Brief items
Security
Security quote of the week
While the impact of this problem is potentially huge, we struggled with setting a severity combined with the knowledge that a user vulnerable to this is using an over twenty years old and vulnerable zlib and has practically "given up" all security. If there actually exist users vulnerable to this flaw in the world, they most likely already have worse problems than this to deal with.
— Daniel Stenberg in a CVE report.
Kernel development
Kernel release status
The current development kernel is 6.14-rc1, released on February 2. Linus remarked:
This is actually a _tiny_ merge window, and that's ok. The holidays clearly meant that people did less development than during a normal cycle, and that then shows up as a much smaller-than-average release. I really felt like this year we got the whole holiday season release timing right, and this is just another sign of that.
Stable updates: 6.13.1, 6.12.12, 6.6.75, 6.1.128, 5.15.178, 5.10.234, and 5.4.290 were released on February 1.
The 6.13.2, 6.12.13, and 6.6.76 stable updates are in the review process; they are due on February 7.
Quotes of the week
The thing that makes Linux kernel development so unpleasant is that so many developers/maintainers are focused on arguing their opinion/position rather than trying to understand the problem and work collaboratively towards a solution.
General muse: if a reviewer asks questions regarding a patch then we should treat those questions as bug reports against the changelogs and code comments: required information is missing. So please let's go through reviewer questions as we prepare the next revision of a patchset and make sure that all those questions are fully answered.— Andrew Morton
Distributions
Distributions quote of the week
I am concerned that if we are not careful the quality of models we are able to offer our users will lag significantly behind the rest of the world. If we are much more strict than other free-software projects, we will limit the models our users can use. Significant sources of training data will be available to others but not our users. I suspect that models that only need to release data information rather than training data will be higher quality because they can have access to things like published books, works that can be freely used, but not freely distributed and the like.— Sam Hartman
Development
GNU Binutils 2.44 Released
Version 2.44 of the GNU Binutils package has been released. Perhaps the most significant change is the absence of the "gold" linker, which is deprecated and about to disappear entirely. Gold appeared in 2008 with some fanfare as a faster linker, but it has suffered from a lack of maintenance in recent years. This release also includes some architecture-specific assembler improvements, and some (non-gold) linker enhancements.Firefox 135.0 released
Version 135.0 of the Firefox web browser has been released. Changes include more languages for the translations feature, increasing roll-out of the credit-card autofill and AI chatbot features, and (perhaps most welcome):
Firefox now includes safeguards to prevent sites from abusing the history API by generating excessive history entries, which can make navigating with the back and forward buttons difficult by cluttering the history. This intervention ensures that such entries, unless interacted with by the user, are skipped when using the back and forward buttons.
Freedesktop looking for new home for its GitLab instance
Visitors to the freedesktop.org GitLab instance are currently being greeted with a message noting that the company who has been hosting it for free for nearly five years, Equinix, has asked that it be moved (or start being paid for) by the end of April. The issue ticket opened by Benjamin Tissoires in order to track the planning of a move is clear that the project is grateful for the gift: "First, I'd like to thank Equinix Metal for the years of support they gave us. They were very kind and generous with us and even if it's a shame we have to move out on a short notice, all things come to an end."
The current cost for the services, much of which is for 50TB of bandwidth data transfer
per month and a half-dozen beefy servers for running continuous-integration
(CI) jobs, comes to around $24,000 per month. Tissoires believes that the
project should start paying for service somewhere, in order to avoid
upheaval of this sort, sometimes on short or no notice. "I personally
think we better have fd.o pay for its own servers, and then have sponsors
chip in. This way, when a sponsor goes away, it's technically much simpler
to just replace the money than change datacenter.
" Various options are
being discussed there, but any move is likely to disrupt normal services
for a week or more.
GNU C Library 2.41 released
Version 2.41 of the GNU C Library has been released. Changes include a number of test-suite improvements, strict-error support in the DNS stub resolver, wrappers for the the sched_setattr() and sched_getattr() system calls, Unicode 16.0.0 support, improved C23 support, support for extensible restartable sequences, Guarded Control Stack support on 64-bit Arm systems, and more.What’s new in GTK, winter 2025 edition
Matthias Clasen has written a short update on a GTK hackfest that took place at FOSDEM and what's coming in GTK 4.18. This includes fixes for pointer sizes in Wayland when fractional scaling is enabled, removal of the old GL renderer in favor of the GL renderer introduced in GTK 4.13.6, and deprecation of X11 and Broadway backends with intent to remove them in GTK 5.
The deprecated backends will remain available until then, and no
action is required by developers at this time, Clasen wrote: "There
is no need to act on deprecations until you are actively porting your
app to the next major version of GTK, which is not on the horizon
yet
".
Servo in 2024: stats, features and donations
The Servo Rust-based rendering engine project has published an article summarizing its progress in 2024, and plans for the future:
Servo main dependencies (SpiderMonkey, Stylo and WebRender) have been upgraded, the new layout engine has kept evolving adding support for floats, tables, flexbox, fonts, etc. By the end of 2024 Servo passes 1,515,229 WPT subtests (79%). Many other new features have been under active development: WebGPU, Shadow DOM, ReadableStream, WebXR, ... Servo now supports two new platforms: Android and OpenHarmony. And we have got the first experiments of applications using Servo as a web engine (like Tauri, Blitz, QtWebView, Cuervo, Verso and Moto).
Thunderbird moving to monthly updates in March
The Thunderbird project has announced that it is making its Release channel the default download beginning with the 135.0 release in March. This will move users to major monthly releases instead of the annual major Extended Support Release (ESR) that is the current default.
One of our goals for 2025 is to increase active installations on the release channel to at least 20% of the total installations. At last check, we had 29,543 active installations on the release channel, compared to 20,918 on beta, and 5,941 on daily. The release channel installations currently account for 0.27% of the 10,784,551 total active installations tracked on stats.thunderbird.net.
Miscellaneous
The Linux Foundation on global regulations and sanctions
The Linux Foundation has published its long-awaited article on international sanctions and open-source development. This is the reasoning that went into the removal of a group of Russian kernel maintainers in October.
It is disappointing that the open source community cannot operate independently of international sanctions programs, but these sanctions are the law of each country and are not optional. Many developers work on open source projects in their spare time, or for fun. Dealing with U.S. and international sanctions was unlikely on the list of things that most (or very likely any) open source developers thought they were signing up for. We hope that in time relevant authorities will clarify that open source and standards activities may continue unabated. Until that time, however, with the direct and indirect sponsorship of developers by companies, the intersection of sanctions on corporate entities leaves us in a place where we cannot ignore the potential risks.
Page editor: Daroc Alden
Next page:
Announcements>>