Brief items
Security
Quotes of the week (NYT edition)
The Defense Department, NASA and the United States Air Force all
use open-source systems, because they know this provides far more
security. Every step in our voting process should use software that
follows these examples.
— Former CIA director James Woolsey and bash creator Brian Fox in the
New York Times
To paraphrase an organization with close ties to the government:
The only thing that stops a bad guy with a hack is a good guy with
a hack.
— The
New York Times goes to DefCon
Kernel development
Kernel release status
The current development kernel is 4.13-rc4, released on August 6. Linus said: "Anyway, nothing really stands out, and while I really hope that we'll see things calm down further, everything looks pretty much on track for a normal release. So go test things out. By now it should really be pretty safe."
The August 6 regression report shows 10 known problems in the 4.13 kernel.
Stable updates: 4.12.5, 4.9.41, and 4.4.80 were released on August 6.
The 4.12.6, 4.9.42, 4.4.81 and 3.18.64 updates are in the review process as of this writing; they can be expected on or after August 11.
Vetter: Why Github can't host the Linux Kernel Community
Daniel Vetter describes how the kernel community scales and why he feels that the GitHub model tends not to work for the largest projects. "Unfortunately github doesn’t support this workflow, at least not natively in the github UI. It can of course be done with just plain git tooling, but then you’re back to patches on mailing lists and pull requests over email, applied manually. In my opinion that’s the single one reason why the kernel community cannot benefit from moving to github. There’s also the minor issue of a few top maintainers being extremely outspoken against github in general, but that’s a not really a technical issue. And it’s not just the linux kernel, it’s all huge projects on github in general which struggle with scaling, because github doesn’t really give them the option to scale to multiple repositories, while sticking to with a monotree."
Quote of the week
My strawman is to suggest that we relax this. We change the
promise "if it works on a released kernel, it will work on all
future released kernels", to "if it works on N consecutive released
kernels, it will work on all future released kernels", and then
bikeshed the value of N, but probably settle on N=2. This should
give important new freedom to kernel developers, and impose a
(hopefully) small burden on application developers. They should be
testing their code anyway (we all should), now they have to test it
twice.
— Neil
Brown
Distributions
Fedora 24 End Of Life
Fedora 24 reached its end of life on August 8. There will be no more updates, including security updates. Please refer to this page for information about upgrades.OSGeo-Live 11.0 Released
OSGeo-Live is a live DVD/USB/VM distribution that includes a variety of open-source geospatial software. Version 11.0 is "a major reboot, with a refocus on leading applications and emphasis on quality over quantity. Less mature parts of the projects have been dropped with a targeted focus placed on upgrading and improving documentation."
Distribution quote of the week
Some developers evidently hold to the belief that Lintian is a deity to
be appeased through package changes, without objective justification of
those changes.
— Ben Finney
Development
Firefox 55 released
Firefox 55.0 has been released. From the release notes: "Today's release brings innovative functionality, improvements to core browser performance, and more proof that we’re committed to making Firefox better than ever. New features include support for WebVR, making Firefox the first Windows desktop browser to support VR experiences. Performance changes include significantly faster startup times when restoring lots of tabs and settings that let users take greater control of our new multi-process architecture. We’ve also upgraded the address bar to make finding what you want easier, with search suggestions and the integration of our one-click search feature, and safer, by prioritizing the secure - https - version of sites when possible."
Git v2.14.0
Git v2.14.0 has been released with several notable changes, many updates, and plenty of bug fixes. The release notes (below) contain the details.GNU C Library 2.26 released
Version 2.26 of the GNU C Library is out. Changes include a per-thread cache to speed up malloc() calls, Unicode 10.0.0 support, DNS stub resolver improvements, support for the preadv2() and pwritev2() system calls, and a handful of security fixes.Python releases
Python versions 3.5.4 and 3.4.7 have been released. The is the final bug fix release for Python 3.5, but there will be security fixes. Python 3.4 is already in "security fix only" mode.Development quotes of the week
It should be noted that, like all the principles being described here, the commitment to inclusive software can be a source of conflict, particularly around usability. Members of the GNOME project have had to repeatedly fight in the name of inclusive software, something which they continue to do to this day. It is a constant cultural tension, between those who would make software only for technically-inclined people like themselves, and those who would make software that takes others into account. For some, the fact that GNOME stands up for this principle is a reason to see it in an unfavourable light. However, for me, it is one of the reasons why GNOME matters.
— Allan Day
What I'd like to see with the board, the TC, the UC, and anyone else who wants to participate is a calm retrospective of the last three, six or twelve months. So we can see where we need to go from here. We can share some accolades and, if necessary, air some grievances. Someone can say "there's a rough edge here" so someone else with a lot of spare sandpaper they thought was useless can say "I can help with that". We might even sing Kum ba yah.
— Chris Dent
Miscellaneous
Linux kernel hardeners Grsecurity sue Bruce Perens (Register)
The Register reports that the developers of the grsecurity patch set have filed a defamation suit against Bruce Perens. "A legal complaint filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. 'There is no explicit or implicit term, section, or clause in the GPLv2 that is applicable over future versions or updates of the Patches that have not yet been developed, created, or released by [Grsecurity],' the complaint contends."
Page editor: Rebecca Sobol
Next page:
Announcements>>