LWN.net
[$] The rest of the 6.11 merge window
Security updates for Monday
Kernel prepatch 6.11-rc1
Note that the extensible scheduler class ("sched_ext") was not merged, even though Torvalds had said he would back in June. Sched_ext, it seems, will need another development cycle out of tree.
Stable kernel updates for Saturday
[$] May the FOLL_FORCE not be with you
Security updates for Friday
[$] What became of getrandom() in the vDSO
[$] More informative kernel panics for Fedora
On July 12, Jocelyn Falempe proposed a change to the configuration options that Fedora sets for its kernels, in order to make kernel panics easier to report. Falempe would like to enable the kernel's recently added DRM-panic feature, which adds a graphical crash screen that is reminiscent of the infamous Windows "blue screen of death" for kernel panics. The feature introduces a few tradeoffs, including currently limited driver support, so the proposal spawned a good deal of discussion.
Rust 1.80.0 released
Three new stable kernels
Security updates for Thursday
Linux Mint 22 "Wilma" released
Linux Mint has announced version 22 of the distribution in three editions: Cinnamon, MATE, and Xfce. Mint 22 is based on Ubuntu 24.04 and uses kernel version 6.8.0:
Linux Mint 22 is a long term support release which will be supported until 2029. It comes with updated software and brings refinements and many new features to make your desktop even more comfortable to use.LWN covered the Linux Mint 22 beta in early July. See the new features page and release notes for more information on this release.
[$] LWN.net Weekly Edition for July 25, 2024
Stable kernel update 6.10.1
Greg Kroah-Hartman has released the 6.10.1 stable kernel update. This release contains a small number of seemingly urgent regression fixes. Users of this kernel series are advised to upgrade.
OpenMandriva ROME 24.07 released
Updated installation images for the OpenMandriva ROME rolling release Linux distribution are now available. Notable features in the 24.07 snapshot include KDE Plasma 6 as the default desktop, the addition of Proton and Proton experimental packages for playing Windows games on Linux, as well as GNOME 46.3 and LXQt 2.0.0 spins.
OpenSSL announces new governance structure
OpenSSL has announced that it has adopted a new governance framework:
The OpenSSL Management Committee (OMC) has been dissolved, and two boards of directors have been elected for the Foundation and the Corporation. Each organization has ten voting members. These boards share all the responsibilities and authorities of the former OMC co-equally.
To further engage our communities, we are establishing two advisory committees for each entity: a Business Advisory Committee (BAC) and a Technical Advisory Committee (TAC). The communities will elect the members of the BACs and TACs, creating a direct channel for community input in roadmap development and reflecting the diverse perspectives of OpenSSL's communities.
OpenSSL has also announced that two projects have adopted the OpenSSL Mission and become OpenSSL projects: Bouncy Castle, which provides cryptographic APIs for Java and C#, and the cryptlib security software development toolkit. See the announcement for full details.
[$] Large folios, swap, and FS-Cache
[$] Lessons from the death and rebirth of Thunderbird
Ryan Sipes told the audience during his keynote at GUADEC 2024 in Denver, Colorado that the Thunderbird mail client "probably shouldn't still be alive". Thunderbird, however, is not only alive—it is arguably in better shape than ever before. According to Sipes, the project's turnaround is a result of governance, storytelling, and learning to be comfortable asking users for money. He would also like it quite a bit if Linux distributions stopped turning off telemetry.
Let's Encrypt plans to drop support for OCSP
Let's Encrypt has announced that it intends to end support "as soon as possible" for the Online Certificate Status Protocol (OCSP) over privacy concerns. OCSP was developed as a lighter-weight alternative to Certificate Revocation Lists (CRLs) that did not involve downloading the entire CRL in order to check whether a certificate was valid. Let's Encrypt will continue supporting OCSP as long as it is a requirement for Microsoft's Trusted Root Program, but hopes to discontinue it soon:
We plan to end support for OCSP primarily because it represents a considerable risk to privacy on the Internet. When someone visits a website using a browser or other software that checks for certificate revocation via OCSP, the Certificate Authority (CA) operating the OCSP responder immediately becomes aware of which website is being visited from that visitor's particular IP address. Even when a CA intentionally does not retain this information, as is the case with Let's Encrypt, CAs could be legally compelled to collect it. CRLs do not have this issue.People using Let's Encrypt as their CA should, for the most part, not need to change their setups. All modern browsers support CRLs, so end-users shouldn't notice an impact either.