The online-privacy-focused Tor project has announced that it has "joined forces and merged operations" with the Tails OS Linux distribution.

Countering the threat of global mass surveillance and censorship to a free Internet, Tor and Tails provide essential tools to help people around the world stay safe online. By joining forces, these two privacy advocates will pool their resources to focus on what matters most: ensuring that activists, journalists, other at-risk and everyday users will have access to improved digital security tools.

In late 2023, Tails approached the Tor Project with the idea of merging operations. Tails had outgrown its existing structure. Rather than expanding Tails's operational capacity on their own and putting more stress on Tails workers, merging with the Tor Project, with its larger and established operational framework, offered a solution. By joining forces, the Tails team can now focus on their core mission of maintaining and improving Tails OS, exploring more and complementary use cases while benefiting from the larger organizational structure of The Tor Project.

Security updates have been issued by AlmaLinux (container-tools:rhel8, dovecot, emacs, expat, git-lfs, go-toolset:rhel8, golang, grafana, grafana-pcp, gtk3, kernel, kernel-rt, nano, python3, python3.11, python3.12, and virt:rhel and virt-devel:rhel), Debian (mediawiki and puredata), Fedora (chisel), Mageia (glib2.0, gtk+2.0 and gtk+3.0, and python-astropy), Red Hat (git-lfs, grafana, grafana-pcp, kernel, and kernel-rt), SUSE (kubernetes1.24, kubernetes1.25, kubernetes1.26, kubernetes1.27, kubernetes1.28, opensc, and python36), and Ubuntu (apparmor, apr, ca-certificates, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-raspi, openjpeg2, ruby-rack, and tomcat8, tomcat9).

The "Linus and Dirk show" has been a fixture at Open Source Summit for as long as the conference has existed; it started back when the conference was called LinuxCon. Since Linus Torvalds famously does not like to give talks, as he said during this year's edition at Open Source Summit Europe (OSSEU) in Vienna, Austria, he and Dirk Hohndel have been sitting down for an informal chat on a wide range of topics as a keynote session. That way, Torvalds does not need to prepare, but also does not know what topics will be brought up, which makes it "so much more fun for one of us", Hohndel said with a grin. The topics this time ranged from the just-released 6.11 kernel and the upcoming Linux 6.12, through Rust for the kernel, to the recurring topic of succession and the graying of Linux maintainers.

Security updates have been issued by AlmaLinux (expat, fence-agents, firefox, libnbd, openssl, pcp, ruby:3.3, and thunderbird), Debian (ruby-saml), Fedora (aardvark-dns, chromium, expat, jupyterlab, less, openssl, python-jupyterlab-server, python-notebook, python3-docs, and python3.12), Gentoo (calibre, curl, Emacs, org-mode, Exo, file, GPL Ghostscript, gst-plugins-good, liblouis, Mbed TLS, OpenVPN, Oracle VirtualBox, PJSIP, Portage, PostgreSQL, pypy, pypy3, Rust, Slurm, stb, VLC, and Xen), SUSE (container-suseconnect, ffmpeg-4, kernel, libpcap, python3, python310, python36, and wpa_supplicant), and Ubuntu (firefox, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-azure, and linux-ibm-5.15, linux-oracle-5.15).

Security updates have been issued by Debian (expat and tinyproxy), Fedora (frr, microcode_ctl, python3.10, python3.12, python3.6, and ruby), Oracle (expat, fence-agents, firefox, ghostscript, java-1.8.0-openjdk, kernel, and thunderbird), Red Hat (firefox, openssl, ruby:3.3, and thunderbird), SUSE (clamav, ffmpeg-4, kernel, libmfx, python3, python312, runc, ucode-intel, and wireshark), and Ubuntu (apache2, git, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, and linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle).

Security updates have been issued by Debian (git, nodejs, and ring), Fedora (apr, bubblewrap, chromium, clamav, flatpak, mingw-expat, python3-docs, python3.12, and thunderbird), Mageia (assimp, botan2, python-tqdm, and radare2), Slackware (libarchive), and SUSE (curl).

Greg Kroah-Hartman has announced the release of seven new stable kernels: 6.10.10, 6.6.51, 6.1.110, 5.15.167, 5.10.226 5.4.284, and 4.19.322. As usual, they all contain lots of important fixes throughout the kernel tree.

Security updates have been issued by Debian (chromium and redis), Fedora (nextcloud, python3.10, python3.13, python3.6, vim, and wolfssl), Mageia (expat, libpcap, and microcode), Oracle (dovecot, kernel, and kernel-container), Red Hat (kernel and krb5), SUSE (389-ds, colord, containerd, curl, expat, glib2, go1.22, go1.23, kernel, libpcap, postgresql16, and runc), and Ubuntu (expat, libxmltok, linux, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gkeop, linux-ibm, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-oem-6.8, linux-oracle, linux-aws-5.4, linux-azure-5.4, linux-gcp-5.4, linux-hwe-5.4, linux-ibm-5.4, linux-oracle-5.4, linux-raspi-5.4, linux-azure, linux-iot, linux-nvidia, linux-nvidia-lowlatency, python-setuptools, setuptools, tiff, and unbound).

The Python community has been roiled, to a certain extent, by an action taken by the steering council (SC): the three-month suspension of a unnamed—weirdly—Python core developer. Tim Peters is the developer in question, as he has acknowledged, though it could easily be deduced from the SC message. Peters has been involved in the project from its early days and, among many other things, is the author of PEP 20 ("The Zen of Python"). The suspension was due to violations of the project's code of conduct that stem from the discussion around a somewhat controversial set of proposed changes to the bylaws for the Python Software Foundation (PSF) back in mid-June.

Many projects struggle with attracting and retaining contributors; Debian is no different in that regard. At DebConf24, Carlos Henrique Lima Melara and Lucas Kanashiro gave a presentation about efforts that the Brazilian Debian community has made to increase participation. Their ideas and the lessons learned can be applied more widely, both for other Debian communities and for other projects.

Security updates have been issued by Debian (amanda, aom, bluez, python-jwcrypto, and thunderbird), Fedora (chromium, firefox, and thunderbird), Red Hat (bubblewrap and flatpak, containernetworking-plugins, flatpak, and runc), Slackware (python3), SUSE (apache2, bubblewrap and flatpak, postgresql16, and wireshark), and Ubuntu (thunderbird).

Security updates have been issued by AlmaLinux (bubblewrap and flatpak, containernetworking-plugins, fence-agents, ghostscript, krb5, orc, podman, python3.11, python3.9, resource-agents, runc, and wget), Debian (chromium, cinder, glance, gnutls28, nova, nsis, python-oslo.utils, ruby-sinatra, and setuptools), Fedora (kernel), Oracle (bubblewrap and flatpak, buildah, containernetworking-plugins, fence-agents, ghostscript, gvisor-tap-vsock, kernel, krb5, libndp, nodejs:18, orc, podman, postgresql, python-urllib3, python3.11, python3.12, python3.9, runc, skopeo, and wget), SUSE (hdf5, netcdf, trilinos), and Ubuntu (firefox, imagemagick, ironic, openssl, python-django, vim, and znc).

Security updates have been issued by AlmaLinux (postgresql:16), Debian (dovecot, pymatgen, ruby2.7, systemd, and webkit2gtk), Fedora (microcode_ctl, python3.11, vim, and xen), Oracle (kernel, postgresql:12, postgresql:13, postgresql:15, and python39:3.9 and python39-devel:3.9), Slackware (libpcap), SUSE (cacti, cacti-spine, python-Django, and trivy), and Ubuntu (dovecot).

Greg Kroah-Hartman has announced the release of the 6.10.7, 6.6.48, and 6.1.107 stable kernels. They all contain important fixes throughout the kernel tree, as is the norm.

Plasma Mobile is an open-source user interface for mobile devices, developed by the KDE community. It's built on the same foundations as Plasma Desktop, including KDE Frameworks and the KWin window manager. Much like its desktop counterpart, Plasma Mobile caters to advanced users by offering extensive customizability. It is offered as an option on phones with various mobile Linux distributions.

Security updates have been issued by AlmaLinux (bind and bind-dyndb-ldap and postgresql:16), Fedora (less and python3.6), Mageia (nodejs & yarnpkg), Oracle (libvpx and postgresql:16), Red Hat (edk2, git, kernel, openldap, postgresql:15, postgresql:16, python3, and python39:3.9 and python39-devel:3.9), SUSE (apache2, python-setuptools, and python3-setuptools), and Ubuntu (linux-oracle).

Immutable data makes concurrent access easier, since it eliminates the data-race conditions that can plague multithreaded programs. At PyCon 2024, Yury Selivanov introduced an early-stage project called MemHive, which uses Python subinterpreters and immutable data to overcome the problems of thread serialization that are caused by the language's Global Interpreter Lock (GIL). Recent developments in the Python world have opened up different strategies for avoiding the longstanding problems with the GIL.

Security updates have been issued by Debian (chromium, python-html-sanitizer, and trafficserver), Fedora (nginx, nginx-mod-fancyindex, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, python-webob, python3-docs, python3.11, python3.12, python3.9, and zabbix), Red Hat (bind, bind and bind-dyndb-ldap, bind9.16, httpd, kernel, kernel-rt, and nodejs:20), SUSE (caddy, chromium, chromium, gn, rust-bindgen, cockpit, fetchmail, gdcm, gh, keybase-client, libhtp, libofx, nano, plasma5-workspace, python-nltk, python-notebook, xen, and znc), and Ubuntu (linux-azure, linux-azure-4.15, linux-azure-5.4, and linux-oracle-5.15).

On the second day of DebConf24 in Busan, South Korea, Holger Levsen provided a history lesson on the "first 11 years" of the Reproducible Builds project. He has been involved in the project for most of that time and has been a Debian user since the mid-1990s, contributor since 2001, and a Debian member since 2007; "I love Debian". Meanwhile, his aim is to make all free software be reproducible, so that anyone can check that a binary program comes from the source code it purports to.

Security updates have been issued by AlmaLinux (.NET 8.0, bind, bind9.16, curl, edk2, firefox, gnome-shell, grafana, jose, krb5, libreoffice, mod_auth_openidc:2.3, orc, pcs, poppler, python-setuptools, python-urllib3, python3.11-setuptools, python3.12-setuptools, thunderbird, tomcat, and wget), Fedora (webkitgtk), SUSE (apache2, glib2, and roundcubemail), and Ubuntu (kernel, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi, linux, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-aws, linux-aws-hwe, linux-bluefield, linux-hwe-5.15, linux-raspi-5.4, and qemu).