lwn.net

Kernel developers learn, one way or another, to be careful about memory use; any memory taken by the kernel is not available for use by the actual applications that people keep the computer around to run. So it is unsurprising that eyebrows went up when Joel Fernandes proposed building the source for all of the kernel's headers files into the kernel itself, at a cost of nearly 4MB of unswappable, kernel-space memory. The discussion is ongoing, but it has already highlighted some pain points felt by Android developers in particular.

Security updates have been issued by Debian (drupal7, firefox-esr, and openjdk-8), Fedora (ghostscript, python2-django1.11, and SDL), Red Hat (firefox), Scientific Linux (firefox), SUSE (nodejs4 and openssl-1_1), and Ubuntu (gdk-pixbuf).

The LWN.net Weekly Edition for March 21, 2019 is available.

In software, we tend to build abstraction layers. But, at times, those layers get in the way, so we squash them. In a talk at SCALE 17x in Pasadena, CA, Kyle Anderson surveyed some of the layers that we have built and squashed along the way. He also looked at some of the layers that are being created today with an eye toward where, how, and why they might get squashed moving forward.

Security updates have been issued by Arch Linux (libelf and wordpress), CentOS (cloud-init, cockpit, openssl, and tomcat), Gentoo (openssh), openSUSE (ovmf), Scientific Linux (cloud-init), and SUSE (go1.11, ldb, lftp, libssh2_org, and openwsman).

Version 8.0.0 of the LLVM compiler suite is out. "It's the result of the LLVM community's work over the past six months, including: speculative load hardening, concurrent compilation in the ORC JIT API, no longer experimental WebAssembly target, a Clang option to initialize automatic variables, improved pre-compiled header support in clang-cl, the /Zc:dllexportInlines- flag, RISC-V support in lld." For details one can see separate release notes for LLVM, Clang, Extra Clang Tools, lld, and libc++.

Bradley Kuhn of the Software Freedom Conservancy (SFC) first heard the term "sustainability" being applied to free and open-source software (FOSS) four or five years ago in the wake of Heartbleed. He wondered what the term meant in that context, so he looked into it some. He came to SCALE 17x in Pasadena, CA to give his thoughts on the topic in a talk entitled "If Open Source Isn't Sustainable, Maybe Software Freedom Is?".

Mozilla has released Firefox 66.0. The release notes contain details. New in this release: Firefox now prevents websites from automatically playing sound, improved search experience, smoother scrolling, improved performance and better user experience for extensions, and more.

Stable kernels 5.0.3, 4.20.17, 4.19.30, 4.14.107, and 4.9.164 have been released with the usual set of important fixes. This is the last 4.20.y kernel and users should upgrade to 5.0.y at this time.

Security updates have been issued by CentOS (kernel), Debian (libjpeg-turbo, liblivemedia, neutron, and otrs2), Fedora (SDL), Gentoo (ntp), openSUSE (java-1_8_0-openjdk), Red Hat (cloud-init), Slackware (libssh2), SUSE (libssh2_org, nodejs10, and nodejs8), and Ubuntu (tiff).

Python versions 3.5.7 and 3.4.10 have been released. Both are in "security fixes only" mode and are source-only releases. This is the final release in the Python 3.4 series. The 3.4 branch has been retired, "no further changes to 3.4 will be accepted, and no new releases will be made.

Version 4 of the Solus distribution has been released. "We are proud to announce the immediate availability of Solus 4 Fortitude, a new major release of the Solus operating system. This release delivers a brand new Budgie experience, updated sets of default applications and theming, and hardware enablement." LWN reviewed Solus in 2016.

Security updates have been issued by Debian (ikiwiki, liblivemedia, linux-4.9, rdflib, and sqlalchemy), Fedora (advancecomp, kubernetes, mingw-poppler, and php), Mageia (ikiwiki), openSUSE (chromium, file, and sssd), Red Hat (ansible, openstack-ceilometer, and openstack-octavia), Scientific Linux (kernel), SUSE (galera-3, mariadb, mariadb-connector-c, java-1_8_0-ibm, kernel, nodejs10, openwsman, wireshark, and yast2-rmt), and Ubuntu (file, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, and linux-lts-xenial, linux-aws).

By the time that 5.1-rc1 was released and the 5.1 merge window ended, 11,241 non-merge changesets had been pulled into the mainline repository. Of those, just over 5,000 were pulled since the first 5.1 merge-window summary. It often happens that the biggest changes are pulled early, with the emphasis shifting to fixes by the end of the merge window; this time, though, some of the most significant features were saved for last.

Linus has released 5.1-rc1 and closed the merge window for this development cycle. "A somewhat recent development is how the tools/testing/ updates have been quite noticeable lately. That's not new to the 5.1 merge window, it's been going on for a while, but it's maybe just worth a mention that we have more new selftest changes than we have architecture updates, for example. The documentation subdirectory is also quite noticeable."

Remember the KNOPPIX distribution? KNOPPIX 8.5.0 has been released. It includes a 4.20 kernel, several desktop environments, the ADRIANE audio desktop, UEFI secure boot support, and more.

Your editor has never been a prolific blogger; a hard day in the LWN salt mines tends to reduce the desire to write more material for the net in the scarce free time that remains. But, still, sometimes the desire to post something that is not on-topic for LWN arises. Google+ has served as the outlet for such impulses in recent years, but Google has, in its wisdom, decided to discontinue that service. That leaves a bereft editor searching for alternatives for those times when the world simply has to hear his political opinions or yet another air-travel complaint, preferably one that won't vanish at the whim of some corporation. Recently, a simple blog-hosting system called WriteFreely came to light; it offers a platform that just might serve as a substitute for centralized offerings.

Here's a SUSE press release hyping its transition to being "the largest independent open-source company". "As it has for more than 25 years, SUSE remains committed to an open source development and business model and to actively participating in communities and projects to bring open source innovation to the enterprise as high-quality, reliable and usable solutions. This truly open, open source model refers to the flexibility and freedom of choice provided to customers and partners to create best-of-breed solutions that combine SUSE technologies with other products and technologies in their IT landscape through open standards and at different levels in their architecture, without forcing a locked-in stack."

Thomas Haller writes about the WireGuard integration in NetworkManager 1.16. "NetworkManager provides a de facto standard API for configuring networking on the host. This allows different tools to integrate and interoperate — from cli, tui, GUI, to cockpit. All these different components may now make use of the API also for configuring WireGuard. One advantage for the end user is that a GUI for WireGuard is now within reach." (See this article for more information on WireGuard.)

When Leaderless Debian was written, it seemed entirely plausible that there would still be no candidates for the project leader office even after the extended nomination deadline passed. It is now clear that there will be no need to extend the deadline further, since three candidates (Joerg Jaspert, Jonathan Carter, and Sam Hartman) have stepped forward. It seems likely that the wider discussion on the role of the Debian project leader will continue but, in the meantime, the office will not sit empty.