Odprtokodni pogled

Opensource view

LWN.net

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Posodobljeno: 39 min 51 sec nazaj

[$] Plasma Mobile for highly configurable Linux phones

Čet, 08/29/2024 - 16:11
Plasma Mobile is an open-source user interface for mobile devices, developed by the KDE community. It's built on the same foundations as Plasma Desktop, including KDE Frameworks and the KWin window manager. Much like its desktop counterpart, Plasma Mobile caters to advanced users by offering extensive customizability. It is offered as an option on phones with various mobile Linux distributions.

Security updates for Thursday

Čet, 08/29/2024 - 15:33
Security updates have been issued by AlmaLinux (bind and bind-dyndb-ldap and postgresql:16), Fedora (less and python3.6), Mageia (nodejs & yarnpkg), Oracle (libvpx and postgresql:16), Red Hat (edk2, git, kernel, openldap, postgresql:15, postgresql:16, python3, and python39:3.9 and python39-devel:3.9), SUSE (apache2, python-setuptools, and python3-setuptools), and Ubuntu (linux-oracle).

Rust-for-Linux developer Wedson Almeida Filho drops out

Čet, 08/29/2024 - 15:07
Wedson Almeida Filho, one of the key developers driving the Rust-for-Linux project, has retired from the project.

After almost 4 years, I find myself lacking the energy and enthusiasm I once had to respond to some of the nontechnical nonsense, so it's best to leave it up to those who still have it in them.

As an example of the sort of "nonsense" he referred to, he provided a link to the video from the Rust for filesystems discussion at the 2024 Linux Storage, Filesystem, Memory-Management, and BPF Summit. His work was fundamental to getting the project as far as it has come; he will be missed.

[$] LWN.net Weekly Edition for August 29, 2024

Čet, 08/29/2024 - 02:41
The LWN.net Weekly Edition for August 29, 2024 is available.

[$] MemHive: sharing immutable data between Python subinterpreters

Sre, 08/28/2024 - 20:45
Immutable data makes concurrent access easier, since it eliminates the data-race conditions that can plague multithreaded programs. At PyCon 2024, Yury Selivanov introduced an early-stage project called MemHive, which uses Python subinterpreters and immutable data to overcome the problems of thread serialization that are caused by the language's Global Interpreter Lock (GIL). Recent developments in the Python world have opened up different strategies for avoiding the longstanding problems with the GIL.

[$] Debian discusses principles for package maintenance

Sre, 08/28/2024 - 15:20

Achieving consensus among Debian Developers on technical topics and procedures can be, to put it mildly, challenging. Nevertheless, that is exactly what Otto Kekäläinen has tried to do with a proposal that would set up "principles all Debian packages should follow to be open for collaboration in package maintenance". In the near term, it seems unlikely that the proposal will be accepted, but the discussion may be effective at improving collaboration nonetheless.

Judge dismisses majority of GitHub Copilot copyright claims (Developer)

Sre, 08/28/2024 - 14:33
Developer reports that most (but not all) of the claims in the GitHub Copilot lawsuit have been dismissed with prejudice by the judge.

Judge Jon Tigar's ruling, unsealed last week, leaves only two claims standing: one accusing the companies of an open-source license violation and another alleging breach of contract. This decision marks a substantial setback for the developers who argued that GitHub Copilot, which uses OpenAI's technology and is owned by Microsoft, unlawfully trained on their work.

Security updates for Wednesday

Sre, 08/28/2024 - 14:15
Security updates have been issued by Fedora (calibre, dotnet8.0, dovecot, webkit2gtk4.0, and webkitgtk), Oracle (nodejs:20), Red Hat (bind, bind and bind-dyndb-ldap, postgresql:16, and squid), Slackware (kcron and plasma), SUSE (keepalived and webkit2gtk3), and Ubuntu (drupal7).

WineHQ to take over Mono

Tor, 08/27/2024 - 22:46
The Mono project was started in 2001 to develop a .NET environment for Linux systems. Microsoft has owned that project since 2016, but has not made a major release since 2019. The company has now announced that Mono is being handed over to the WineHQ organization, which will maintain the repository going forward. Microsoft, meanwhile, is steering users toward its "modern fork" that it continues to maintain.

Calligra Office 4.0 released

Tor, 08/27/2024 - 18:16

KDE developer Carl Schwan has announced the release of Calligra Office version 4.0. The most significant changes in this release include a "major overhaul" of the office suite's user interface, and a transition to Qt 6 and KDE Frameworks 6.

Call for nominations: Ubuntu Community Council

Tor, 08/27/2024 - 17:15

Nominations are now open for people interested in joining the Ubuntu Community Council, "the highest governance body of the Ubuntu project". Any Ubuntu Member can apply from now until Sunday, September 22 at 23:59 UTC.

The Ubuntu project turned 20 this year, but is still in constant flux. The advent of new communication platforms, new projects under our umbrella, and the ever-growing popularity of the project requires our community to evolve. We need to make sure Ubuntu is set to tackle the challenges of the next 20 years. It needs a strong and active community council to guide the project forwards.

See Merlijn Sebrechts's blog post, "A year in the Ubuntu community council", for an overview of what it's like to serve on the council.

[$] NIST finalizes post-quantum encryption standards

Tor, 08/27/2024 - 14:56

On August 13, the US National Institute of Standards and Technology (NIST) published the final form of its new post-quantum cryptographic standards. One key-exchange mechanism and two digital-signature schemes are now officially sanctioned by the institute. Adopting the new standards should be fairly painless for most developers, but the overhead added by the schemes could pose challenges for some applications.

Security updates for Tuesday

Tor, 08/27/2024 - 13:53
Security updates have been issued by AlmaLinux (nodejs:20), Debian (python3.11), Fedora (dotnet8.0), Red Hat (bind, krb5, libreoffice, linux-firmware, orc, orc:0.4.28, and orc:0.4.31), SUSE (mariadb and openssl-3), and Ubuntu (linux-aws-5.4).

A malicious Pidgin plugin

Pon, 08/26/2024 - 21:45
The developers of the Pidgin chat program have announced that a malicious plugin had been listed on its third-party plugins list for over one month. This plugin included a key logger and could capture screenshots.

It went unnoticed at the time that the plugin was not providing any source code and was only providing binaries for download. Going forward, we will be requiring that all plugins that we link to have an OSI Approved Open Source License and that some level of due diligence has been done to verify that the plugin is safe for users.

Sovereign Tech Fund (STF) to invest in FreeBSD infrastructure modernization

Pon, 08/26/2024 - 18:36

The FreeBSD Foundation has announced that Germany's Sovereign Tech Fund (STF) has agreed to invest €686,400 toward improvements in the FreeBSD project's infrastructure, security, regulatory compliance, and developer experience:

The work commissioned by STF also aligns closely with the recent August 9, 2024 summary report released by the U.S. Office of the National Cyber Director (ONCD), consolidating feedback from the 2023 request for information on key priorities for securing the open source software ecosystem. By enhancing security controls and SBOM tooling, the FreeBSD Foundation is helping to keep FreeBSD at the forefront of improved vulnerability disclosure mechanisms and secure software foundations.

[$] A new version of modversions

Pon, 08/26/2024 - 18:19
The genksyms tool has long been buried deeply within the kernel's build system; it is one of the two C-code parsers shipped with the kernel (the other being the horrifying kernel-doc script). It is a key part of how the kernel's module-loading infrastructure works. While genksyms has quietly done its job for decades, that period may soon be coming to an end. It would seem that genksyms is not up to the task of handling Rust code, so Sami Tolvanen is proposing a new tool to handle this task going forward.

Security updates for Monday

Pon, 08/26/2024 - 18:12
Security updates have been issued by Debian (chromium, python-html-sanitizer, and trafficserver), Fedora (nginx, nginx-mod-fancyindex, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, python-webob, python3-docs, python3.11, python3.12, python3.9, and zabbix), Red Hat (bind, bind and bind-dyndb-ldap, bind9.16, httpd, kernel, kernel-rt, and nodejs:20), SUSE (caddy, chromium, chromium, gn, rust-bindgen, cockpit, fetchmail, gdcm, gh, keybase-client, libhtp, libofx, nano, plasma5-workspace, python-nltk, python-notebook, xen, and znc), and Ubuntu (linux-azure, linux-azure-4.15, linux-azure-5.4, and linux-oracle-5.15).

Kernel prepatch 6.11-rc5

Ned, 08/25/2024 - 16:35
The 6.11-rc5 kernel prepatch is out for testing. "Other than the timing, there's not a whole lot unusual here. The diffstat looks fairly flat, which means 'mostly pretty small changes'." Linus Torvalds added a note that today marks the 33rd anniversary of the first Linux announcement; "A third of a century. And it *still* isn't ready".

[$] The history, status, and plans for reproducible builds

Pet, 08/23/2024 - 14:47
On the second day of DebConf24 in Busan, South Korea, Holger Levsen provided a history lesson on the "first 11 years" of the Reproducible Builds project. He has been involved in the project for most of that time and has been a Debian user since the mid-1990s, contributor since 2001, and a Debian member since 2007; "I love Debian". Meanwhile, his aim is to make all free software be reproducible, so that anyone can check that a binary program comes from the source code it purports to.

Forgejo changes license to GPLv3+

Pet, 08/23/2024 - 14:39

The Forgejo project has announced that, starting from version 9.0, Forgejo will be released under the GPLv3 license (or a later version). Older versions of the software forge remain MIT-licensed.

A copyleft license makes reusing other copyleft software easier. Recently, we discovered that some of the dependencies we used were incompatible with the license Forgejo was distributed with, and they had to be removed for now. Choosing copyleft licenses enables us to reuse more work, and saves us precious time to focus on improving Forgejo itself.
sfy39587f05