Justin Wheeler writes in Fedora Magazine that Fedora is now available in Syria once again:
Last week, the Fedora Infrastructure Team lifted the IP range block on IP addresses in Syria. This action restores download access to Fedora Linux deliverables, such as ISOs. It also restores access from Syria to Fedora Linux RPM repositories, the Fedora Account System, and Fedora build systems. Users can now access the various applications and services that make up the Fedora Project. This change follows a recent update to the Fedora Export Control Policy. Today, anyone connecting to the public Internet from Syria should once again be able to access Fedora.
[...] Opening the firewall to Syria took seconds. However, months of conversations and hidden work occurred behind the scenes to make this happen.
We've made incredible progress upstreaming patches over the past 12 months. Our patch set has shrunk from 1232 patches with 6.13.8, to 858 as of 6.18.8. Our total delta in terms of lines of code has also shrunk, from 95,000 lines to 83,000 lines for the same kernel versions. Hmm, a 15% reduction in lines of code for a 30% reduction in patches seems a bit wrong…Not all patches are created equal. Some of the upstreamed patches have been small fixes, others have been thousands of lines. All of them, however, pale in comparison to the GPU driver.
The GPU driver is 21,000 lines by itself, discounting the downstream Rust abstractions we are still carrying. It is almost double the size of the DCP driver and thrice the size of the ISP/webcam driver, its two closest rivals. And upstreaming work has now begun.
Adam Harvey, on behalf of the crates.io team has published a blog post to inform users of a change in their practice of publishing information about malicious Rust crates:
The crates.io team will no longer publish a blog post each time a malicious crate is detected or reported. In the vast majority of cases to date, these notifications have involved crates that have no evidence of real world usage, and we feel that publishing these blog posts is generating noise, rather than signal.
We will always publish a RustSec advisory when a crate is removed for containing malware. You can subscribe to the RustSec advisory RSS feed to receive updates.
Crates that contain malware and are seeing real usage or exploitation will still get both a blog post and a RustSec advisory. We may also notify via additional communication channels (such as social media) if we feel it is warranted.
Various forms of tools, colloquially known as "AI", have been rapidly pervading all aspects of open-source development. Many developers are embracing LLM tools for code creation and review. Some project maintainers complain about suffering from a deluge of slop-laden pull requests, as well as fabricated bug and security reports. Too many projects are reeling from scraperbot attacks that effectively DDoS important infrastructure. But an AI bot flaming an open-source maintainer was not on our bingo card for 2026; that seemed a bit too far-fetched. However, it appears that is just what happened recently after a project rejected a bot-driven pull request.
Version 6.6.0 of KDE's Plasma desktop environment has been released. Notable additions in this release include the ability to create global themes for Plasma, an "extract text" feature in the Spectacle screenshot utility, accessibility improvements, and a new on-screen keyboard. See the changelog for a full list of new features, enhancements, and bug fixes.
The release is dedicated to the memory of Björn Balazs, a KDE
contributor who passed away in September 2025. "Björn's drive to
help people achieve the privacy and control over technology that he
believed they deserved is the stuff FLOSS legends are made of.
"
In December 2025, Canonical announced a plan to develop a universal Public Key Infrastructure called upki. Jon Seager has published an update about the project with instructions on trying it out.
In the few weeks since we announced upki, the core revocation engine has been established and is now functional, the CRLite mirroring tool is working and a production deployment in Canonical's datacentres is ongoing. We're now preparing for an alpha release and remain on track for an opt-in preview for Ubuntu 26.04 LTS.
The curl project has found AI-powered tools to be a mixed bag when it comes to security reports. At FOSDEM 2026, curl creator and lead developer Daniel Stenberg used his keynote session to discuss his experience receiving a slew of low-quality reports and, at the same time, realizing that large language model (LLM) tools can sometimes find flaws that other tools have missed.
can add new, interesting capabilities to tools that we are already using or build new interesting tools".
Vim 9.2 brings significant enhancements to the Vim9 scripting language, improved diff mode, comprehensive completion features, and platform-specific improvements including experimental Wayland support." Also included is a new interactive tutor mode.
Debian Project Leader (DPL) Andreas Tille has announced a new delegation for Debian's data protection team:
Following the end of the previous delegation, Debian was left without an active Data Protection team. This situation has understandably drawn external attention and highlighted the importance of having a clearly identified point of contact for data protection matters within the project.
I am therefore very pleased to announce that new volunteers have stepped forward, allowing us to re-establish the Debian Data Protection team with a fresh delegation.
Tille had put out a call for volunteers in January after all previous members of the team had stepped down. He has appointed Aigars Mahinovs, Andrew M.A. Cater, Bart Martens, Emmanuel Arias, Gunnar Wolf, Kiran S Kunjumon, and Salvo Tomaselli as the new members of the team. The team provides a central coordination and advisory function around Debian's data handling, retention, dealing with deletion requests, and more.
The merge window for Linux 7.0 has opened, and with it comes a number of interesting improvements and enhancements. At the time of writing, there have been 7,695 non-merge commits accepted. The 7.0 release is not special, according to the kernel's versioning scheme — just the release that comes after 6.19. Humans love symbolism and round numbers, though, so it may feel like something of a milestone.
At FOSDEM 2026 Petya
Kangalova, a senior tech partnership and engagement manager for the Humanitarian OpenStreetMap
Team (HOT) spoke about how
the project helps people map their surroundings to assist in
disaster response and humanitarian aid. The project has
developed a stack of technology to help volunteers collectively map an
area and add in local knowledge metadata. "One of the core things
that we believe is that when we speak about disaster response or
people having access to data is that they really need accessible
technology that's free and open for anyone to use
."
Web sites are being increasingly beset by AI scraperbots — a problem that we have written about before, and which has slowly ramped up to an occasional de-facto DDoS attack. This has not gone uncontested, however: web site operators from around the world have been working on inventive countermeasures. These solutions target the problem posed by scraperbots in different ways; iocaine, a MIT-licensed nonsense generator, is designed to make scraped text less useful by poisoning it with fake data. The hope is to make running scraperbots not economically viable, and thereby address the problem at its root instead of playing an eternal game of Whac-A-Mole.
Connexion