Security updates have been issued by Debian (lemonldap-ng and php-dompdf), Red Hat (.NET 6.0, .NET 7.0, firefox, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (ghostscript, installation-images, kernel, php7, python, and python-Django), and Ubuntu (linux-azure, linux-gcp, linux-ibm, linux-oracle, mozjs102, postgresql-9.5, and tiff).

AlmaLinux has announced that the distribution will no longer be a strict clone of Red Hat Enterprise Linux, but will maintain ABI compatibility.

For a typical user, this will mean very little change in your use of AlmaLinux. Red Hat-compatible applications will still be able to run on AlmaLinux OS, and your installs of AlmaLinux will continue to receive timely security updates. The most remarkable potential impact of the change is that we will no longer be held to the line of “bug-for-bug compatibility” with Red Hat, and that means that we can now accept bug fixes outside of Red Hat’s release cycle. While that means some AlmaLinux OS users may encounter bugs that are not in Red Hat, we may also accept patches for bugs that have not yet been accepted upstream, or shipped downstream.

Version 1.71.0 of the Rust language has been released. Changes this time include the C-unwind ABI, an upgrade to musl 1.2, and more.

The kernel-development process routinely absorbs large changes to fundamental subsystems and still produces stable releases every nine or ten weeks. On occasion, though, the development community's luck runs out. The per-VMA locking work that went into the 6.4 release is a case in point; it looked like a well-tested change that improved page-fault scalability. There turned out to be a few demons hiding in that code, though, that made life difficult for early adopters of the 6.4 kernel.

Security updates have been issued by Debian (ruby-doorkeeper), Fedora (mingw-nsis and thunderbird), Red Hat (bind9.16, nodejs, nodejs:16, nodejs:18, python38:3.8 and python38-devel:3.8, and rh-nodejs14-nodejs), Slackware (krb5), SUSE (geoipupdate, installation-images, libqt5-qtbase, python-Django1, and skopeo), and Ubuntu (knot-resolver, lib3mf, linux, linux-aws, linux-kvm, linux-lowlatency, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-gcp, linux-ibm, linux-oracle, linux-azure-fde, linux-xilinx-zynqmp, and scipy).

The LWN.net Weekly Edition for July 13, 2023 is available.

The kdevops kernel-testing framework has come up at several earlier summits, including in two separate sessions at last year's event. Testing kernel filesystems and the block layer, not to mention lots of other kernel subsystems, has become increasingly important over time. So it was no surprise that Luis Chamberlain led a combined storage and filesystem session at the 2023 Linux Storage, Filesystem, Memory-Management and BPF Summit to talk more about testing, the resources needed for it, and what can be done to improve it. It was the final session for this year's summit, so this article completes our coverage.

Over on the Open Source Initiative (OSI) blog, the organization has announced the Open Policy Alliance (OPA), which is meant to bring together various non-profit organizations to help educate and inform US policy makers about open-source software and its needs: The need to create such a program is more urgent today due to the rise of new regulations in the software industry and adjacent open domains around the world. Cyber security, the societal impact of AI, data and privacy are important issues for legislators globally. At the same time, the COVID-19 pandemic drove collaborative development to unprecedented levels and took Open Source software, open research, open content and data from mainstream to main stage. Moving forward, developing these important public policies whilst not harming the ecosystem requires an understanding of how the Open Source ecosystem works. Ensuring stakeholders without historic benefit of representation are included in those discussions becomes paramount to that end.

The OPA will focus on educating public policy makers on Open Source to inform their development and deliberation of new policy concepts. There are unintended consequences that come from a lack of understanding of how open collaboration works in practice. The OPA will address this as well as the historic absence of contribution from underrepresented groups. The interest areas of the OPA community will complement those of Digitable Public Goods Alliance, a UNICEF multi-stakeholder initiative with a mission to accelerate the attainment of sustainable development goals in low- and middle-income countries that OSI joined earlier this year.

Security updates have been issued by Debian (erlang, symfony, thunderbird, and yajl), Fedora (cutter-re, kernel, rizin, and yt-dlp), Red Hat (grafana), SUSE (kernel and python-Django), and Ubuntu (dotnet6, dotnet7 and firefox).

The Filesystem in Userspace (FUSE) framework can be used to create a "stacked" filesystem, where the FUSE piece adds specialized functionality (e.g. reporting different file metadata) atop an underlying kernel filesystem. The performance of such filesystems leaves a lot to be desired, however, so the FUSE BPF filesystem has been proposed to try to improve the performance to be close to that of the underlying native filesystem. It came up in the context of a session on FUSE passthrough earlier in the 2023 Linux Storage, Filesystem, Memory-Management and BPF Summit, but the details of FUSE BPF were more fully described by Daniel Rosenberg in a combined filesystem and BPF session on the final day of the summit.

The 6.4.3 stable kernel has been released; it contains a handful of fixes, mostly for problems associated with the per-VMA locking code. Anybody running 6.4 probably wants this update.

Note that there is a much larger 6.3.13 update going through a longer-than-usual review process that should show up soon.

Update: 6.3.13 is now out. Note that this is the last 6.3.x update.

SUSE has announced that it is getting into the business of creating RHEL clones and investing $10 million in the project.

SUSE remains fully committed to investing in its highly regarded Linux solutions such as SLE and openSUSE that countless satisfied enterprise customers and the community rely on. At the same time, it acknowledges that enterprises and the open source community deserve choice and freedom from vendor lock-in. SUSE has a long history in empowering and supporting users with mixed Linux environments.

SUSE is committed to working with the open source community to develop a long-term, enduring compatible alternative for RHEL and CentOS users. SUSE plans to contribute this project to an open source foundation, which will provide ongoing free access to alternative source code.

Security updates have been issued by Debian (mediawiki and node-tough-cookie), Red Hat (bind, kernel, kpatch-patch, and python38:3.8, python38-devel:3.8), SUSE (kernel, nextcloud-desktop, and python-tornado), and Ubuntu (dwarves-dfsg and thunderbird).

Linus Torvalds released 6.5-rc1 and closed the merge window for this development cycle on July 9. By that point, 11,730 non-merge changesets had been pulled into the mainline for 6.5; over 7,700 of those were pulled after the first-half merge-window summary was written. The second half of the merge window saw a lot of code coming into the mainline and a long list of significant changes.

Security updates have been issued by Debian (firefox-esr, fusiondirectory, ocsinventory-server, php-cas, and thunderbird), Fedora (dav1d, perl-CPAN, and yt-dlp), Red Hat (python39:3.9 and python39-devel:3.9), Slackware (mozilla), SUSE (prometheus-ha_cluster_exporter and prometheus-sap_host_exporter), and Ubuntu (ghostscript, linux-azure, linux-intel-iotg, linux-intel-iotg-5.15, and ruby-doorkeeper).

Linus has released 6.5-rc1 and closed the merge window for this release.

Anyway, none of it looks hugely unusual. The biggest single mention probably goes to what wasn't merged, with the bcachefs pull request resulting in a long thread (we didn't hit a hundred emails yet, but it's not far away).

The curious can read that long thread in the list archives.

After an initial foray into the ways that open-source software has failed to live up to its early hype, this Digital Antiquarian article covers the history of rogue-like games in great detail.

This brings us back around to a statement I made at the outset: that roguelikes are the exception that proves the rule of open-source game development — and just possibly of open-source software development in general. The cast of thousands who contribute to them do so in order to make exactly the games that they want to play, which in the abstract is the best of all possible reasons to make a game. The experience they end up with is, unsurprisingly, much like high-wire programming at its most advanced, presenting players with an immense, multi-faceted system to be explored and mastered.

Over the years, the kernel has developed a number of deferred-execution mechanisms to take care of work that cannot be done immediately. For many (or most) needs, the workqueue subsystem is the tool that developers reach for first. Workqueues took their current form over a dozen years ago, but that does not mean that there are not improvements to be made. Two sets of patches from Tejun Heo show the pressures being felt by the workqueue subsystem and the solutions that are being tried — with varying degrees of success.

Security updates have been issued by Debian (debian-archive-keyring, libusrsctp, nsis, ruby-redcloth, and webkit2gtk), Fedora (firefox), Mageia (apache-ivy, cups, curaengine, glances, golang, keepass, libreoffice, minidlna, nodejs, opensc, perl-DBD-SQLite, python-setuptools, python-wheel, skopeo/buildah/podman, systemd, testng, and webkit2), SUSE (bind), and Ubuntu (Gerbv, golang-websocket, linux-gke, linux-intel-iotg, and linux-oem-5.17).

The Fedora project is considering a Fedora 40 change proposal to add limited, opt-out telemetry to the workstation edition. The proposal is detailed; it is clear that the developers involved understand that this will be a hard sell in that community.

We believe an open source community can ethically collect limited aggregate data on how its software is used without involving big data companies or building creepy tracking profiles that are not in the best interests of users. Users will have the option to disable data upload before any data is sent for the first time. Our service will be operated by Fedora on Fedora infrastructure, and will not depend on Google Analytics or any other controversial third-party services. And in contrast to proprietary software operating systems, you can redirect the data collection to your own private metrics server instead of Fedora's to see precisely what data is being collected from you, because the server components are open source too.