The Fedora Project has announced the results of the Fedora 43 election cycle. Five seats were open on the Fedora Engineering Steering Committee (FESCo), and the winners are Kevin Fenzi, Zbigniew Jędrzejewski-Szmek, Timothée Ravier, Dave Cantrell, and Máirín Duffy.

Gentoo Linux has published a 2025 project retrospective that looks at how the community has evolved, changes to the distribution, infrastructure, and finances for the Gentoo Foundation.

Gentoo currently consists of 31663 ebuilds for 19174 different packages. For amd64 (x86-64), there are 89 GBytes of binary packages available on the mirrors. Gentoo each week builds 154 distinct installation stages for different processor architectures and system configurations, with an overwhelming part of these fully up-to-date.

The number of commits to the main ::gentoo repository has remained at an overall high level in 2025, with a slight decrease from 123942 to 112927. The number of commits by external contributors was 9396, now across 377 unique external authors.

The Software Freedom Conservancy (SFC) is suing VIZIO over smart TVs that include software licensed under the GPL and LGPL (including the Linux kernel, FFmpeg, systemd, and others). VIZIO didn't provide the source code along with the device, and on request they only provided some of it. Unlike a typical lawsuit about enforcing the GPL, the SFC isn't suing as a copyright holder; it's suing as a normal owner of the TV in question. This approach opens some important legal questions, and after years of pre-trial maneuvering (most recently resulting in a ruling related to signing keys that is the subject of a separate article), we might finally obtain some answers when the case goes to trial on January 12. As things stand, it seems likely that the judge in the case will rule that that the GPL-enforcement lawsuits can be a matter of contract law, not just copyright law, which would be a major change to how GPL enforcement works.

• Front: What to expect in 2026; LAVD scheduler; libpathrs; Questions for the TAB; Graphite; 2025 timeline.
• Briefs: shadow-utils 4.19.0; Android releases; IPFire 2.29-199; Manjaro 26.0; curl strcpy(); GNU ddrescue 1.30; Ruby 4.0; Partial GPL ruling; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The European Commission has opened a "call for evidence" to help shape its European Open Digital Ecosystem Strategy. The commission is looking to reduce its dependence on software from non-EU countries:

The EU faces a significant problem of dependence on non-EU countries in the digital sphere. This reduces users' choice, hampers EU companies' competitiveness and can raise supply chain security issues as it makes it difficult to control our digital infrastructure (both physical and software components), potentially creating vulnerabilities including in critical sectors. In the last few years, it has been widely acknowledged that open source – which is a public good to be freely used, modified, and redistributed – has the strong potential to underpin a diverse portfolio of high-quality and secure digital solutions that are valid alternatives to proprietary ones. By doing so, it increases user agency, helps regain control and boost the resilience of our digital infrastructure.

The feedback period runs until midnight (Brussels time) February 3, 2026. The commission seeks input from all interested stakeholders, "in particular the European open-source community (including individual contributors, open-source companies and foundations), public administrations, specialised business sectors, the ICT industry, academia and research institutions".

Last year we revived the tradition of publishing a timeline of notable events from the previous year. Since that seemed to go over well, we decided we should continue the practice and look back on some of the most noteworthy events and releases of 2025.

The IPFire project, an open-source firewall Linux distribution, has released version 2.29 - Core Update 199. Notable changes in this release include an update to Linux 6.12.58, support for WiFi 6 and 7 features on wireless access points, as well as native support for link-local discovery protocol (LLDP) and Cisco discovery protocol (CDP).

A spokesperson for Google offered some additional context on this decision, stating that it helps simplify development, eliminates the complexity of managing multiple code branches, and allows them to deliver more stable and secure code to Android platform developers. The spokesperson also reiterated that Google's commitment to AOSP is unchanged and that this new release schedule helps the company build a more robust and secure foundation for the Android ecosystem.

The release schedule for security patches is unchanged.

The nature and role of the Linux Foundation's Technical Advisory Board (TAB) is not well-understood, though a recent LWN article shed some light on its role and history. At the 2025 Linux Plumbers Conference (LPC), the TAB held a question and answer session to address whatever it was the community wanted to know (video). Those questions ended up covering the role of large language models in kernel development, what it is like to be on the TAB, how the TAB can help grease the wheels of corporate bureaucracy, and more.

Aleksa Sarai, as the maintainer of the runc container runtime, faces a constant battle against security problems. Recently, runc has seen another instance of a security vulnerability that can be traced back to the difficulty of handling file paths on Linux. Sarai spoke at the 2025 Linux Plumbers Conference (slides; video) about some of the problems runc has had with path-traversal vulnerabilities, and to ask people to please use libpathrs, the library that he has been developing for safe path traversal.

Version 26.0 ("Anh-Linh") of the Arch-based Manjaro Linux distribution has been released. Manjaro 26.0 includes Linux 6.18, GNOME 49, KDE Plasma 6.5, Xfce 4.20, and more.