Vue normale
Security updates for Thursday
[$] When ELF notes reveal too much
Stenberg: DISPUTED, not REJECTED
The Curl project has previously had problems with CVEs issued for things that are not security issues. On February 21, Daniel Stenberg wrote about the Curl project's most recent issue with the CVE system, saying:
I keep insisting that the CVE system is broken and that the database of existing CVEs hosted by MITRE (and imported into lots of other databases) is full of questionable content and plenty of downright lies. A primary explanation for us being in this ugly situation is that it is simply next to impossible to get rid of invalid CVEs.
Security updates for Friday
[$] Forgejo makes a full break from Gitea
The world of open-source "forges" is becoming a little more fragmented. The Forgejo project is a software-development platform that started as a "soft
" fork of Gitea in late 2022. On February 16, Forgejo announced its intent to become a "hard fork
" of Gitea to help address its mission of community-controlled development and to "liberate software development from the shackles of proprietary tools
". In a world where proprietary tools cast a long shadow over open-source development that's a welcome sentiment—if the project can deliver.
Git 2.44.0 released
Kernel prepatch 6.8-rc6
Last week I said that I was hoping things would calm down a bit. Technically things did calm down a bit, and rc6 is smaller than rc5 was. But not by a huge amount, and honestly, while there's nothing really alarming here, there's more here than I would really like at this point in the release.So this may end up being one of those releases that get an rc8. We'll see.
Security updates for Monday
[$] Treating documentation as code
Incus 0.6 released
Version 0.6 of Incus, a fork of LXD, has been released. This release includes a number of changes, including a new storage driver called lvmcluster, improvements for Open Virtual Network (OVN) users, improvements to migration tooling, a number of new security features, and storage bucket backup and re-import. See the release announcement for detailed release notes and complete list of changes. The announcement notes that a Long Term Support (LTS) release of Incus is planned in a few months "to coincide with the LTS releases of LXC and LXCFS
".
[$] A RDRAND followup
Security updates for Tuesday
The bpftop tool
bpftop provides a dynamic real-time view of running eBPF programs. It displays the average execution runtime, events per second, and estimated total CPU % for each program. This tool minimizes overhead by enabling performance statistics only while it is active.
[$] A look at Nix and Guix
Nix and Guix are a pair of unusual package managers based on the idea of declarative configurations. Their associated Linux distributions — NixOS and the Guix System — take the idea further by allowing users to define a single centralized configuration describing the state of the entire system. Both have been previously mentioned on LWN, but not covered extensively. They offer different takes on the central idea of treating packages like immutable values.
Security updates for Wednesday
The Open Collective Foundation is shutting down
Unfortunately, over the past year, we have learned that Open Collective Foundation's business model is not sustainable with the number of complex services we have offered and the fees we pay to the Open Collective Inc. tech platform.In late 2023, we made the decision to pause accepting new collectives in order to create space for us to address the issues. Unfortunately, it became clear that it would not be financially feasible to make the necessary corrections, and we determined that OCF is not viable.
Some more information can be found in the Dissolution FAQ. Note that the Open Collective Foundation is distinct from Open Source Collective, which has hastened to point out that it remains in operation as before, and both are distinct from the Open Collective platform.
[$] The KDE desktop gets an overhaul with Plasma 6
It's been nearly 10 years since KDE Plasma 5, which is the last major release of the desktop. On February 28 the project announced its "mega release" of KDE Plasma 6, KDE Frameworks 6, and KDE Gear 24.02 — all based on the Qt 6 development framework. This release focuses heavily on migrating to Wayland, and aspires to be a seamless upgrade for the user while improving performance, security, and support for newer hardware. For developers, a lot of work has gone into removing deprecated frameworks and decreasing dependencies to make it easier to write applications targeting KDE.