BPF lets users load programs into a running kernel. Even though BPF programs are checked by the verifier to ensure that they stay inside certain limits, some users would still like to ensure that only approved BPF programs are loaded. KP Singh's patches adding that capability to the kernel were accepted in version 6.18, but not everyone is satisfied with his implementation. Blaise Boscaccy, who has been working to get a version of BPF code signing with better auditability into the kernel for some time, posted a patch set on top of Singh's changes that alters the loading process to not invoke security module hooks until the entire loading process is complete. The discussion on the patch set is the continuation of a long-running disagreement over the interface for signed BPF programs.

We're disappointed to have been put in the position where we had to make this decision, because we believe our proposed project would offer invaluable advances to the Python and greater open source community, protecting millions of PyPI users from attempted supply-chain attacks. The proposed project would create new tools for automated proactive review of all packages uploaded to PyPI, rather than the current process of reactive-only review.

Version 0.3.0 of Rust Coreutils, part of the uutils project, has been released. This release adds safe directory traversal for several utilities, better error handling, and performance improvements. The project has upgraded its test suite reference from GNU coreutils 9.7 to 9.8, and added 16 new tests. It includes a fix for the date bug that affected automatic updates in Ubuntu 25.10.

Version 3.26.0 of the Valgrind memory-profiling and debugging framework has been released. Notable changes include updated support for the Linux Test Project (LTP) to version v20250930, many new Linux syscall wrappers, and the license for Valgrind has been changed from GPLv2 to GPLv3.

If you need to comply with accessibility-related regulations, Typst 0.14 has your back. Typst now generates accessible documents by default, with opt-in support for stricter checks. For those working with complex illustrations, PDFs are now supported as a native image format. In case you're typesetting a book, the new character-level justification will give your layout the final touch. And if you're building a website or blog, many improvements to Typst's HTML export are waiting for you.

LWN looked at Typst in September.

Open-source foundations and projects that have charity status in the US may want to see if GoFundMe has created a profile for them without permission. The company has operated since 2010 as a self-service fundraising platform; individuals or groups could create pages to raise money for all manner of causes. In June, the company announced that it would expand its offerings to "manage all aspects of charitable giving" for users through its platform. That seems to include creating profiles for nonprofit organizations without their involvement. After pushback, the company said on October 23 that it would be removing the pages. It has not answered more fundamental questions about how it planned to disburse funds to nonprofits that had no awareness of the GoFundMe pages in the first place.

The Ubuntu Project has announced that a bug in the Rust-based uutils version of the date command shipped with Ubuntu 25.10 broke automatic updates:

Some Ubuntu 25.10 systems have been unable to automatically check for available software updates. Affected machines include cloud deployments, container images, Ubuntu Desktop and Ubuntu Server installs.

The announcement includes remediation instructions for those affected by the bug. Systems with the rust-coreutils package version 0.2.2-0ubuntu2 or earlier have the bug, it is fixed in 0.2.2-0ubuntu2.1 or later. It does not impact manual updates using the apt command or other utilities.

Ubuntu embarked on a project to "oxidize" the distribution by switching to uutils and sudo-rs for the 25.10 release, and to see if the Rust-based utilities would be suitable for the long-term-release slated for next April. LWN covered that project in March.

Greg Kroah-Hartman has released the 6.17.5, 6.12.55, and 6.6.114 stable kernels. As usual, each contains important fixes throughout the tree; users are advised to upgrade.

The AlmaLinux project has announced that the upcoming 10.1 release will include support for Btrfs:

Btrfs support encompasses both kernel and userspace enablement, and it is now possible to install AlmaLinux OS with a Btrfs filesystem from the very beginning. Initial enablement was scoped to the installer and storage management stack, and broader support within the AlmaLinux software collection for Btrfs features is forthcoming.

Btrfs support in AlmaLinux OS did not happen in isolation. This was proposed and scoped in RFC 0005, and has been built upon prior efforts by the Fedora Btrfs SIG in Fedora Linux and the CentOS Hyperscale SIG in CentOS Stream.

AlmaLinux OS is designed to be binary compatible with Red Hat Enterprise Linux (RHEL); Btrfs, however, has never been supported in RHEL. A technology preview of Btrfs in RHEL 6 and 7 ended with the filesystem being dropped from RHEL 8 and onward. AlmaLinux OS 10.1 is currently in beta.

• Front: Git 3.0 topics; Lazy imports for Python; RubyGems; LLMs for patch review; DebugFS.
• Briefs: Fedora AI policy; OpenBSD 7.8; DigiKam 8.8.0; Forgejo 13.0; KDE Plasma 6.5; RubyGems; Valkey 9.0.0; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The Fedora Council has approved an AI-assisted contributions policy. This follows several weeks of discussion, some of which was covered by LWN on October 1. The final policy contains substantial differences from the initial proposal, and now requires disclosure of AI tools "when the significant part of the contribution is taken from a tool without changes".

KDE Plasma 6.5 has been released. Notable new features include automatic light-to-dark theme switching based on time of day, support for the experimental Wayland picture-in-picture protocol, as well as a number of usability and accessibility improvements. See the complete changelog for a list of the new features, enhancements, and bug fixes.

DebugFS is the kernel's anything-goes, no-rules interface: whenever a kernel developer needs quick access to internal details of the kernel to debug a problem, or to implement an experimental control interface, they can expose them via DebugFS. This is possible because DebugFS is not subject to the normal rules for user-space-interface stability, nor to the rules about exposing sensitive kernel information. Supporting DebugFS in Rust drivers is an important step toward being able to debug real drivers on real hardware. Matthew Maurer spoke at Kangrejos 2025 about his recently merged DebugFS bindings for Rust.

OpenBSD 7.8 has been released. As usual, this release includes a long list of changes; see the changelog for all of the details.