Vue normale
Security updates for Wednesday
Manjaro 24.0 released
Version 24.0 of the Arch-based Manjaro distribution is now available with the 6.9 kernel, GNOME 46, Xfce 4.18, and an update to the Pamac package installer. This is also the project's first release with KDE Plasma 6:
The Plasma edition comes with the latest Plasma 6.0 series and KDE Gear 24.02. It brings exciting new improvements to your desktop.
With Plasma 6, KDE's technology stack has undergone major upgrades: a transition to the latest version of application framework, Qt, and an improved graphics platform when Wayland is used. These changes are as smooth and unnoticeable to the users as possible. You will see the same familiar desktop environment that you know and love. But these under-the-hood upgrades benefit Plasma's security, efficiency, and performance, and improve support for modern hardware. Thus Plasma delivers an overall more reliable user experience, while paving the way for many more improvements in the future.
The project also offers minimal install images with the 6.6 LTS and 6.1 LTS kernels to support older hardware.
Security updates for Tuesday
Security updates for Monday
[$] Debian dismisses AI-contributions policy
In April, the Gentoo Linux project banned the use of generative AI/ML tools due to copyright, ethical, and quality concerns. This means contributors cannot use tools like ChatGPT or GitHub Copilot to create content for the distribution such as code, documentation, bug reports, and forum posts. A proposal for Debian to adopt a similar policy revealed a distinct lack of love for those kinds of tools, though it would also seem few contributors support banning them outright.
[$] Securing Git repositories with gittuf
The so-called software supply chain starts with source code. But most security measures and tooling don't kick in until source is turned into an artifact—a source tarball, binary build, container image, or other method of delivering a release to users. The gittuf project is an attempt to provide a security layer for Git that can handle key management, enforce security policies for repositories, and guard against attacks at the version-control layer. At Open Source Summit North America (OSSNA), Aditya Sirish A Yelgundhalli and Billy Lynch presented an introduction to gittuf with an overview of its goals and status.
Fedora Asahi Remix 40 is now available
Fedora Magazine reports that the Fedora Asahi Remix for Apple Arm hardware, based on Fedora 40, is now available:
Fedora Asahi Remix offers KDE Plasma 6 as our flagship desktop experience. It also features a custom Calamares-based initial setup wizard. A GNOME variant is also available, featuring GNOME 46, with both desktop variants matching what Fedora Linux offers. Fedora Asahi Remix also provides a Fedora Server variant for server workloads and other types of headless deployments. Finally, we offer a Minimal image for users that wish to build their own experience from the ground up.
See the installation guide to get started with the Asahi Remix.
Security updates for Wednesday
2023 PSF annual impact report
The Python Software Foundation (PSF) has announced its annual impact report for 2023. The report includes updates from PSF staff as well as summaries of the foundation's activities, financials, and infrastructure. The PSF celebrated the 20th anniversary of PyCon US, distributed more than $370,000 in grants, and enjoyed impressive traffic on PyPI:
In 2023 PyPI saw a 45% growth in download counts and bandwidth alike, serving 603,378,275 downloads for the 516,402 projects hosted there requiring 747.4 Petabytes of data transfer, or 189.6 Gbps of bandwidth 24x7x365.
See the full report for a breakdown of grant disbursements and trends, PSF expenses, and high-level plans for the rest of 2024.
[$] Modernizing accessibility for desktop Linux
In some aspects, such as in gaming, the Linux desktop has made enormous strides in the past few years. In others, such as accessibility, things have stagnated. At Open Source Summit North America (OSSNA), Matt Campbell spoke about the need for, and an approach to, modernizing accessibility for desktop Linux. This included a discussion of Newton, a fledgling project that may greatly improve accessibility on the Linux desktop.
GNU nano 8.0 released
Version 8.0 of the terminal text editor GNU nano has been released. This update includes several changes to keybindings to be more newcomer-friendly, such as remapping Ctrl-F to forward-search and adding an option for modern bindings:
Command-line option --modernbindings (-/) makes ^Q quit, ^X cut, ^C copy, ^V paste, ^Z undo, ^Y redo, ^O open a file, ^W write a file, ^R replace, ^G find again, ^D find again backwards, ^A set the mark, ^T jump to a line, ^P show the position, and ^E execute.
The release also provides access to 14 levels of gray scale in xterm (up from four), as well as many bug fixes.
[$] A look at Ubuntu Desktop LTS 24.04
Ubuntu 24.04 LTS, code-named "Noble Numbat", was released on April 25. This release includes GNOME 46, installer updates, security enhancements, a lot of updated packages, and a new App Center that puts a heavy emphasis on using Snaps to install software. It is not an ambitious release, but it brings enough to the table that it's a worthwhile update.
Security updates for Wednesday
[$] Security patterns and anti-patterns in embedded development
When it comes to security, telling developers to do (or not do) something can be ineffective. Helping them understand the why behind instructions, by illustrating good and bad practices using stories, can be much more effective. With several such stories Marta Rybczyńska fashioned an interesting talk about patterns and anti-patterns in embedded Linux security at the Embedded Open Source Summit (EOSS), co-located with Open Source Summit North America (OSSNA), on April 16 in Seattle, Washington.
Security updates for Wednesday
[$] Linus and Dirk chat about AI, XZ, hardware, and more
One of the mainstays of the the Linux Foundation's Open Source Summit is the "fireside chat" (sans fire) between Linus Torvalds and Dirk Hohndel to discuss open source and Linux kernel topics of the day. On April 17, at Open Source Summit North America (OSSNA) in Seattle, Washington, they held with tradition and discussed a range of topics including proper whitespace parsing, security, and the current AI craze.
[$] Gentoo bans AI-created contributions
Gentoo Council member Michał Górny posted
an RFC to the gentoo-dev mailing
list in late February about banning "'AI'-backed (LLM/GPT/whatever)
contributions
" to the Gentoo Linux project. Górny wrote that the spread of the
"AI bubble
" indicated a need for Gentoo to formally take a stand on AI
tools. After a lengthy discussion, the Gentoo Council voted
unanimously this week to adopt his proposal and ban contributions generated with AI/ML tools.
[$] Fedora 40 firms up for release
Fedora 40 Beta was released on March 26, and the final release is nearing completion. So far, the release is coming together nicely with major updates for GNOME, KDE Plasma, and the usual cavalcade of smaller updates and enhancements. As part of the release, the project also scuttled Delta RPMs and OpenSSL 1.1.