LWN.net
[$] Plasma Mobile for highly configurable Linux phones
Security updates for Thursday
Rust-for-Linux developer Wedson Almeida Filho drops out
After almost 4 years, I find myself lacking the energy and enthusiasm I once had to respond to some of the nontechnical nonsense, so it's best to leave it up to those who still have it in them.
As an example of the sort of "nonsense" he referred to, he provided a link to the video from the Rust for filesystems discussion at the 2024 Linux Storage, Filesystem, Memory-Management, and BPF Summit. His work was fundamental to getting the project as far as it has come; he will be missed.
[$] LWN.net Weekly Edition for August 29, 2024
[$] MemHive: sharing immutable data between Python subinterpreters
[$] Debian discusses principles for package maintenance
Achieving consensus among Debian Developers on technical topics and procedures can be, to put it mildly, challenging. Nevertheless, that is exactly what Otto Kekäläinen has tried to do with a proposal that would set up "principles all Debian packages should follow to be open for collaboration in package maintenance". In the near term, it seems unlikely that the proposal will be accepted, but the discussion may be effective at improving collaboration nonetheless.
Judge dismisses majority of GitHub Copilot copyright claims (Developer)
Judge Jon Tigar's ruling, unsealed last week, leaves only two claims standing: one accusing the companies of an open-source license violation and another alleging breach of contract. This decision marks a substantial setback for the developers who argued that GitHub Copilot, which uses OpenAI's technology and is owned by Microsoft, unlawfully trained on their work.
Security updates for Wednesday
WineHQ to take over Mono
Calligra Office 4.0 released
KDE developer Carl Schwan has announced the release of Calligra Office version 4.0. The most significant changes in this release include a "major overhaul" of the office suite's user interface, and a transition to Qt 6 and KDE Frameworks 6.
Call for nominations: Ubuntu Community Council
Nominations are now open for people interested in joining the Ubuntu Community Council, "the highest governance body of the Ubuntu project". Any Ubuntu Member can apply from now until Sunday, September 22 at 23:59 UTC.
The Ubuntu project turned 20 this year, but is still in constant flux. The advent of new communication platforms, new projects under our umbrella, and the ever-growing popularity of the project requires our community to evolve. We need to make sure Ubuntu is set to tackle the challenges of the next 20 years. It needs a strong and active community council to guide the project forwards.See Merlijn Sebrechts's blog post, "A year in the Ubuntu community council", for an overview of what it's like to serve on the council.
[$] NIST finalizes post-quantum encryption standards
On August 13, the US National Institute of Standards and Technology (NIST) published the final form of its new post-quantum cryptographic standards. One key-exchange mechanism and two digital-signature schemes are now officially sanctioned by the institute. Adopting the new standards should be fairly painless for most developers, but the overhead added by the schemes could pose challenges for some applications.
Security updates for Tuesday
A malicious Pidgin plugin
It went unnoticed at the time that the plugin was not providing any source code and was only providing binaries for download. Going forward, we will be requiring that all plugins that we link to have an OSI Approved Open Source License and that some level of due diligence has been done to verify that the plugin is safe for users.
Sovereign Tech Fund (STF) to invest in FreeBSD infrastructure modernization
The FreeBSD Foundation has announced that Germany's Sovereign Tech Fund (STF) has agreed to invest €686,400 toward improvements in the FreeBSD project's infrastructure, security, regulatory compliance, and developer experience:
The work commissioned by STF also aligns closely with the recent August 9, 2024 summary report released by the U.S. Office of the National Cyber Director (ONCD), consolidating feedback from the 2023 request for information on key priorities for securing the open source software ecosystem. By enhancing security controls and SBOM tooling, the FreeBSD Foundation is helping to keep FreeBSD at the forefront of improved vulnerability disclosure mechanisms and secure software foundations.[$] A new version of modversions
Security updates for Monday
Kernel prepatch 6.11-rc5
[$] The history, status, and plans for reproducible builds
Forgejo changes license to GPLv3+
The Forgejo project has announced that, starting from version 9.0, Forgejo will be released under the GPLv3 license (or a later version). Older versions of the software forge remain MIT-licensed.
A copyleft license makes reusing other copyleft software easier. Recently, we discovered that some of the dependencies we used were incompatible with the license Forgejo was distributed with, and they had to be removed for now. Choosing copyleft licenses enables us to reuse more work, and saves us precious time to focus on improving Forgejo itself.