lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 2시간 23초 지남

Security updates for Thursday

목, 2024/01/25 - 11:18오후
Security updates have been issued by Debian (chromium, firefox-esr, php-phpseclib, phpseclib, thunderbird, and zabbix), Fedora (dotnet7.0, firefox, fonttools, and python-jinja2), Mageia (avahi and chromium-browser-stable), Oracle (java-1.8.0-openjdk, java-11-openjdk, LibRaw, openssl, and python-pillow), Red Hat (gnutls, kpatch-patch, php:8.1, and squid:4), SUSE (apache-parent, apache-sshd, bluez, cacti, cacti-spine, erlang, firefox, java-11-openjdk, opera, python-Pillow, tomcat, tomcat10, and xwayland), and Ubuntu (paramiko and puma).

[$] LWN.net Weekly Edition for January 25, 2024

목, 2024/01/25 - 9:23오전
The LWN.net Weekly Edition for January 25, 2024 is available.

[$] Python, packaging, and pip—again

목, 2024/01/25 - 7:19오전
Python packaging discussions seem like they often just go around and around, ending up where they started and recapitulating many of the points that have come up before. A recent discussion revolves around the pip package installer, as they often do. The central role that is occupied by pip has both good points and bad. There is a clear need for something that can install from the Python Package Index (PyPI) immediately after Python itself is installed. Whether there should be additional features, including project management, that come "inside the box", as well, is much less clear—not unlike the question of which project management "style" should be chosen.

Security updates for Wednesday

수, 2024/01/24 - 11:46오후
Security updates have been issued by Debian (jinja2, openjdk-11, ruby-httparty, and xorg-server), Fedora (ansible-core and mingw-jasper), Gentoo (GOCR, Ruby, and sudo), Oracle (gstreamer-plugins-bad-free, java-17-openjdk, java-21-openjdk, python-cryptography, and xorg-x11-server), Red Hat (kernel, kernel-rt, kpatch-patch, LibRaw, python-pillow, and python-pip), Slackware (mozilla), SUSE (python-Pillow, rear118a, and redis7), and Ubuntu (libapache-session-ldap-perl and pycryptodome).

[$] Microdot: a web framework for microntrollers

수, 2024/01/24 - 7:51오전
There are many different Python web frameworks, from nano-frameworks all the way up to the full-stack variety. One that recently caught my eye is Microdot, the "impossibly small web framework for Python and MicroPython"; since it targets MicroPython, it is plausible for running the user interface of an "internet of things" (IoT) device, for example. Beyond that, it is Flask-inspired, which should make it reasonably familiar to many potential web developers.

Firefox 122.0 released

수, 2024/01/24 - 1:21오전
Version 122.0 of the Firefox browser it out. Changes include improved search suggestions, improvements to the in-browser translation feature, better line-breaking compatibility, and a shiny new .deb package.

Security updates for Tuesday

화, 2024/01/23 - 11:48오후
Security updates have been issued by Debian (kodi and squid), Fedora (ansible-core, java-latest-openjdk, mingw-python-jinja2, openssh, and pgadmin4), Gentoo (Apache XML-RPC), Red Hat (gnutls and xorg-x11-server), Slackware (postfix), SUSE (bluez and openssl-3), and Ubuntu (gnutls28, libssh, and squid).

[$] The rest of the 6.8 merge window

화, 2024/01/23 - 2:20오전
Linus Torvalds was able to release 6.8-rc1 and close the 6.8 merge window on time despite losing power to his home for most of a week. He noted that this merge window is "maybe a bit smaller than usual", but 12,239 non-merge changesets found their way into the mainline, so it's not that small. About 8,000 of those changes were merged since the first-half summary was written; the second half saw a lot of device-driver updates, but there were other interesting changes as well.

Security updates for Monday

월, 2024/01/22 - 11:36오후
Security updates have been issued by Debian (keystone and subunit), Fedora (dotnet6.0, golang, kernel, sos, and tigervnc), Mageia (erlang), Red Hat (openssl), SUSE (bluez, python-aiohttp, and seamonkey), and Ubuntu (postfix and xorg-server).

Kernel prepatch 6.8-rc1

월, 2024/01/22 - 9:47오전
The 6.8-rc1 kernel prepatch is out for testing.

So this wasn't the most pleasant merge window, but most of the unpleasantness was entirely unrelated to the code base and almost entirely related to nasty weather. Just a few technical hiccups. And after a very big 6.7 release, 6.8 looks to actually be smaller than average, although not really all that significantly so.


Some weekend stable kernel updates

일, 2024/01/21 - 2:00오전
The 6.7.1, 6.6.13, and 6.1.74 stable kernel updates have been released; each contains another set of important fixes.

SourceHut outage post-mortem

토, 2024/01/20 - 5:20오전

SourceHut has published a post-mortem of its outage earlier this month. The post-mortem covers the causes of the outage and what steps SourceHut took to mitigate it, ending by saying:

As unfortunate as these events were, we welcome opportunities to stress-test our emergency procedures; we found them to be compatible with our objectives for the alpha and we learned a lot of ways to improve our reliability further for the future. We are going to continue working on our post-incident tasks, building up our infrastructure’s resilience, reliability, and scalability as planned. Once we address the high-priority tasks, though, our first order of business in the immediate future will be to get some rest.

[$] Jujutsu: a new, Git-compatible version control system

토, 2024/01/20 - 5:15오전

Jujutsu is a Git-compatible distributed version control system originally started as a hobby project by Martin von Zweigbergk in 2019. It is intended to be a simpler, more performant Git replacement. Jujutsu boasts a radically simplified user interface and integrates ideas from patch-based version control systems for a novel take on resolving merge conflicts. It is written in Rust and available under an Apache 2.0 license.


Dave Mills RIP

토, 2024/01/20 - 1:39오전
Internet pioneer and Network Time Protocol (NTP) inventor Dave Mills has died, as reported by Vint Cerf: His daughter, Leigh, just sent me the news that Dave passed away peacefully on January 17, 2024. He was such an iconic element of the early Internet. Network Time Protocol, the Fuzzball routers of the early NSFNET, INARG taskforce lead, COMSAT Labs and University of Delaware and so much more.

More information about Mills can be found on his Wikipedia page.


[$] mseal() gets closer

토, 2024/01/20 - 12:14오전
The proposed mseal() system call stirred up some controversy when it was first posted in October 2023. Since then, it has been evolving in a quieter fashion, and seems to have reached a point where the relevant commenters are willing to accept it. Should mseal() be merged in a future development cycle, it will look rather different than it did at the outset.

Clarifying Misunderstandings of Slowroll (openSUSE News)

금, 2024/01/19 - 11:56오후
The openSUSE News site has put up a brief article on how Slowroll fits into the spectrum of openSUSE distributions.

The idea behind Slowroll is to offer a distribution that improves stability without losing access to new features in the base packages such as the kernel, desktop environments and packaging. These slower update cycles allow for more extensive testing and validation of packages before their inclusion. Think of Slowroll as more of a skip than a Leap.


Security updates for Friday

금, 2024/01/19 - 11:55오후
Security updates have been issued by Fedora (chromium, golang-github-facebook-time, podman, and xorg-x11-server-Xwayland), Oracle (.NET 6.0, java-1.8.0-openjdk, java-11-openjdk, and python3.11-cryptography), Red Hat (java-11-openjdk, python-requests, and python-urllib3), SUSE (chromium, kernel, libcryptopp, libuev, perl-Spreadsheet-ParseExcel, suse-module-tools, and xwayland), and Ubuntu (filezilla and xerces-c).

Villa: Will the new judicial ruling in the Vizio lawsuit strengthen the GPL?

금, 2024/01/19 - 4:29오전
Luis Villa writes about the recent ruling in the Software Freedom Conservancy's GPL-violation lawsuit against Vizio, wherein the judge refused to agree that the SFC lacks standing to sue.

In some sense, not much has changed: if you were obligated to comply with the GPL two weeks ago, you have the same obligations today. If you didn’t have obligations then, you don’t have them now.

What has changed is who can enforce those obligations. Two weeks ago, we mostly believed that enforcement could only come from the authors of the code. Those folks rarely had time, money, or interest for litigation, and they might also face a lot of pressure from their peers and employers to avoid litigation.

If this ruling holds up at the end of the case, the number of potential enforcers just went way up.


[$] Improved code generation in the CPython JIT

금, 2024/01/19 - 2:57오전

Ken Jin from the Faster CPython project has been working on taking Python's recently-added just-in-time (JIT) compiler further by adding support for a peephole optimizer that rewrites the JIT's intermediate representation to introduce constant folding, type specialization, and other optimizations. Those techniques should provide significant benefits for the performance of many different types of code running on CPython.


Security updates for Thursday

금, 2024/01/19 - 2:41오전
Security updates have been issued by CentOS (ImageMagick), Debian (chromium), Fedora (golang-x-crypto, golang-x-mod, golang-x-net, golang-x-text, gtkwave, redis, and zbar), Mageia (tinyxml), Oracle (.NET 7.0, .NET 8.0, java-1.8.0-openjdk, java-11-openjdk, python3, and sqlite), Red Hat (gstreamer-plugins-bad-free, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and java-21-openjdk), SUSE (kernel, libqt5-qtbase, libssh, pam, rear23a, and rear27a), and Ubuntu (pam and zookeeper).