Brief items
Security
FreeBSD Foundation releases Bhyve and Capsicum security audit
The FreeBSD Foundation has announced the release of a security audit report conducted by security firm Synacktiv. The audit uncovered a number of vulnerabilities:
Most of these vulnerabilities have been addressed through official FreeBSD Project security advisories, which offer detailed information about each vulnerability, its impact, and the measures implemented to improve the security of FreeBSD systems. [...]
The audit uncovered 27 vulnerabilities and issues within various FreeBSD subsystems. 7 issues were not exploitable and were robustness or code quality improvements rather than immediate security concerns.
PyPI now supports digital attestations
The Python Package Index (PyPI) has announced that it has finalized support for PEP 740 ("Index support for digital attestations"). Trail of Bits, which performed much of the development work for the implementation, has an in-depth blog post about the work and its adoption, as well as what is left undone:
One thing is notably missing from all of this work: downstream verification. [...]
This isn't an acceptable end state (cryptographic attestations have defensive properties only insofar as they're actually verified), so we're looking into ways to bring verification to individual installing clients. In particular, we're currently working on a plugin architecture for pip that will enable users to load verification logic directly into their pip install flows.
Security quote of the week
Being serious about security at scale means meeting users where they are. In practice, this means deciding how to divide a limited pool of engineering resources such that the largest demographic of users benefits from a security initiative. This results in a fundamental bias towards institutional and pre-existing services, since the average user belongs to these institutional services and does not personally particularly care about security. Participants in open source can and should work to counteract this institutional bias, but doing so as a matter of ideological purity undermines our shared security interests.
Kernel development
Kernel release status
The 6.12 kernel is out, released on November 17. Linus said: "No strange surprises this last week, so we're sticking to the regular release schedule, and that obviously means that the merge window opens tomorrow.".
Headline features in this release include: support for the Arm permission overlay extension, better compile-time control over which Spectre mitigations to employ, the last pieces of realtime preemption support, the realtime deadline server mechanism, more EEVDF scheduler development, the extensible scheduler class, the device memory TCP work, use of static calls in the security-module subsystem, the integrity policy enforcement security module, the ability to handle devices with a block size larger than the system page size in the XFS filesystem, and more. See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 6.12 page for more details.
Stable updates: 6.11.8, 6.6.61, 6.1.117, and 5.15.172 were released on November 14, followed by 6.11.9, 6.6.62, 6.1.118, 5.15.173, 5.10.230, 5.4.286, and 4.19.324 on November 17.
The 6.12.1, 6.11.10, 6.6.63, and 6.1.110 updates are in the review process; they are due on November 22.
Distributions
AlmaLinux 9.5 released
Version 9.5 of the AlmaLinux enterprise-oriented distribution has been released.
AlmaLinux 9.5 aims to improve performance, development tooling, and security. Updated module streams offer better support for web applications. New versions of compilers provide access to the latest features and optimizations that improve performance and enable better code generation. The release also introduces improvements to system performance monitoring, visualization, and system performance data collecting.
Rocky Linux 9.5 released
Version 9.5 of the Rocky Linux distribution is out. As with the AlmaLinux 9.5 release, Rocky Linux 9.5 tracks the changes in upstream RHEL 9.5. See the release notes for details.A new package manager for OpenWrt
The OpenWrt router-oriented distribution has long used its own opkg package manager. The project has just announced, though, that future releases will use the apk package manager from Alpine Linux instead. "This new package manager offers a number of advantages over the older opkg system and is a significant milestone in the development of the OpenWrt platform. The older opkg package manager has been deprecated and is no longer part of OpenWrt." There is some more information on this page.
Development
Blender 4.3 released
Version 4.3 of the Blender animation system has been released. "Brush assets, faster sculpting, a revolutionized Grease Pencil, and more. Blender 4.3 got you covered."
Plans for CHICKEN 6
CHICKEN Scheme, a portable Scheme compiler, is gearing up for its next major release. Maintainer Felix Winkelmann has shared an article about what changes to expect in version 6 of the language, including better Unicode support and support for the R7RS (small) Scheme standard.
Every major release is a chance of fixing long-standing problems with the codebase and address bad design decisions. CHICKEN is now nearly 25 years old and we had many major overhauls of the system. Sometimes these caused a lot of pain, but still we always try to improve things and hopefully make it more enjoyable and practical for our users. There are places in the code that are messy, too complex, or that require cleanup or rewrite, always sitting there waiting to be addressed. On the other hand CHICKEN has been relatively stable compared to many other language implementations and has a priceless community of users that help us improving it. Our users never stop reminding us of what could be better, where the shortcomings are, where things are hard to use or inefficient.
FreeCAD 1.0 released
It took more than 20 years, but the FreeCAD computer-aided design project has just made its 1.0 release.
Since the very beginnings, the FreeCAD community had a clear view of what 1.0 represented for us. What we wanted in it. FreeCAD matured over the years, and that list narrowed down to just two major remaining pieces: fixing the toponaming problem, and having a built-in assembly module.Well, I'm very proud to say those two issues are now solved.
Incus 6.7 released
Version 6.7 of the Incus container-management system (forked from LXD) has been released. "This is another one of those pretty well rounded releases with new features and improvements for everyone". New features include automatic cluster rebalancing, DHCP improvements, and more.
Development quote of the week
Or to put it a different way: open source maintainers are some of the most verifiably self-taught people in the history of the world, *when they want to be*. Happy to dig into tools, Google, books, mailing list archives, source code, stack traces, whatever. *If they're motivated and have time for it.*— Luis VillaSaying "what they really need is… an online course" is… actually a tacit admission that what's actually missing is time and motivation.
Page editor: Daroc Alden
Next page:
Announcements>>