LWN.net

Security updates have been issued by AlmaLinux (kernel, kernel-rt, and libtiff), Debian (kernel, libarchive, rust-sudo-rs, and squid), Fedora (chromium, dotnet8.0, forgejo, ruby, and webkitgtk), Oracle (bind, bind9.18, kernel, kernel-uek*, libtiff, and runc), Red Hat (firefox, kernel, and kernel-rt), Slackware (mozilla), SUSE (buildah, colord, containerd, kernel, lasso, libsoup, micropython, ongres-scram, openssh, proxy-helm, uyuni-tools, python-pdfminer.six, qatengine, qatlib, regclient, and runc), and Ubuntu (raptor and raptor2).

Firefox 145 has been released. Notablechanges in this release include note-takingfeatures for PDFs viewed in Firefox, enhancedprivacy protections, and the ability to access and manage passwords inthe sidebar. This release also drops support for 32-bit Linux systems.

Tails is an unusual Linuxdistribution developed by the Tor Project; itis designed to help users work around internet censorship and avoidsurveillance. It is a "portable" operating system that is meant to berun from a USB stick or ISO image and to leave no trace on thecomputer it was run on. Tails routes connections to the internet overthe Tornetwork and includes a selection of applications and toolssuited to working with sensitive documents, communicating securely,and preserving users' anonymity. The tradeoff, of course, is thatTails is less convenient and requires users to learn a new set oftools to avoid compromising their own security and anonymity. Tails7.1 wasreleased in October, and it seemed like as good a time as any to takeit for a spin.

Security updates have been issued by AlmaLinux (bind, expat, kernel, osbuild-composer, qt6-qtsvg, runc, valkey, and xorg-x11-server-Xwayland), Debian (incus), Fedora (cef and dotnet8.0), Mageia (strongswan), Red Hat (fence-agents and python-requests), SUSE (chromium, colord, erlang26, java-1_8_0-openjdk, libsoup, python-django, thunderbird, tiff, and warewulf4), and Ubuntu (intel-microcode and rust-sudo-rs).

Version 2.0.0 of public-inbox, the mail archiving system behindlore.kernel.org and LWN's email archive, has been released. "Thisrelease includes several new features and fixes; mostly around improvedintegration between inboxes and coderepos for solver. Portability andreliability is also improved, especially in the internal process managementof lei."

When programs written in BPF (the kernel's hot-loadable virtual-machine bytecode) call kernel functions (kfuncs), it may be usefulfor those functions to have additional information about the context in whichthose BPF programs are executing. Rather than requiring it to supplythat information, it would be convenient to let the BPF verifier pass thatinformation to the called function automatically. That is already possible, buta recent patch set from Ihor Solodrai would make it more ergonomic.It allows kerneldevelopers to specify that a kfunc should be passed additionalparameters inferred by the verifier, invisibly to the BPF program. Thediscussion included concerns that Solodrai's implementation was unnecessarily complex, however.

Version9.0.0 of pytest has been released. Notable changes in this releaseinclude the addition of subtests,native support for TOML configuration files, and a new strictmode. See the changelogfor a complete list of new features, enhancements, and bug fixes.

Security updates have been issued by AlmaLinux (galera and mariadb, kernel, kernel-rt, mingw-libtiff, redis:7, tigervnc, and xorg-x11-server-Xwayland), Fedora (bind, bind-dyndb-ldap, bpfman, chromium, dolphin-emu, dotnet9.0, golang-github-openprinting-ipp-usb, kea, libnbd, luksmeta, python-cloudpickle, python-pydantic, python-pydantic-core, python-uv-build, ruby, ruff, rust-get-size-derive2, rust-get-size2, rust-regex, rust-regex-automata, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, singularity-ce, uv, xen, and xorg-x11-server-Xwayland), Mageia (libxml2, libxslt, opencontainers-runc, and xen), Oracle (bind, galera and mariadb, libsoup, linux-firmware, mariadb:10.5, mingw-libtiff, osbuild-composer, qt5-qt3d, tigervnc, and xorg-x11-server-Xwayland), SUSE (chromium, erlang, google-osconfig-agent, govulncheck-vulndb, java-11-openjdk, java-17-openjdk, java-1_8_0-openj9, opentofu, python-djangorestframework-simplejwt, python311-Django, python315, squid, thunderbird, tiff, tomcat, tomcat11, and xen), and Ubuntu (linux-fips, linux-hwe-6.14, and linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-raspi).

The 6.18-rc5 kernel prepatch is out fortesting. "In other words: it all looks just the way I like it at thispoint: small and boring."

The KeePassXC project has recently updated its contributionpolicy and READMEto note its policy around contributions created with generative AItools. The project's use of those tools, such as GitHub Copilot, haveraised a number of questions and concerns, which the project hasrespondedto:

The kernel community is currently reviewing aproposed policy for contributors who are using large language models toassist in the creation of their patches; the primary focus is on disclosureof the use of those tools. "The goal here is to clarify communityexpectations around tools. This lets everyone become more productive whilealso maintaining high degrees of trust between submitters andreviewers."

The bootc project allows users tocreate a bootable Linux system image using the container tooling that manydevelopers are already familiar with. It is an evolution of OSTree(now called libostree), which is used to create FedoraSilverblue and other image-based distributions. While creatingcustom images is still a job for experts, the container technologysimplifies delivering heavily customized images to non-technicalusers.

Security updates have been issued by AlmaLinux (bind, bind9.16, libsoup, mariadb:10.5, and sssd), Debian (chromium, keystone, and swift), Fedora (apptainer, buildah, chromium, fcitx5, fcitx5-anthy, fcitx5-chewing, fcitx5-chinese-addons, fcitx5-configtool, fcitx5-hangul, fcitx5-kkc, fcitx5-libthai, fcitx5-m17n, fcitx5-qt, fcitx5-rime, fcitx5-sayura, fcitx5-skk, fcitx5-table-extra, fcitx5-unikey, fcitx5-zhuyin, GeographicLib, libime, mbedtls, mingw-poppler, mupen64plus, python-starlette, webkitgtk, and xen), Mageia (dcmtk, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, libvpx, and sqlite3), Oracle (bind, bind9.16, kernel, libsoup, libsoup3, osbuild-composer, qt6-qtsvg, sssd, and valkey), Red Hat (kernel and kernel-rt), SUSE (bind, gpg2, ImageMagick, python-Django, and runc), and Ubuntu (linux-azure, linux-azure-4.15, linux-fips, linux-aws-fips, inux-gcp-fips, linux-gcp, linux-gcp-6.8, linux-gke, linux-intel-iot-realtime, linux-realtime, linux-raspi-5.4, and linux-realtime, linux-realtime-6.8).

Version4.5 of the Mastodondecentralized social-media platform has been released. Notablefeatures in this release include quoteposts, native emoji support, as well as enhanced moderation andblocking features for server administrators. The project also has a postdetailing new features in 4.5 for developers of clients and othersoftware that interacts with Mastodon.

The future of the Filesystem Hierarchy Standard (FHS) has been under discussion for some time; now,Neal Gompa has announcedthat the FHS is "hosted and stewarded" by Freedesktop.org.

Filesystems are complex and performance-sensitive beasts. They can alsopresent security concerns. Microkernel-based systems have long pushedfilesystems into separate processes in order to contain any vulnerabilitiesthat may be found there. Linux can do the same with the Filesystem inUserspace (FUSE) subsystem, but using FUSE brings a significantperformance penalty. Darrick Wong is working on ways to eliminate thatpenalty, and he has a massive patchset showing how ext4 filesystems can be safely implemented in user space byunprivileged processes with good performance. This work has the potentialto radically change how filesystems are managed on Linux systems.

Security updates have been issued by Debian (unbound), Fedora (deepin-qt5integration, deepin-qt5platform-plugins, dtkcore, dtkgui, dtklog, dtkwidget, fcitx-qt5, fcitx5-qt, fontforge, gammaray, golang-github-openprinting-ipp-usb, kddockwidgets, keepassxc, kf5-akonadi-server, kf5-frameworkintegration, kf5-kwayland, plasma-integration, python-qt5, qadwaitadecorations, qt5, qt5-qt3d, qt5-qtbase, qt5-qtcharts, qt5-qtconnectivity, qt5-qtdatavis3d, qt5-qtdeclarative, qt5-qtdoc, qt5-qtgamepad, qt5-qtgraphicaleffects, qt5-qtimageformats, qt5-qtlocation, qt5-qtmultimedia, qt5-qtnetworkauth, qt5-qtquickcontrols, qt5-qtquickcontrols2, qt5-qtremoteobjects, qt5-qtscript, qt5-qtscxml, qt5-qtsensors, qt5-qtserialbus, qt5-qtserialport, qt5-qtspeech, qt5-qtsvg, qt5-qttools, qt5-qttranslations, qt5-qtvirtualkeyboard, qt5-qtwayland, qt5-qtwebchannel, qt5-qtwebengine, qt5-qtwebkit, qt5-qtwebsockets, qt5-qtwebview, qt5-qtx11extras, qt5-qtxmlpatterns, qt5ct, and xorg-x11-server), Mageia (binutils, gstreamer1.0-plugins-bad, libsoup, libsoup3, mediawiki, net-tools, and tigervnc, x11-server, and x11-server-xwayland), Red Hat (tigervnc), SUSE (aws-efs-utils, fetchmail, flake-pilot, ImageMagick, java-1_8_0-ibm, java-1_8_0-openjdk, kernel-devel, kubecolor, OpenSMTPD, sccache, tiff, and zellij), and Ubuntu (linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-oem-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime, linux, linux-aws, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-lowlatency, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oracle-6.8, linux-realtime-6.14, poppler, python-django, and various linux-* packages).

Inside this week's LWN.net Weekly Edition:

Mason Freed and Dominik Rottsches have published a documentwith a timeline and plans for removing Extensible Stylesheet LanguageTransformations (XSLT) from the Chromium project and Chromebrowser:

Version2.3.0 of the Lightweight Qt Desktop Environment (LXQt) has beenreleased. The highlight of this release is continued improvement inWayland support across LXQt components. Rather than offering its owncompositor, the LXQt project takes a modular approach and works withseveral Wayland compositors, such as KWin, labwc, and niri.

Linux has many security features and tools that have evolved overthe years to address threats as they emerge and security gaps as theyare discovered. Linux security is all, as Lennart Poettering observed at the All Systems Go! conference heldin Berlin, somewhat random and not a "clean"design. To many observers, that may also appear to be the case forsystemd; however, Poettering said that he does have a vision for howall of the security-related pieces of systemd are meant to fittogether. He wanted to use his talk to explain "how the individualsecurity-related parts of systemd actually fit together and why theyexist in the first place".

Version1.3 of the Open Container Initiative (OCI) RuntimeSpecification has been released. The specification covers theconfiguration, execution environment, and lifecycle of containers. Themost notable change in 1.3 is the addition of FreeBSD to thespecification, which the FreeBSD Foundation calls"a watershed moment for FreeBSD":

Security updates have been issued by Debian (bind9 and gimp), Fedora (chromium, fastapi-cli, fastapi-cloud-cli, gherkin, libnbd, maturin, openapi-python-client, python-annotated-doc, python-cron-converter, python-fastapi, python-inline-snapshot, python-jiter, python-openapi-core, python-platformio, python-pydantic, python-pydantic-core, python-pydantic-extra-types, python-rignore, python-starlette, python-typer, python-typing-inspection, python-uv-build, ruff, rust-astral-tokio-tar, rust-attribute-derive, rust-attribute-derive-macro, rust-collection_literals, rust-get-size-derive2, rust-get-size2, rust-interpolator, rust-jiter, rust-manyhow, rust-manyhow-macros, rust-proc-macro-utils, rust-quote-use, rust-quote-use-macros, rust-regex, rust-regex-automata, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, rust-serde_json, rust-speedate, rust-tikv-jemalloc-sys, rust-tikv-jemallocator, and uv), Mageia (golang and libavif), Red Hat (bind9.16, pcs, and qt6-qtsvg), SUSE (colord, ffmpeg, govulncheck-vulndb, jasper, openjpeg, poppler, qatengine, qatlib, runc, sccache, and tiff), and Ubuntu (keystone, libssh, linux-hwe-6.14, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-raspi, runc-app, runc-stable, squid, squid3, and unbound).

Version6.18 of the Incus container and virtual-machine management systemhas been released. Notable changes in this release include newconfiguration keys for providing credentials to systemd, BPF tokendelegation, VirtIO support for sound cards, the ability to export ISOvolumes, improvements to the IncusOS command-line utility, and more.

Julia is a modern programminglanguage that is of particular interest to scientists due to its highperformance combined with language features such as Lisp-style macros, anadvanced type system, and multiple dispatch. We last looked at Julia in January on the occasion ofits 1.11release. Early in October Julia1.12appeared, bringing a handful of quality-of-life improvements for Juliaprogrammers, most notably support, though still experimental and limited,for the creation of binaries.

Security updates have been issued by Debian (dcmtk, geographiclib, gimp, pure-ftpd, and ruby-rack), Fedora (dotnet9.0), Oracle (expat, kernel, tigervnc, xorg-x11-server, and xorg-x11-server-Xwayland), Red Hat (git, mariadb:10.5, multiple packages, osbuild-composer, pcs, sssd, and tigervnc), SUSE (kernel and redis), and Ubuntu (google-guest-agent).

Version1.0 of the Capability Hardware Extension to RISC-V for IoT(CHERIoT) specification has been released. CHERIoT is ahardware-software system for secure embedded devices, and thespecification provides a full description of the ISA and its intendeduse by CHERIoTRTOS. David Chisnall has written a blogpost about the release that explains its significance as well as plansfor CHERIoT 2.0 and beyond:

The Project Zero blog explainsthat, on 64-bit Arm systems, the kernel's direct map is always placed atthe same virtual location, regardless of whether kernel address-spacelayout randomization (KASLR) is enabled.

Barry Warsaw, writing for the Python steering council, has announcedthat PEP810 ("Explicit lazyimports") has been approved, unanimously, by the four who could vote. SincePablo Galindo Salgado was one of the PEP authors, he did not vote. The PEP provides a way to defer importing modules until the namesdefined in a module areneeded by other parts of the program. We covered the PEP and the discussion around ita few weeks back. The council also had "recommendations about some ofthe PEP's details, a few suggestions for filling a couple of smallgaps", including:

Python already has several ways to run programs concurrently -including asynchronous functions, threads, subinterpreters, and multiprocessing- but all of those options have drawbacks of one kind or another.PEP703 ("Making the Global Interpreter Lock Optional in CPython")removed a major barrier to running Pythonthreads in parallel, but also exposed Python programmers to the same trickysynchronization problems found in other languages supporting multithreadedprograms. A new draft proposalby Mark Shannon,PEP805 ("Safe Parallel Python"), suggests a way for the CPython runtimeto cut down on concurrency bugs, making it more practical for Python programmersto use versions of the language without the global interpreter lock (GIL).

Version6.0 ("Excalibur") of the systemd-averse Devuan distribution has beenreleased. It is based on Debian13 ("trixie"), and includes some ofthe significant changes from that release, including the merged/usr hierarchy. See therelease notes for details.

The kernel's namespaces feature is, amongother things, a key part of the implementation of containers. Like much inthe kernel, though, the namespace API evolved over time; there was nodesign at the outset. As a result, this API has some rough edges andmissing features. Christian Brauner is working to straighten out thenamespace situation somewhat with thisdaunting 72-part patch series that, among other things, adds a newsystem call to allow user space to query the namespaces present on thesystem.

Joel Severin has announcedthe availability of his port of the Linux kernel to WebAssembly; one can goto this page andwatch it boot in a browser.

Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, and webkit2gtk3), Debian (ruby-rack, strongswan, ublock-origin, and wordpress), Fedora (firefox, kea, openapi-python-client, openbao, python-uv-build, qt5-qtbase, ruby, ruff, rust-astral-tokio-tar, rust-attribute-derive, rust-attribute-derive-macro, rust-backon, rust-collection_literals, rust-get-size-derive2, rust-get-size2, rust-interpolator, rust-manyhow, rust-manyhow-macros, rust-proc-macro-utils, rust-quote-use, rust-quote-use-macros, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, rust-tikv-jemalloc-sys, rust-tikv-jemallocator, samba, skopeo, sssd, Thunar, unbound, uv, vgrep, and xorg-x11-server-Xwayland), Mageia (bind, libtiff, sope, and transfig), Oracle (compat-libtiff3, kernel, libtiff, redis, redis:6, and redis:7), Red Hat (kernel, kernel-rt, libssh, xorg-x11-server, and xorg-x11-server-Xwayland), Slackware (seamonkey), SUSE (bind, chromedriver, chromium, colord, coreboot-utils, git-bug, ImageMagick, java-11-openj9, java-17-openj9, java-21-openj9, java-25-openj9, kea, libmozjs-115-0, libmozjs-140-0, libssh, libtiff-devel-32bit, nodejs18, ongres-scram, poppler, python311-starlette, rav1e, squid, strongswan, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (linux-gcp-6.14 and linux-hwe-6.8).

Linus has released 6.18-rc4 for testing."Last week in fact felt *so* calm that I was surprised to notice thatrc4 isn't really smaller than usual: all the stats look very normal, bothin number of changes and where the changes are."

The relatively small6.17.7,6.12.57, and6.6.116stable kernels have been released; each contains another set of important fixes.

Julian Andres Klode has announced that theDebian APT package-management tool will acquire "hard Rustdependencies sometime after May 2026. "If you maintain a portwithout a working Rust toolchain, please ensure it has one within the next6 months, or sunset the port."

The idea of automatic syntax-aware merging in version-control systems goes back to2005 or earlier, but initial implementations wereoften language-specific and slow.Mergiraf is a merge-conflict resolver that uses a generic algorithm plus asmall amount of language-specific knowledgeto solve conflicts that Git's default strategy cannot.The project's contributors have been working on thetool for just under a year, but it alreadysupports 33 languages, including C,Python, Rust, and evenSystemVerilog.

Michael Hudson-Doyle, a member of Ubuntu's Foundations team, has announcedthe introduction of an "architecture variant" for Ubuntu 25.10:

Security updates have been issued by AlmaLinux (java-1.8.0-openjdk, java-17-openjdk, libtiff, redis, and redis:6), Debian (chromium, mediawiki, pypy3, and squid), Fedora (openbao), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, chromium, chrony, expat, haproxy, himmelblau, ImageMagick, iputils, kernel, libssh, libxslt, openssl-3, podman, strongswan, xorg-x11-server, and xwayland), and Ubuntu (kernel, libxml2, libyaml-syck-perl, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-fips, linux-aws-fips, linux-gcp-fips, linux-kvm, and netty).

Version1.91.0 of the Rust language has been released. Changes includepromoting aarch64-pc-windows-msvc to a tier-1 platform, a new lint ruleto catch dangling raw pointers from local variables, and a fair number ofnewly stabilized APIs.

The kernel's file-I/O subsystems have been highly optimized over the yearsin the hope of providing the best performance for a wide variety ofworkloads. There is, however, one workload type that suffers with currentkernels: applications that perform many short reads, in multiple processes,from the same file. Kiryl Shutsemau has been working on a patch totry to optimize this case, but the task is turning out to be harder thanone might expect.

The Universal Blueproject has announcedthe Fall update for the Fedora-based Bazzite gaming distribution. Thisrelease brings Bazzite up to Fedora43, includes support foradditional handheld gaming systems, as well as drivers for a number ofsteering wheel devices, and more.

Security updates have been issued by AlmaLinux (java-21-openjdk and libtiff), Debian (pdns-recursor and xorg-server), Fedora (bind, bind-dyndb-ldap, dtk6core, dtk6gui, dtk6log, dtk6widget, fcitx5-qt, fluidsynth, gammaray, kddockwidgets, LabPlot, mingw-qt6-qt3d, mingw-qt6-qt5compat, mingw-qt6-qtactiveqt, mingw-qt6-qtbase, mingw-qt6-qtcharts, mingw-qt6-qtdeclarative, mingw-qt6-qtimageformats, mingw-qt6-qtlocation, mingw-qt6-qtmultimedia, mingw-qt6-qtpositioning, mingw-qt6-qtscxml, mingw-qt6-qtsensors, mingw-qt6-qtserialport, mingw-qt6-qtshadertools, mingw-qt6-qtsvg, mingw-qt6-qttools, mingw-qt6-qttranslations, mingw-qt6-qtwebchannel, mingw-qt6-qtwebsockets, nheko, python-pyqt6, qt-creator, qt6, qt6-qt3d, qt6-qt5compat, qt6-qtbase, qt6-qtcharts, qt6-qtcoap, qt6-qtconnectivity, qt6-qtdatavis3d, qt6-qtdeclarative, qt6-qtgrpc, qt6-qthttpserver, qt6-qtimageformats, qt6-qtlanguageserver, qt6-qtlocation, qt6-qtlottie, qt6-qtmqtt, qt6-qtmultimedia, qt6-qtnetworkauth, qt6-qtopcua, qt6-qtpositioning, qt6-qtquick3d, qt6-qtquick3dphysics, qt6-qtquicktimeline, qt6-qtremoteobjects, qt6-qtscxml, qt6-qtsensors, qt6-qtserialbus, qt6-qtserialport, qt6-qtshadertools, qt6-qtspeech, qt6-qtsvg, qt6-qttools, qt6-qttranslations, qt6-qtvirtualkeyboard, qt6-qtwayland, qt6-qtwebchannel, qt6-qtwebengine, qt6-qtwebsockets, qt6-qtwebview, unbound, xorg-x11-server-Xwayland, and zeal), Oracle (kernel and libtiff), Red Hat (redis:6), Slackware (tigervnc and xorg), SUSE (java-21-openjdk, java-25-openjdk, strongswan, and xorg-x11-server), and Ubuntu (amd64-microcode, binutils, and xorg-server, xwayland).

Inside this week's LWN.net Weekly Edition:

Alejandro Colomar has announced the release of version 6.16 of the GNU/Linux man pages. This release includes new or rewritten man pages for fsconfig(), fsmount(), and fsopen(), as well as a number of newly documented interfaces in existing man pages. The release is also available as a PDF book.

ICANN's Security andStability Advisory Committee (SSAC) has announceda reporton "the critical role of Free and Open Source Software (FOSS)within the Domain Name System (DNS)". The report is aimed atpolicymakers and examines recent cybersecurity regulations in the US,UK, and EU as they apply to FOSS in the DNS system; it includesfindings and guidelines "to strengthen the FOSS ecosystem that iscritical to the secure and stable operation of the Internet". Fromthe report's summary:

A new class of attacks on Android phones, called "Pixnapping", was announced onOctober 13. It allows a malicious app to gather output rendered in avictim app, pixel-by-pixel, by exploiting a GPU side-channel. Depending onwhat the victim app displays, anything from sensitive email and chats totwo-factor authentication (2FA) codes could be captured-and shipped off toan attacker's site.

Version15.0of the TorBrowser has been released:

Debian's ftpmasterteam has been responsible for allowing new packages to enter Debian,removing old packages, and otherwise maintaining Debian's packagearchive for more than two decades. As of October26, the team isno more and its duties are being split between two new teams. The ArchiveOperations Team will focus on the infrastructure required tosupport the Debianarchives, and the DFSG, Licensing & NewPackages Team, which is responsible for reviewing packagesentering the newqueue. In time, this move could speed up processing of newpackages, as well as making the teams more sustainable, but only afternew members are recruited and trained. For now, the same folks aredoing the work but spread across two teams.