost double the size of the DCP driver and thrice the size of the ISP/webcam driver, its two closest rivals. And upstreaming work has now begun.

Adam Harvey, on behalf of the crates.io team has published a blog post to inform users of a change in their practice of publishing information about malicious Rust crates:

The crates.io team will no longer publish a blog post each time a malicious crate is detected or reported. In the vast majority of cases to date, these notifications have involved crates that have no evidence of real world usage, and we feel that publishing these blog posts is generating noise, rather than signal.

We will always publish a RustSec advisory when a crate is removed for containing malware. You can subscribe to the RustSec advisory RSS feed to receive updates.

Crates that contain malware and are seeing real usage or exploitation will still get both a blog post and a RustSec advisory. We may also notify via additional communication channels (such as social media) if we feel it is warranted.

Security updates have been issued by Debian (ceph, gimp, gnutls28, and libpng1.6), Fedora (freerdp, libpng, libssh, mingw-libpng, mingw-libsoup, mingw-python3, pgadmin4, python-pillow, thunderbird, and vim), Mageia (postgresql15), Red Hat (python-urllib3), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, frr, gpg2, kubernetes, kubernetes-old, libsodium, libsoup-2_4-1, libssh, libtasn1, libxml2, nodejs22, openCryptoki, openssl-3, and python311-pip), and Ubuntu (frr, linux-aws, linux-aws-6.8, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-oracle, linux-oracle-6.8, linux-aws-fips, linux-fips, linux-gcp-5.15, linux-kvm, linux-oracle, linux-oracle-5.15, linux-gcp-fips, linux-nvidia, linux-nvidia-tegra-igx, linux-oem-6.17, linux-realtime, linux-raspi-realtime, nova, and pillow).

Various forms of tools, colloquially known as "AI", have been rapidly pervading all aspects of open-source development. Many developers are embracing LLM tools for code creation and review. Some project maintainers complain about suffering from a deluge of slop-laden pull requests, as well as fabricated bug and security reports. Too many projects are reeling from scraperbot attacks that effectively DDoS important infrastructure. But an AI bot flaming an open-source maintainer was not on our bingo card for 2026; that seemed a bit too far-fetched. However, it appears that is just what happened recently after a project rejected a bot-driven pull request.

Version 6.6.0 of KDE's Plasma desktop environment has been released. Notable additions in this release include the ability to create global themes for Plasma, an "extract text" feature in the Spectacle screenshot utility, accessibility improvements, and a new on-screen keyboard. See the changelog for a full list of new features, enhancements, and bug fixes.

The release is dedicated to the memory of Björn Balazs, a KDE contributor who passed away in September 2025. "Björn's drive to help people achieve the privacy and control over technology that he believed they deserved is the stuff FLOSS legends are made of."