LWN.net News from the source
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
The LWN.net Weekly Edition for January 26, 2017 is available.
Inside this week's LWN.net Weekly Edition
Kernel.org has announced that it will be shutting down FTP access to its archives in two stages: March 1 will see the end of ftp.kernel.org, while December 1 is the termination date for mirrors.kernel.org.
Well, 19 years later we're thinking it's time to terminate another service that has important protocol and security implications -- our FTP servers. Our decision is driven by the following considerations:
Package managers are at the core of Linux distributions, but they are
currently engulfed in a wave of changes and it's not clear how things will
end up. Kristoffer Grönlund started his 2017 linux.conf.au talk on the
subject by putting up a slide saying that "everything is
terrible awesome". There are a number of frustrations
that result from the current state of package management, but that
frustration may well lead to better things in the future.
CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities), mysql (C6: three vulnerabilities), squid (C7: information leak), and squid34 (C6: information leak).
Debian has updated libxpm (code execution).
Debian-LTS has updated asterisk (denial of service from 2014), firefox-esr (multiple vulnerabilities), lcms2 (denial of service), and libxpm (code execution).
Mageia has updated firefox (multiple vulnerabilities), gstreamer (code execution), and php-phpmailer (two vulnerabilities).
openSUSE has updated apache2 (42.2: denial of service) and gstreamer-0_10-plugins-good (42.1: multiple vulnerabilities).
Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities) and puppet-swift (OSP10.0: information disclosure).
Slackware has updated mozilla-thunderbird (multiple vulnerabilities).
The free software community tends to focus its spotlight on developers and users while paying rather less attention to the maintainers that keep our projects going. Nadia Eghbal spent a year and a half studying how the community works, and has concluded that we have a problem with maintainership; her 2017 linux.conf.au keynote was dedicated to explaining the problem and how we might want to deal with it. But first, she talked about lobsters.
Renderosity Magazine talks with Boudewijn Rempt about the Krita painting application. "Well, we make Krita for artists who want to create images. It's not an image editor with a brush engine, it's really meant for sketching, painting, illustrating. So that is what we optimize the workflow for. And people tell us that that works very well for them!"
The LWN.net Weekly Edition for January 19, 2017 is available.
Inside this week's LWN.net Weekly Edition
KDE has announced a partnership with Slimbook, a Spanish laptop retailer, to create the KDE Slimbook. "The KDE Slimbook allows KDE to offer our users a laptop which has been tested directly by KDE developers, on the exact same hardware and software configuration that the users get, and where any potential hardware-related issues have already been ironed out before a new version of our software is shipped to them. This gives our users the best possible way to experience our software, as well as increasing our reach: The easier it is to get our software into users' hands, the more it will be used." The laptop is available for pre-order with systems shipping mid-March.
Nobody starts a free-software project hoping that it will fail, so it is a rare project indeed that plans for its eventual demise. But not all projects succeed, and a project that doesn't plan for failure risks is doing its users harm. Dan Callahan joined Mozilla to work on the Persona authentication project, and he was there for its recent shutdown. At the 2017 linux.conf.au in Hobart, Tasmania, he used his keynote slot to talk about the lessons that have been learned about designing a project for failure.
Here's an O'Reilly article describing the Jupyter project and what it has accomplished. "Project Jupyter aims to create an ecosystem of open source tools for interactive computation and data analysis, where the direct participation of humans in the computational loop—executing code to understand a problem and iteratively refine their approach—is the primary consideration."
Keith Packard is the chief architect for The Machine project at HPE; we covered his talk on this project back in 2015. At the 2017 linux.conf.au Kernel Miniconf, Packard focused on one specific aspect of The Machine's hardware and software configuration: how storage is managed and presented to applications. Like much that is being done with this project, its storage architecture is an interesting combination of new ideas and long-established techniques.
The LWN.net Weekly Edition for January 12, 2017 is available.
Inside this week's LWN.net Weekly Edition
Arch Linux has updated ed (denial of service).
Debian has updated firefox-esr (multiple vulnerabilities).
Debian-LTS has updated ming (multiple vulnerabilities) and pdns (multiple vulnerabilities).
Fedora has updated ansible (F25; F24: two vulnerabilities), firefox (F24: multiple vulnerabilities), and qemu (F24: multiple vulnerabilities).
openSUSE has updated gstreamer-0_10-plugins-bad (42.1: code execution), systemd (42.2: privilege escalation), and tigervnc (42.2, 42.1: code execution).
Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities).
Red Hat has updated ansible (RHOSP10.0: code execution) and kernel (RHEL6.4: code execution).
Ubuntu has updated openjdk-8 (16.10, 16.04: multiple vulnerabilities).
The appearance of a "Python 2.8" got the attention of the Python core developers in early December. It is based on Python 2.7, with features backported from Python 3.x. In general, there was little support for the effort—core developers tend to clearly see Python 3 as the way forward—but no opposition to it either. The Python license makes it clear that these kinds of efforts are legal and even encouraged—any real opposition to the project lies in its name.
Subscribers can click below for the full article from this week's edition.
Debian-LTS has updated mysql-5.5 (multiple mostly unspecified vulnerabilities).
Fedora has updated audacious (F25: multiple vulnerabilities), audacious-plugins (F25; F24: multiple vulnerabilities), boomaga (F24: wrong permissions), fedmsg (F25: insufficient signature validation), groovy (F24: code execution), pdns-recursor (F25; F24: multiple vulnerabilities), w3m (F24: unspecified), and xemacs-packages-extra (F25: unspecified).
Gentoo has updated graphite2 (multiple vulnerabilities), oracle-jre-bin (multiple vulnerabilities), and xorg-server (three vulnerabilities, one from 2013).
Oracle has updated mysql (OL6: two vulnerabilities), squid (OL7: information leak), and squid34 (OL6: information leak).
Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities).
Scientific Linux has updated firefox (SL5,6,7: multiple vulnerabilities).
SUSE has updated systemd (SLE12-SP2: privilege escalation).
Ubuntu has updated icoutils (12.04: multiple vulnerabilities).
The GNU C library (glibc) 2.25 release is expected to be available at the beginning of February; among the new features in this release will be a wrapper for the Linux getrandom() system call. One might well wonder why getrandom() is only appearing in this release, given that kernel support arrived with the 3.17 release in 2014 and that the glibc project is supposed to be more receptive to new features these days. A look at the history of this particular change highlights some of the reasons why getting new features into glibc is still hard.
The election to pick two members of the openSUSE board has been suspended due to "technical problems". The problems do indeed appear to be technical in nature, with at least some voters being presented strange and confusing ballots. The election was restarted on the 21st in an unsuccessful attempt to fix the problems; now it is on indefinite hold. The current board will continue to serve, possibly deferring any major decisions, until the issue is resolved.
The LWN.net Weekly Edition for January 5, 2017 is available.
Inside this week's LWN.net Weekly Edition
Version 2.0 of the Wine Windows emulation system has been released. "This release represents over a year of development effort and around 6,600 individual changes. The main highlights are the support for Microsoft Office 2013, and the 64-bit support on macOS."
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds