lwn.net

Statically typed programming languages can help catch mismatches between the kinds of values a program is intended to manipulate, and the values it actually manipulates. While there have been many bytes spent on discussions of whether this is worth the effort, some programming language designers believe that the type checking in current languages does not go far enough. Koka, an experimental functional programming language, extends its type system with an effect system that tracks the side-effects a program will have in the course of producing a value.

Security updates have been issued by AlmaLinux (golang, openjpeg2, toolbox, and xterm), Debian (libxslt, mbedtls, openjdk-17, and webkit2gtk), Fedora (apptainer, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, rust-h2, and uv), Oracle (golang, kernel, and openjpeg2), Red Hat (kernel and xterm), SUSE (389-ds, cairo, container-suseconnect, kernel, lua51-luajit, postgresql13, and trivy), and Ubuntu (linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime and openldap).

The JetBrains blog presents the results of the eighth annual Python Developers Survey, carried out in partnership with the Python Software Foundation.

This year, 51% of all surveyed Python developers are involved in data exploration and processing, with pandas and NumPy being the tools most commonly used for this.

Many of us in the Python pundit space have talked about Python as being divided into thirds: One-third web development, one-third data science and pure science, and one-third as a catch-all bin.

We need to rethink that positioning now that one of those thirds is overwhelmingly the most significant portion of Python.

The Git distributed version-control system has release version 2.51, with "506 non-merge commits since v2.50.1, contributed by 91 people, 21 of which are new faces". It brings multiple new features, some of which are highlighted in a post on the GitHub blog. It includes some performance improvements for multi-pack indexes (MIDXs), a way to import and export stash entries so they can be migrated more easily, and smaller pack files: Git 2.51 takes the spirit of that change and goes a step further by introducing a new way to collect objects when repacking, called "path walk". Instead of walking objects in revision order with Git emitting objects with their corresponding path names along the way, the path walk approach emits all objects from a given path at the same time. This approach avoids the name-hash heuristic altogether and can look for deltas within groups of objects that are known to be at the same path.

As a result, Git can generate packs using the path walk approach that are often significantly smaller than even those generated with the new name hash function described above. Its timings are competitive even with generating packs using the existing revision order traversal.

Rebooting a computer ordinarily brings an abrupt end to any state built up by the old system; the new kernel starts from scratch. There are, however, people who would like to be able to reboot their systems without disrupting the workloads running therein. Various developers are currently partway through the project of adding this capability, in the form of "kexec handover" and the "live update orchestrator", to the kernel.

Security updates have been issued by AlmaLinux (go-toolset:rhel8, kernel, and kernel-rt), Fedora (chromium), Oracle (libxml2), Red Hat (go-toolset:rhel8, golang, kernel, kernel-rt, openjpeg2, rsync, and tigervnc), and SUSE (apache-commons-lang3, chromedriver, fractal, framework_tool, go1.23-openssl, go1.24-openssl, grub2, gstreamer-devtools, gstreamer-plugins-rs, jasper, libavif, lighttpd, nginx, podman, postgresql13, postgresql14, postgresql15, postgresql16, python311-pypdf, ruby2.5, rust-keylime, tiff, tomcat, tomcat10, and tomcat11).

The second 6.17 kernel prepatch is out for testing. "So it's been a very calm week, and this is one of the smaller rc2 releases we've had lately. I'm definitely not complaining, since I've been jetlagged much of the week, but I have this suspicion that it just means that next week will see more noise."

Mitchell Hashimoto has written a blog post about "fully embracing the GObject type system" with a rewrite of the GTK version of Ghostty:

In addition to memory management [improvements], we can now more easily create custom GTK widgets. This let us fully embrace modern GTK UI technologies such as Blueprint. For example, here is our terminal window Blueprint file. This has already led to more easily introducing GUI features like a new GTK titlebar tabs option, an animated border on bell, etc.

The rewrite is now the default if one builds Ghostty from source, and will be included in the 1.2 release that is expected in the next few weeks. LWN covered Ghostty in January.

Greg Kroah-Hartman has announced the release of the 6.16.1, 6.15.10, 6.12.42, 6.6.102, and 6.1.148 stable kernels. Get them while they're hot!

The purpose of the Filesystem Hierarchy Standard (FHS) is to provide a specification for filesystem layout; it specifies the location for files and directories on a Linux system to simplify application development for multiple distributions. In its heyday it had some success at this, but the standard has been frozen in time since 2015, and much has changed since then. There is a slow-moving effort to revive the FHS and create a FHS 4.0, but a recent discussion among Fedora developers also raised the possibility of standardizing on the suggestions in systemd's file-hierarchy documentation, which has now been added to the Linux Userspace API (UAPI) Group's specifications.

Security updates have been issued by AlmaLinux (kernel and webkit2gtk3), Debian (aide and postgresql-13), Fedora (libtiff, mupdf, and pandoc), SUSE (cairo, chromium, gstreamer-plugins-base, ImageMagick, iputils, kubernetes1.23, kubernetes1.26, matrix-synapse, Mesa, pgadmin4, python3, qemu, and rz-pm), and Ubuntu (aide).

One might imagine that managing a page full of zeroes would be a relatively straightforward task; there is, after all, no data of note that must be preserved there. The management of the huge zero folio in the kernel, though, shows that life is often not as simple as it seems. Tradeoffs between conflicting objectives have driven the design of this core functionality in different directions over the years, but much of the associated complexity may be about to go away.

Security updates have been issued by AlmaLinux (kernel, python3.11-setuptools, thunderbird, and toolbox), Debian (chromium), Fedora (open62541 and perl-Authen-SASL), Oracle (git, kernel, konsole, and webkit2gtk3), SUSE (framework-inputmodule-control and poppler), and Ubuntu (apache2, mysql-8.0, mysql-8.4, node-qs, request-tracker5, and ruby-sidekiq).

Inside this week's LWN.net Weekly Edition:

• Front: Indico; Arch Linux wiki; StarDict; Python debugging; LLM assistants for kernel development; 6.17 Merge window; Signed BPF programs.
• Briefs: CalyxOS; ACME on NGINX; Debian 13; LVFS sustainability; Go 1.25; Radicle 1.3.0; Rust 1.89; Syncthing 2.0; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

NGINX has announced the preview release of the nginx-acme module, which adds native support to NGINX for the Automatic Certificate Management Environment (ACME) protocol:

NGINX's native support for ACME brings a variety of benefits that simplify and enhance the overall SSL/TLS certificate management process. Being able to configure ACME directly using NGINX directives drastically reduces manual errors and eliminates much of the ongoing overhead traditionally associated with managing SSL/TLS certificates. It also reduces reliance on external tools like Certbot, creating a more secure and streamlined workflow with fewer vulnerabilities and a smaller attack surface.

Version 1.25 of Go has been released. Notable changes include support for generating debug information in the DWARF 5 format, "container awareness" when setting the maximum number of CPUs to be used, and a new testing/synctest package with support for testing concurrent code. See the release notes for a comprehensive list of changes in 1.25.

Version 2.0 of Syncthing, a continuous file synchronization utility, has been released. Notable changes in 2.0 include multiple connections for synchronizing metadata and file data, a new logging format, as well as a switch from LevelDB to SQLite for Syncthing's backend. This the first release in the 2.0 series, and the release notes advise users to "expect some rough edges and keep a sense of adventure".

The Indico event-management tool has been in development at CERN for two decades at this point. The MIT-licensed web application helps organize conferences, meetings, workshops, and so on; it runs on Python and uses the Flask web framework. Two software engineers on the project, Dominic Hollis and Tomas Roun, came to EuroPython 2025 in Prague to talk about Indico, its history, and some metrics about its community. There is a bit of a connection between Indico and the conference: in 2006 and 2007, the tool was used to manage EuroPython.

Security updates have been issued by Debian (apache2, kernel, linux-6.1, openjdk-17, and pgpool2), Fedora (glib2, matrix-synapse, openjpeg, python3-docs, and python3.13), Oracle (gdk-pixbuf2, glibc, java-1.8.0-openjdk, kernel, libxml2, python-requests, python3.11-setuptools, and thunderbird), SUSE (amber-cli, apache-commons-lang3, eclipse-jgit, go1.23, go1.24, govulncheck-vulndb, grub2, icinga2, kubernetes1.23, libgcrypt, python3, python313, sccache, slurm, tiff, and webkit2gtk3), and Ubuntu (linux-oracle).

BPF programs are loaded directly into the kernel. Even though the verifier protects the kernel from certain kinds of misbehavior in BPF programs, some people are still justifiably concerned about adding unsigned code to their kernel. A fully correct BPF program can still be used to expose sensitive data, for example. To remedy this, Blaise Boscaccy and KP Singh have both shared patch sets that add ways to verify cryptographic signatures of BPF programs, allowing users to configure their kernels to load only pre-approved BPF programs. This work follows on from the discussion at the Linux Storage, Filesystem, Memory-Management, and BPF Summit (LSFMM+BPF) in April and Boscaccy's earlier proposal of a Linux Security Module (LSM) to accomplish the same goal. There are still some fundamental disagreements over the best approach to signing BPF programs, however.