Firefox 131.0 released
Version
131.0 of the Firefox browser has been released. Changes include the
ability to temporarily grant permissions to sites and a preview that pops
up when hovering over tabs.
Valve is generously providing backing for two critical projects that will have a huge impact on our distribution: a build service infrastructure and a secure signing enclave. By supporting work on a freelance basis for these topics, Valve enables us to work on them without being limited solely by the free time of our volunteers.
Despite conference travel (both for me and several maintainers), things seemed to go mostly fairly normally. There's a couple of notable new features in here: For one thing, PREEMPT_RT is now mainlined and enabled as a config option (you do need to enable "EXPERT" to get the question). For another, sched_ext also got merged.
There is a general agreement that the way forward is to change time_t to a 64-bit type. Musl has already switched to that, glibc supports it as an option. A number of other distributions such as Debian have taken the leap and switched. Unfortunately, source-based distributions such as Gentoo don't have it that easy. So we are still debating the issue and experimenting, trying to figure out a maximally safe upgrade path for our users.Unfortunately, that's nowhere near trivial. Above all, we are talking about a breaking ABI change.
This leads to two important takeaways:
- The problem is overwhelmingly with new code, necessitating a fundamental change in how we develop code.
- Code matures and gets safer with time, exponentially, making the returns on investments like rewrites diminish over time as code gets older.
For example, based on the average vulnerability lifetimes, 5-year-old code has a 3.4x (using lifetimes from the study) to 7.4x (using lifetimes observed in Android and Chromium) lower vulnerability density than new code.
Torvalds acted on
the pull request the following morning.