Brief items
Security
The State of OpenSSL for pyca/cryptography
Paul Kehrer and Alex Gaynor, maintainers of the Python cryptography module, have put out some strongly worded criticism of OpenSSL. It comes from a talk they gave at the OpenSSL conference in October 2025 (YouTube video). The post goes into a lot of detail about the problems with the OpenSSL code base and testing, which has led the cryptography team to reconsider using the library. "The mistakes we see in OpenSSL's development have become so significant that we believe substantial changes are required — either to OpenSSL, or to our reliance on it." They go further in the conclusion:
First, we will no longer require OpenSSL implementations for new functionality. Where we deem it desirable, we will add new APIs that are only on LibreSSL/BoringSSL/AWS-LC. Concretely, we expect to add ML-KEM and ML-DSA APIs that are only available with LibreSSL/BoringSSL/AWS-LC, and not with OpenSSL.Second, we currently statically link a copy of OpenSSL in our wheels (binary artifacts). We are beginning the process of looking into what would be required to change our wheels to link against one of the OpenSSL forks.
If we are able to successfully switch to one of OpenSSL's forks for our binary wheels, we will begin considering the circumstances under which we would drop support for OpenSSL entirely.
Kernel development
Kernel release status
The current development kernel is 6.19-rc5, released on January 11. Linus said: "Nothing looks strange, and this could be a perfectly normal rc5. I'm still planning on doing an rc8 this release due to the holidays, but it all feels pretty regular."
Stable updates: 6.18.4 and 6.12.64 were released on January 8, followed by 6.18.5, 6.12.65, 6.6.120, and 6.1.160 on January 11.
The LSFMM+BPF 2026 call for proposals is out
The 2026 edition of the Linux Storage, Filesystem, Memory Management, and BPF Summit will be held May 4-6 in Zagreb, Croatia. The call for proposals has gone out for anybody who would like to attend this invitation-only meeting. "We are asking that you please let us know you want to be invited by February 20, 2026".
Distributions
Fedora Linux 43 election results
The Fedora Project has announced the results of the Fedora 43 election cycle. Five seats were open on the Fedora Engineering Steering Committee (FESCo), and the winners are Kevin Fenzi, Zbigniew Jędrzejewski-Szmek, Timothée Ravier, Dave Cantrell, and Máirín Duffy.
Gentoo looks back on 2025
Gentoo Linux has published a 2025 project retrospective that looks at how the community has evolved, changes to the distribution, infrastructure, and finances for the Gentoo Foundation.
Gentoo currently consists of 31663 ebuilds for 19174 different packages. For amd64 (x86-64), there are 89 GBytes of binary packages available on the mirrors. Gentoo each week builds 154 distinct installation stages for different processor architectures and system configurations, with an overwhelming part of these fully up-to-date.
The number of commits to the main ::gentoo repository has remained at an overall high level in 2025, with a slight decrease from 123942 to 112927. The number of commits by external contributors was 9396, now across 377 unique external authors.
Distributions quote of the week
— Jef SpaletaI expect Fedora flatpaks to continue to exist. Continuing to have a call to stop all operations is not constructive.
I want to ensure it has a scoped mission that makes sense as a benefit for the wider ecosystem in some capacity. I want to make sure its sustainable, that draws on lessons learned historically from EPEL. And if I can figure out a way to do this in partnership with flathub so its existence feels less duplicative. But that's all just context for possible futures. None of which do I envision shuttering Fedora flatpaks entirely.
Development
European Commission issues call for evidence on open source
The European Commission has opened a "call for evidence" to help shape its European Open Digital Ecosystem Strategy. The commission is looking to reduce its dependence on software from non-EU countries:
The EU faces a significant problem of dependence on non-EU countries in the digital sphere. This reduces users' choice, hampers EU companies' competitiveness and can raise supply chain security issues as it makes it difficult to control our digital infrastructure (both physical and software components), potentially creating vulnerabilities including in critical sectors. In the last few years, it has been widely acknowledged that open source – which is a public good to be freely used, modified, and redistributed – has the strong potential to underpin a diverse portfolio of high-quality and secure digital solutions that are valid alternatives to proprietary ones. By doing so, it increases user agency, helps regain control and boost the resilience of our digital infrastructure.
The feedback period runs until midnight (Brussels time)
February 3, 2026. The commission seeks input from all interested
stakeholders, "in particular the European open-source community
(including individual contributors, open-source companies and
foundations), public administrations, specialised business sectors,
the ICT industry, academia and research institutions
".
Evans: A data model for Git (and other docs updates)
On her blog, Julia Evans writes about improving Git documentation, including a new data model man page she wrote with Marie LeBlanc Flanagan, and updates to the pages for several other Git sub-commands (add, checkout, push, and pull). As part of the process, she asked Git users to describe problems they had run into in the documentation, which helped guide the changes that she made.I'm excited about this because understanding how Git organizes its commit and branch data has really helped me reason about how Git works over the years, and I think it's important to have a short (1600 words!) version of the data model that's accurate.The "accurate" part turned out to not be that easy: I knew the basics of how Git's data model worked, but during the review process I learned some new details and had to make quite a few changes (for example how merge conflicts are stored in the staging area).
Firefox 147 released
Version 147.0 of the Firefox web browser has been released. Notable changes in this release include support for the XDG Base Directory specification, enabling local network access restrictions for users with enhanced tracking protection (ETP) set to "Strict", and a fix that improves Firefox's rendering with GNOME on fractionally scaled displays. Firefox 147 also includes a number of security fixes, including several sandbox-escape vulnerabilities.
Radicle 1.6.0 released
Version 1.6.0 of the Radicle peer-to-peer, local-first code collaboration stack has been released. Notable changes in this release include support for systemd credentials, use of Rust's clap crate for parsing command-line arguments, and more. LWN covered the project in March 2024.
Development quote of the week
gccrs will still be experimental, and even though it should be able to compile the kernel, that does not mean the executable produced will be able to run correctly. For 2026, our goal is for gccrs to be able to mis-compile the kernel.— Arthur Cohen
Page editor: Daroc Alden
Next page:
Announcements>>