LWN.net News from the source
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
The kernel development community is organized as a hierarchy, with developers submitting patches to maintainers who will, in turn, commit those patches to a repository and push them upstream to higher-level maintainers. This hierarchy logically looks a lot like the directory hierarchy of the kernel source itself; most maintainers look after one or more subtrees of the kernel source tree. But does that model really describe how patches make it into the mainline? The kernel's git repository, with the aid of some scripting, holds an answer to that question.
Glyn Moody conducted an interview with Ian Murdock in 1999. In this article on Ars Technica, Glyn looks back at Debian's early history, as Ian recounted it in that interview. "When we spoke in 1999, he was delighted by how the project had continued to develop: "I often tell people that I didn't know that Debian would be a success until after I left. Because the whole idea was that Debian would be something that would take on a life of its own, and that if it could do that it would outlive my involvement. And it did, and in fact it's not just surviving, but it's thriving. And I'm very proud of that.""
The LWN.net Weekly Edition for December 24, 2015 is available.
Inside this week's LWN.net Weekly Edition
Debian has updated git (code execution) and kernel (multiple vulnerabilities).
Debian-LTS has updated linux-2.6 (three vulnerabilities).
Fedora has updated openvpn (F23: multiple vulnerabilities) and quassel (F23; F22: denial of service).
Oracle has updated thunderbird (OL7; OL6: multiple vulnerabilities).
Red Hat has updated thunderbird (RHEL5,6,7: multiple vulnerabilities).
SUSE has updated samba (SLE11-SP2: multiple vulnerabilities).
Ubuntu has updated kernel (15.10; 15.04: privilege escalation), ldb (two vulnerabilities), linux-lts-vivid (14.04: privilege escalation), linux-lts-wily (14.04: privilege escalation), linux-raspi2 (15.10: privilege escalation), and samba (multiple vulnerabilities).
Anybody who has been paying attention to the net over the last week or so will certainly have noticed an abundance of articles with titles like "How to hack any Linux machine just using backspace". All this press does indeed highlight an important vulnerability, but it may not be the one that they think they are talking about.
Click below (no subscription required) for the full text.
Linux.com covers two announcements from the Linux Foundation Automotive Grade Linux (AGL) Collaborative Project. Four new major automotive OEMs have joined the project, and a new AGL Unified Code Base (UCB) distribution has been released. "At CES, the AGL UCB will be featured as part of the GENIVI CES 2016 Demonstration Showcase in the Trump International Hotel on January 6-7, 2016. Demo applications for navigation, HVAC control, radio, media player and browser, settings and home screen are on display this week. This new distribution integrates the best components from AGL, Tizen, GENIVI and related open source code into a single AGL Unified Code Base, allowing carmakers to leverage a common platform for rapid innovation."
The LWN.net Weekly Edition for December 17, 2015 is available.
Inside this week's LWN.net Weekly Edition
Fedora has updated bouncycastle (F22: invalid curve attack), jenkins (F23; F22: multiple vulnerabilities), libpng15 (F23; F22: two vulnerabilities), and pcre (F22: multiple vulnerabilities).
openSUSE has updated xfsprogs (Leap42.1: information disclosure).
SUSE has updated kvm (SLE11-SP3: two vulnerabilities).
![[Overview screen]](https://static.lwn.net/images/2015/utouch/overview-sm.png)
Back in early 2013, your editor dedicated a
sacrificial handset to the testing of the then-new Ubuntu Touch
distribution. At that time, things were so unbaked that the distribution
came with mocked-up data for unready apps; it even came with a set of fake
tweets. Nearly three years later, it seemed time to give Ubuntu Touch
another try on another sacrificial device. This distribution has certainly
made some progress in those years, but, sadly, it still seems far from being
a competitive offering in this space.
The Git 2.7.0 release is now available, adding a number of enhancements to this version-control system. The headline feature appears to be a much-needed rework of gitk for better appearance on high-DPI displays, but there are a number of other improvements as well.
![[Photoflow]](https://static.lwn.net/images/2015/12-photoflow-main-tiny.png)
The PhotoFlow image
editor is a relative newcomer to the field of free-software
photography tools. The project was started in 2014, and some people
might consider it an odd choice of undertaking—given that there
are, these days, quite a few capable raw-photo editors to choose
from. But PhotoFlow does bring something new to the table.
Click below (subscribers only) for the full review.
Dan Gillmor describes his experience moving to Ubuntu full-time. "So for anyone who’s even slightly interested in retaining significant independence in desktop and laptop computing, Linux is looking like the last refuge. (On an assortment of other devices, from supercomputers to servers to mobile phones to embedded systems, Linux is already a powerhouse.) I’m glad I made this move."
The LWN.net Weekly Edition for December 10, 2015 is available.
Inside this week's LWN.net Weekly Edition
RFC 1883, Internet Protocol, Version 6 (IPv6) Specification, was published 20 years ago. Ars Technica takes a look at IPv6 adoption. "First the good news. According to Google's statistics, on December 26, the world reached 9.98 percent IPv6 deployment, up from just under 6 percent a year earlier. Google measures IPv6 deployment by having a small fraction of their users execute a Javascript program that tests whether the computer in question can load URLs over IPv6. During weekends, a tenth of Google's users are able to do this, but during weekdays it's less than 8 percent. Apparently more people have IPv6 available at home than at work."
Given the processing requirements for high-speed networking, it is not surprising that there is interest in offloading some of that work to dedicated hardware. Linux has always carefully limited the support provided for such offloading, though; it has been just over ten years since support for TCP offload engines was definitively blocked from entering the Linux network stack. That rejection was driven by a number of concerns, with a reluctance to entrust network-protocol processing to closed-source, unextendable, unfixable software being near the top of the list. Nearly ten years later, offload engines are again the topic of fierce discussion. The hardware has changed, but the concerns have not; indeed, some of the problems being worked around now show why those concerns were valid in the first place.
Arch Linux has updated rtmpdump (code execution).
Debian has updated samba (multiple vulnerabilities).
Debian-LTS has updated cacti (regression in previous update), libvncserver (memory corruption), and samba (multiple vulnerabilities).
Fedora has updated claws-mail (F22: code execution), conntrack-tools (F23; F22: denial of service), libpng12 (F23; F22: multiple vulnerabilities), mediawiki (F23: multiple vulnerabilities), mingw-giflib (F23; F22: heap-based buffer overflow), thunderbird (F22: multiple vulnerabilities), and xen (F22: multiple vulnerabilities).
openSUSE has updated claws-mail (Leap42.1, 13.2, 13.1: code execution) and firefox (Leap42.1, 13.2, 13.1: signature forgery).
SUSE has updated kvm (SLE11-SP4: two vulnerabilities).
The LWN.net Weekly Edition for December 3, 2015 is available.
Inside this week's LWN.net Weekly Edition
As expected, Linus has released 4.4-rc8 rather than the final 4.4 release. "Normally, me doing an eighth release candidate means that there is some unresolved issue that still needs more time to get fixed. This time around, it just means that I want to make sure that everybody is back from the holidays and there isn't anything pending, and that people have time to get their merge window pull requests all lined up. No excuses about how you didn't have time to get things done by the time the merge window opened, now."
While the event had a certain amount of drama surrounding it, the announcement of the end for the Debian Live project seems likely to have less of an impact than it first appeared. The loss of the lead developer will certainly be felt—and the treatment he and the project received seems rather baffling—but the project looks like it will continue in some form. So Debian will still have tools to create live CDs and other media going forward, but what appears to be a long-simmering dispute between project founder and leader Daniel Baumann and the Debian CD and installer teams has been "resolved", albeit in an unfortunate fashion.
Subscribers can click below for the full story from this week's Distributions page.
James Bottomley is trying to make life easier for projects that want to accept contributions using the developer certificate of origin as the contribution agreement, but which are concerned about patent grants. "The lever that will help to make this move is a simple pledge, which can be published on a corporate website, that allows corporations expecting to make legitimate contributions to patent binding licences under the DCO to do so properly without needing any additional Contributor Licence Agreements. Essentially it would be an explicit statement that when their developers submit code to a project under the DCO using a corporate signoff, they’re acting as agents for the necessary patent and copyright grants, meaning you can always trust a DCO signoff from that corporation."
Copyright © 2016, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds