Vue lecture
Tcl/Tk 9.0 released
The most recent major release of the Tcl/Tk language and graphical-user-interface toolkit, Tcl/Tk 9.0, has been released, a mere 27 years after the 8.0 major release in 1997. There have been plenty of releases in the interim, though, as can be seen in the Tcl chronology. The 9.0 release brings 64-bit data values, better Unicode support, the ability to use zip files as filesystems, a switch to use epoll() or kqueue() where they are available, SVG support in Tk, access to notifications and other desktop-platform services in Tk, and lots more. For more information, see the release notes for Tcl and Tk that can be downloaded as Markdown files from the announcement page. (Thanks to Matt Bradley.)
Security updates for Monday
Security updates have been issued by AlmaLinux (cups-filters, net-snmp, and osbuild-composer), Debian (booth, cups, cups-filters, python-asyncssh, ruby-httparty, ruby-loofah, ruby-rails-html-sanitizer, tryton-server, unbound, and wireshark), Fedora (chromium, cjson, cups, cups-browsed, libcupsfilters, and libppd), Gentoo (Apache HTTPD, Docker, HashiCorp Consul, IcedTea, nginx, tmux, and yt-dlp), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, & java-latest-openjdk and libreoffice), Red Hat (git-lfs, grafana, and osbuild-composer), and SUSE (chromedriver, chromium, coredns, json-java-20240303, kernel, libmozjs-128-0, maven-archetype, python3, python312, and quagga).
Uniting for Internet Freedom: Tor Project & Tails Join Forces (Tor blog)
The online-privacy-focused Tor
project has announced
that it has "
joined forces and merged operations" with the Tails OS Linux distribution.
Countering the threat of global mass surveillance and censorship to a free Internet, Tor and Tails provide essential tools to help people around the world stay safe online. By joining forces, these two privacy advocates will pool their resources to focus on what matters most: ensuring that activists, journalists, other at-risk and everyday users will have access to improved digital security tools.In late 2023, Tails approached the Tor Project with the idea of merging operations. Tails had outgrown its existing structure. Rather than expanding Tails's operational capacity on their own and putting more stress on Tails workers, merging with the Tor Project, with its larger and established operational framework, offered a solution. By joining forces, the Tails team can now focus on their core mission of maintaining and improving Tails OS, exploring more and complementary use cases while benefiting from the larger organizational structure of The Tor Project.
Security updates for Thursday
Security updates have been issued by AlmaLinux (container-tools:rhel8, dovecot, emacs, expat, git-lfs, go-toolset:rhel8, golang, grafana, grafana-pcp, gtk3, kernel, kernel-rt, nano, python3, python3.11, python3.12, and virt:rhel and virt-devel:rhel), Debian (mediawiki and puredata), Fedora (chisel), Mageia (glib2.0, gtk+2.0 and gtk+3.0, and python-astropy), Red Hat (git-lfs, grafana, grafana-pcp, kernel, and kernel-rt), SUSE (kubernetes1.24, kubernetes1.25, kubernetes1.26, kubernetes1.27, kubernetes1.28, opensc, and python36), and Ubuntu (apparmor, apr, ca-certificates, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-raspi, openjpeg2, ruby-rack, and tomcat8, tomcat9).
[$] Linus and Dirk on succession, Rust, and more
The "Linus and Dirk show" has been a fixture at Open Source Summit for as
long as the conference has existed; it started back when the conference was
called LinuxCon. Since Linus Torvalds famously does not like to give
talks, as he said during this year's edition at Open Source Summit Europe
(OSSEU) in Vienna, Austria, he and Dirk Hohndel have been sitting down for an
informal chat on a wide range of topics as a keynote session. That way,
Torvalds does not need to prepare, but also does not know what topics
will be brought up, which makes it "so much more fun for one of us", Hohndel
said with a grin. The topics this time ranged from the just-released 6.11
kernel and the upcoming Linux 6.12, through Rust for the kernel, to the recurring topic of succession and
the graying of Linux maintainers.
Security updates for Monday
Security updates have been issued by AlmaLinux (expat, fence-agents, firefox, libnbd, openssl, pcp, ruby:3.3, and thunderbird), Debian (ruby-saml), Fedora (aardvark-dns, chromium, expat, jupyterlab, less, openssl, python-jupyterlab-server, python-notebook, python3-docs, and python3.12), Gentoo (calibre, curl, Emacs, org-mode, Exo, file, GPL Ghostscript, gst-plugins-good, liblouis, Mbed TLS, OpenVPN, Oracle VirtualBox, PJSIP, Portage, PostgreSQL, pypy, pypy3, Rust, Slurm, stb, VLC, and Xen), SUSE (container-suseconnect, ffmpeg-4, kernel, libpcap, python3, python310, python36, and wpa_supplicant), and Ubuntu (firefox, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-azure, and linux-ibm-5.15, linux-oracle-5.15).
Security updates for Thursday
Security updates have been issued by Debian (expat and tinyproxy), Fedora (frr, microcode_ctl, python3.10, python3.12, python3.6, and ruby), Oracle (expat, fence-agents, firefox, ghostscript, java-1.8.0-openjdk, kernel, and thunderbird), Red Hat (firefox, openssl, ruby:3.3, and thunderbird), SUSE (clamav, ffmpeg-4, kernel, libmfx, python3, python312, runc, ucode-intel, and wireshark), and Ubuntu (apache2, git, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, and linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle).
Security updates for Monday
Security updates have been issued by Debian (git, nodejs, and ring), Fedora (apr, bubblewrap, chromium, clamav, flatpak, mingw-expat, python3-docs, python3.12, and thunderbird), Mageia (assimp, botan2, python-tqdm, and radare2), Slackware (libarchive), and SUSE (curl).
Security updates for Thursday
Security updates have been issued by Debian (chromium and redis), Fedora (nextcloud, python3.10, python3.13, python3.6, vim, and wolfssl), Mageia (expat, libpcap, and microcode), Oracle (dovecot, kernel, and kernel-container), Red Hat (kernel and krb5), SUSE (389-ds, colord, containerd, curl, expat, glib2, go1.22, go1.23, kernel, libpcap, postgresql16, and runc), and Ubuntu (expat, libxmltok, linux, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gkeop, linux-ibm, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-oem-6.8, linux-oracle, linux-aws-5.4, linux-azure-5.4, linux-gcp-5.4, linux-hwe-5.4, linux-ibm-5.4, linux-oracle-5.4, linux-raspi-5.4, linux-azure, linux-iot, linux-nvidia, linux-nvidia-lowlatency, python-setuptools, setuptools, tiff, and unbound).
[$] A mess in the Python community
The Python community has been roiled, to a certain extent, by an action
taken by
the steering council (SC): the three-month suspension
of a unnamed—weirdly—Python core developer. Tim Peters is the developer
in question, as he has acknowledged,
though it could easily be deduced from the SC message. Peters has been
involved in the
project from its early days and, among many other things, is the author of
PEP 20 ("The Zen of
Python"). The suspension was due to violations of the project's code of
conduct that stem from the discussion around a somewhat controversial set
of proposed changes to the bylaws for the Python Software Foundation
(PSF) back in mid-June.
[$] Attracting and retaining Debian contributors
Many projects struggle with attracting and retaining contributors; Debian
is no different in that regard. At DebConf24, Carlos Henrique Lima
Melara and Lucas Kanashiro gave a presentation about efforts that the
Brazilian Debian community has made to increase participation. Their ideas
and the lessons
learned can be applied more widely, both for other Debian communities and
for other projects.
Security updates for Monday
Security updates have been issued by Debian (amanda, aom, bluez, python-jwcrypto, and thunderbird), Fedora (chromium, firefox, and thunderbird), Red Hat (bubblewrap and flatpak, containernetworking-plugins, flatpak, and runc), Slackware (python3), SUSE (apache2, bubblewrap and flatpak, postgresql16, and wireshark), and Ubuntu (thunderbird).
Security updates for Thursday
Security updates have been issued by AlmaLinux (bubblewrap and flatpak, containernetworking-plugins, fence-agents, ghostscript, krb5, orc, podman, python3.11, python3.9, resource-agents, runc, and wget), Debian (chromium, cinder, glance, gnutls28, nova, nsis, python-oslo.utils, ruby-sinatra, and setuptools), Fedora (kernel), Oracle (bubblewrap and flatpak, buildah, containernetworking-plugins, fence-agents, ghostscript, gvisor-tap-vsock, kernel, krb5, libndp, nodejs:18, orc, podman, postgresql, python-urllib3, python3.11, python3.12, python3.9, runc, skopeo, and wget), SUSE (hdf5, netcdf, trilinos), and Ubuntu (firefox, imagemagick, ironic, openssl, python-django, vim, and znc).
Security updates for Monday
Security updates have been issued by AlmaLinux (postgresql:16), Debian (dovecot, pymatgen, ruby2.7, systemd, and webkit2gtk), Fedora (microcode_ctl, python3.11, vim, and xen), Oracle (kernel, postgresql:12, postgresql:13, postgresql:15, and python39:3.9 and python39-devel:3.9), Slackware (libpcap), SUSE (cacti, cacti-spine, python-Django, and trivy), and Ubuntu (dovecot).
[$] Plasma Mobile for highly configurable Linux phones
Plasma Mobile is an open-source
user interface for mobile devices, developed by the KDE community. It's
built on the same foundations as Plasma Desktop, including KDE Frameworks and the KWin window
manager. Much like its desktop counterpart, Plasma Mobile caters to
advanced users by offering extensive customizability. It is offered as an
option on phones with various mobile Linux
distributions.
Security updates for Thursday
Security updates have been issued by AlmaLinux (bind and bind-dyndb-ldap and postgresql:16), Fedora (less and python3.6), Mageia (nodejs & yarnpkg), Oracle (libvpx and postgresql:16), Red Hat (edk2, git, kernel, openldap, postgresql:15, postgresql:16, python3, and python39:3.9 and python39-devel:3.9), SUSE (apache2, python-setuptools, and python3-setuptools), and Ubuntu (linux-oracle).
[$] MemHive: sharing immutable data between Python subinterpreters
Immutable data makes concurrent access easier, since it
eliminates the data-race conditions that can plague multithreaded programs. At
PyCon 2024, Yury Selivanov
introduced an early-stage project called MemHive, which uses Python
subinterpreters and immutable data to
overcome the problems of thread serialization that are caused by the
language's Global Interpreter Lock (GIL). Recent developments in the Python world have opened
up different strategies for avoiding the longstanding problems with the
GIL.