LWN.net

On her blog, Julia Evans writes about improving Git documentation, including a new data model man page she wrote with Marie LeBlanc Flanagan, and updates to the pages for several other Git sub-commands (add, checkout, push, and pull). As part of the process, she asked Git users to describe problems they had run into in the documentation, which helped guide the changes that she made.

I'm excited about this because understanding how Git organizes its commit and branch data has really helped me reason about how Git works over the years, and I think it's important to have a short (1600 words!) version of the data model that's accurate.

The "accurate" part turned out to not be that easy: I knew the basics of how Git's data model worked, but during the review process I learned some new details and had to make quite a few changes (for example how merge conflicts are stored in the staging area).

The READ_ONCE() and WRITE_ONCE() macros are heavily used within the kernel; there are nearly 8,000 call sites for READ_ONCE(). They are key to the implementation of many lockless algorithms and can be necessary for some types of device-memory access. So one might think that, as the amount of Rust code in the kernel increases, there would be a place for Rust versions of these macros as well. The truth of the matter, though, is that the Rust community seems to want to take a different approach to concurrent data access.

Security updates have been issued by Debian (pdfminer and vlc), Red Hat (kernel, kernel-rt, and microcode_ctl), Slackware (libtasn1), SUSE (apptainer, curl, ImageMagick, libpcap, libvirt, libwget4, php8, podman, python311-cbor2, qemu, and rsync), and Ubuntu (gnupg, gnupg2, gpsd, libsodium, and python-tornado).

The Fedora Project has announced the results of the Fedora 43 election cycle. Five seats were open on the Fedora Engineering Steering Committee (FESCo), and the winners are Kevin Fenzi, Zbigniew Jędrzejewski-Szmek, Timothée Ravier, Dave Cantrell, and Máirín Duffy.

Gentoo Linux has published a 2025 project retrospective that looks at how the community has evolved, changes to the distribution, infrastructure, and finances for the Gentoo Foundation.

Gentoo currently consists of 31663 ebuilds for 19174 different packages. For amd64 (x86-64), there are 89 GBytes of binary packages available on the mirrors. Gentoo each week builds 154 distinct installation stages for different processor architectures and system configurations, with an overwhelming part of these fully up-to-date.

The number of commits to the main ::gentoo repository has remained at an overall high level in 2025, with a slight decrease from 123942 to 112927. The number of commits by external contributors was 9396, now across 377 unique external authors.

The Software Freedom Conservancy (SFC) is suing VIZIO over smart TVs that include software licensed under the GPL and LGPL (including the Linux kernel, FFmpeg, systemd, and others). VIZIO didn't provide the source code along with the device, and on request they only provided some of it. Unlike a typical lawsuit about enforcing the GPL, the SFC isn't suing as a copyright holder; it's suing as a normal owner of the TV in question. This approach opens some important legal questions, and after years of pre-trial maneuvering (most recently resulting in a ruling related to signing keys that is the subject of a separate article), we might finally obtain some answers when the case goes to trial on January 12. As things stand, it seems likely that the judge in the case will rule that that the GPL-enforcement lawsuits can be a matter of contract law, not just copyright law, which would be a major change to how GPL enforcement works.

On December 24 2025, Linus Torvalds posted a strongly worded message celebrating a ruling in the ongoing GPL-compliance lawsuit filed against VIZIO by the Software Freedom Conservancy (SFC). This case and Torvalds's response have put a spotlight on an old debate over the extent to which the source-code requirements of the GNU General Public License (version 2) extend to keys and other data needed to successfully install modified software on a device. It is worth looking at whether this requirement exists, the subtleties in interpretation that cloud the issue, and the extent to which, if any, the SFC is demanding that information.

Greg Kroah-Hartman has released the 6.18.4 and 6.12.64 stable kernels. As always, each contains important fixes throughout the tree. Users are advised to upgrade.

Security updates have been issued by AlmaLinux (gcc-toolset-14-binutils, gcc-toolset-15-binutils, httpd, kernel, libpng, mariadb, mingw-libpng, poppler, python3.12, and ruby:3.3), Debian (foomuuri and libsodium), Fedora (python-pdfminer and wget2), Oracle (audiofile, bind, gcc-toolset-15-binutils, libpng, mariadb, mariadb10.11, mariadb:10.11, mariadb:10.5, mingw-libpng, poppler, and python3.12), Red Hat (git-lfs, kernel, libpng, libpq, mariadb:10.3, osbuild-composer, postgresql, postgresql:13, and postgresql:15), Slackware (curl), SUSE (c-ares-devel, capstone, curl, gpsd, ImageMagick, libpcap, log4j, python311-filelock, and python314), and Ubuntu (libcaca, libxslt, and net-snmp).

Inside this week's LWN.net Weekly Edition:

• Front: What to expect in 2026; LAVD scheduler; libpathrs; Questions for the TAB; Graphite; 2025 timeline.
• Briefs: shadow-utils 4.19.0; Android releases; IPFire 2.29-199; Manjaro 26.0; curl strcpy(); GNU ddrescue 1.30; Ruby 4.0; Partial GPL ruling; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The European Commission has opened a "call for evidence" to help shape its European Open Digital Ecosystem Strategy. The commission is looking to reduce its dependence on software from non-EU countries:

The EU faces a significant problem of dependence on non-EU countries in the digital sphere. This reduces users' choice, hampers EU companies' competitiveness and can raise supply chain security issues as it makes it difficult to control our digital infrastructure (both physical and software components), potentially creating vulnerabilities including in critical sectors. In the last few years, it has been widely acknowledged that open source – which is a public good to be freely used, modified, and redistributed – has the strong potential to underpin a diverse portfolio of high-quality and secure digital solutions that are valid alternatives to proprietary ones. By doing so, it increases user agency, helps regain control and boost the resilience of our digital infrastructure.

The feedback period runs until midnight (Brussels time) February 3, 2026. The commission seeks input from all interested stakeholders, "in particular the European open-source community (including individual contributors, open-source companies and foundations), public administrations, specialised business sectors, the ICT industry, academia and research institutions".

At the 2025 Linux Plumbers Conference (LPC), held in Tokyo in mid-December, Changwoo Min led a session on what he has learned while developing the "latency-criticality aware virtual deadline" (LAVD) scheduler, which is aimed at gaming workloads. The session was part of the Gaming on Linux microconference, which is a new entrant into LPC; organizers hope to see it return next year in Prague and, presumably, beyond. LAVD uses the extensible scheduler class (sched_ext) and has the primary goal of minimizing stuttering in games; it is implemented in a combination of BPF and Rust.

Last year we revived the tradition of publishing a timeline of notable events from the previous year. Since that seemed to go over well, we decided we should continue the practice and look back on some of the most noteworthy events and releases of 2025.

The IPFire project, an open-source firewall Linux distribution, has released version 2.29 - Core Update 199. Notable changes in this release include an update to Linux 6.12.58, support for WiFi 6 and 7 features on wireless access points, as well as native support for link-local discovery protocol (LLDP) and Cisco discovery protocol (CDP).

Android Authority reports that Google will be reducing the frequency of releases of code to the Android Open Source Project to only twice per year.

A spokesperson for Google offered some additional context on this decision, stating that it helps simplify development, eliminates the complexity of managing multiple code branches, and allows them to deliver more stable and secure code to Android platform developers. The spokesperson also reiterated that Google's commitment to AOSP is unchanged and that this new release schedule helps the company build a more robust and secure foundation for the Android ecosystem.

The release schedule for security patches is unchanged.