Vue lecture

October project goals update (Rust Blog)

✇LWN
Par : jzb

The Rust blog has an update on its progress on some of its project goals. One of the project's flagship goals is to resolve the biggest blockers to Linux building on stable Rust:

Finally, we have been finding an increasing number of stabilization requests at the compiler level, and so @wesleywiser and @davidtwco from the compiler team have started attending meetings to create a faster response. One of the results of that collaboration is RFC #3716, authored by Alice Ryhl, which proposes a method to manage compiler flags that modify the target ABI. Our previous approach has been to create distinct targets for each combination of flags, but the number of flags needed by the kernel make that impractical. Authoring the RFC revealed more such flags than previously recognized, including those that modify LLVM behavior.

A new release of Raspberry Pi OS

✇LWN
Par : jzb

The Raspberry Pi project has announced a new version of Raspberry Pi OS. It includes a number of significant changes, the most notable of which is that the Raspberry Pi Desktop now uses Wayland by default for all Pi models using the labwc compositor:

For most of this year, we have been working on porting labwc to the Raspberry Pi Desktop. This has very much been a collaborative process with the developers of both labwc and wlroots: both have helped us immensely with their support as we contribute features and optimisations needed for our desktop.

This release also features Linux 6.6.51, improved touchscreen support, a new screen configuration tool called raindrop, and more. See the release notes for a full list of changes.

Thunderbird for Android now available

✇LWN
Par : jzb

The first stable release of the Thunderbird mail client for Android is now available:

Just over two years ago, we announced our plans to bring Thunderbird to Android by taking K-9 Mail under our wing. The journey took a little longer than we had originally anticipated and there was a lot to learn along the way, but the wait is finally over! For all of you who have ever asked "when is Thunderbird for Android coming out?", the answer is – today!

It is immediately available on the Google Play Store, via GitHub Releases, or from the Thunderbird web site, and it will be "coming soon" to the F-Droid repository for FOSS Android applications. See the release notes for detailed information about Thunderbird 8.0 for Android.

Security updates for Wednesday

✇LWN
Par : jzb
Security updates have been issued by AlmaLinux (buildah), Debian (python-git, texlive-bin, and xorg-server), Mageia (chromium-browser-stable), Red Hat (kernel), SUSE (Botan, go1.22-openssl, go1.23-openssl, grafana, libgsf, pcp, pgadmin4, python310-pytest-html, python313, xorg-x11-server, and xwayland), and Ubuntu (nano, python-urllib3, and xorg-server, xwayland).

Coker: The CUPS vulnerability

✇LWN
Par : jzb

Debian Developer Russell Coker has written up an analysis of the remote exploit of CUPS announced in September:

He seems to have a different experience to me of reporting bugs, I have had plenty of success getting bugs fixed without hyping them. I just report the bug, wait a while, and it gets fixed. [...] I was quite confident that my systems wouldn't be at any risk.

When it was published my opinion was proven to be correct, it turned out to be a series of CUPS bugs.

Open Source Initiative announces Open Source AI Definition 1.0

✇LWN
Par : jzb

The Open Source Initiative (OSI) has announced the release of version 1.0 of the Open Source AI Definition:

The OSAID offers a standard by which community-led, open and public evaluations will be conducted to validate whether or not an AI system can be deemed Open Source AI. This first stable version of the OSAID is the result of multiple years of research and collaboration, an international roadshow of workshops, and a year-long co-design process led by the Open Source Initiative (OSI).

LWN covered the OSAID process, and final release candidate, on October 25.

[$] OSI readies controversial Open AI definition

✇LWN
Par : jzb

The Open Source Initiative (OSI) has been working on defining Open Source AI—that is what constitutes an AI system that can be used, studied, modified, and shared for any purpose—for almost two years. Its board will be voting on the Open Source AI Definition (OSAID) on Sunday, October 27, with the 1.0 version slated to be published on October 28. It is never possible to please everyone in such an endeavor, and it would be folly to make that a goal. However, a number of prominent figures in the open-source community have voiced concerns that OSI is setting the bar too low with the OSAID—which will undo decades of community work to cajole vendors into adhering to or respecting the original Open Source Definition (OSD).

Tor Browser 14.0 released

✇LWN
Par : jzb

Version 14.0 of the privacy-focused Tor browser has been released.

This is our first stable release based on Firefox ESR 128, incorporating a year's worth of changes shipped upstream in Firefox. As part of this process we've also completed our annual ESR transition audit, where we reviewed and addressed over 200 Bugzilla issues for changes in Firefox that may negatively affect the privacy and security of Tor Browser users. Our final reports from this audit are now available in the tor-browser-spec repository on our Gitlab instance.

Kadlčík: Copr Modularity, the End of an Era

✇LWN
Par : jzb

Jakub Kadlčík announced on his blog that Fedora's Copr build system will be dropping support for building modules (groups of RPM packages that are built, installed, and shipped together) soon:

The Fedora Modularity project never really took off, and building modules in Copr even less so. We've had only 14 builds in the last two years. It's not feasible to maintain the code for so few users. Modularity has also been retired since Fedora 39 and will die with RHEL 9.

Modularity features in Copr are now deprecated, and it will not be possible to submit new module builds after April 2025. LWN covered some of the problems with Fedora's modularity initiative in 2019.

[$] Free-software foundations face fundraising problems

✇LWN
Par : jzb

In July, at the GNOME annual general meeting (AGM), held at GUADEC 2024, the message from the GNOME Foundation board was that all was well, financially speaking. Not great, but the foundation was on a break-even budget and expected to go into its next fiscal year with a similar budget and headcount. On October 7, however, the board announced that it had had to make some cuts, including reducing its staff by two people. This is not, however, strictly a GNOME problem: similar organizations, such as the Python Software Foundation (PSF), KDE e.V., and the Free Software Foundation Europe (FSFE) are seeing declines in fundraising while also being affected by inflation.

Security updates for Wednesday

✇LWN
Par : jzb
Security updates have been issued by Debian (dmitry, libheif, and python-sql), Fedora (suricata and wireshark), SUSE (cargo-c, libeverest, protobuf, and qemu), and Ubuntu (golang-1.22, libheif, unbound, and webkit2gtk).

Introducing AlmaLinux OS Kitten (AlmaLinux Blog)

✇LWN
Par : jzb

The AlmaLinux project has introduced a new edition called "Kitten", which will serve as "the direct upstream for AlmaLinux OS and is the primary point for the AlmaLinux community to engage and influence the future of AlmaLinux OS". Not intended for production use, the first release is based on CentOS Stream 10 source, which will eventually be the basis for Red Hat Enterprise Linux (RHEL) 10:

Because we anticipated many changes in 10, we wanted to get a head start on building AlmaLinux OS 10. Earlier this year we started setting up infrastructure and the build pipeline for AlmaLinux OS 10, and started testing using CentOS Stream 10's code. Based on this preparation work, we are excited to share that we have successfully built a preview of AlmaLinux OS 10 that we are calling AlmaLinux OS Kitten 10.

The first Kitten release previews a number of ways that AlmaLinux will diverge from RHEL 10, including re-enabling frame pointers, including Simple Protocol for Independent Computing Environments (SPICE), and adding packages for Firefox and Thunderbird, which have been dropped from CentOS Stream 10 in favor of Flatpak versions. New installation images for Kitten will be built quarterly. See the release notes for download links, installation instructions, and more information.

[$] Python PGP proposal poses packaging puzzles

✇LWN
Par : jzb

Sigstore is a project that is meant to simplify and improve the process of signing, verifying, and protecting software. It is a relatively new project, declared "generally available" in 2022. Python is an early adopter of sigstore; it started providing signatures for CPython artifacts with Python 3.11 in 2022. This is in addition to the OpenPGP signatures it has been providing since at least 2001. Now, Seth Michael Larson—the Python Software Foundation (PSF) security developer-in-residence—would like to deprecate the PGP signature and move to sigstore exclusively by next year. If that happens, it will involve some changes in the way that Linux distributions verify Python releases, since none of the major distributions have processes for working with sigstore.

[$] A look at the aerc mail client

✇LWN
Par : jzb

Email has become somewhat unfashionable as a collaboration tool for open-source projects, but there are still a number of projects—such as PostgreSQL and the Linux kernel—that expect contributors to send and review patches via email. The aerc mail client is aimed at developers looking for a text-based, efficient, and extensible client that is meant to be used for working with Git and email. It uses Vim-style keybindings by default, and has an interface inspired by tmux that lets users manage multiple accounts, mails, and embedded terminals at once.

Security updates for Wednesday

✇LWN
Par : jzb
Security updates have been issued by AlmaLinux (buildah, containernetworking-plugins, and skopeo), Fedora (pdns-recursor and valkey), Mageia (unbound), Red Hat (fence-agents, firefox, java-11-openjdk, python-setuptools, python3-setuptools, resource-agents, and thunderbird), SUSE (etcd-for-k8s, libsonivox3, rubygem-puma, and unbound), and Ubuntu (apr, libarchive, linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, nano, and vim).

LibreSSL 4.0.0 released

✇LWN
Par : jzb

Version 4.0.0 of the LibreSSL TLS/cryptography stack has been released. Changes include a cleanup of the MD4 and MD5 implementations, removal of unused DSA methods, changes in libtls protocol parsing to ignore unsupported TLSv1.1 and TLSv1.0 protocols, and many more internal changes and bug fixes.

❌