For eight years, Masahiro Yamada has been the sole maintainer of thekernel's build and configuration systems - two complex pieces ofinfrastructure that many people interact with, but few truly understand.Yamada has just steppeddown from that position. Maintenance of the build system will be takenup by Nathan Chancellor and Nicolas Schier (in the "odd fixes" capacity),while the configuration system is now entirely unmaintained.Thanks are due to Yamada for all that work, and to Chancellor and Schierfor stepping up. Hopefully a way will be found to better support theseimportant subsystems in the near future.
Security updates have been issued by AlmaLinux (kernel and python3.12-setuptools), Fedora (perl-Crypt-CBC and unbound), Gentoo (FontForge, GPL Ghostscript, Mozilla Network Security Service (NSS), and PAM), Oracle (gdk-pixbuf2, jq, kernel, mod_security, ncurses, python-requests, and python3-setuptools), Red Hat (python-requests and socat), SUSE (docker, kernel-livepatch-MICRO-6-0-RT_Update_2, kernel-livepatch-MICRO-6-0-RT_Update_4, kernel-livepatch-MICRO-6-0-RT_Update_5, kernel-livepatch-MICRO-6-0-RT_Update_6, kernel-livepatch-MICRO-6-0-RT_Update_7, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, kernel-livepatch-MICRO-6-0_Update_5, kernel-livepatch-MICRO-6-0_Update_6, kubeshark-cli, libgcrypt, pam-config, perl, python-requests, python311, and python313), and Ubuntu (linux-raspi).
Proxmox Virtual Environment 9.0, based on Debian13("trixie"), has been released. Notablenew features include snapshots for thick-provisioned LVM sharedstorage, affinity rules for high availability (HA) clusters, and amodernized mobile web interface for managing Proxmox systems. See thereleasenotes and knownissues for more details about the release.
The use of huge pages can significantly increase the performance of manyworkloads by reducing both memory-management overhead in the kernel andpressure on the system's translation lookaside buffer (TLB). The additionof transparent huge pages (THP) for the 2.6.38 kernel release in 2011caused the kernel to allocate huge pages automatically to make theirbenefits available to all workloads without any effort needed on theuser-space side. But it turns out that use of huge pages can make someworkloads slower as the result of internal memory fragmentation, so the THPfeature is often disabled. Two patch sets aimed at better targeting theuse of transparent huge pages are currently working their way through thereview process.
The call for topics forthe 2025 Maintainers Summit has been posted. The Summit, to be held inTokyo on December10, will involve around 30 developers gathered todiscuss development-process issues for the kernel. Anybody who isinterested in attending is encouraged to post a nomination along with thetopic they would like to discuss. Nominations and topics are best sentbefore September10.The call for topics for the Kernel Summit, which runs as a Linux Plumbers Conference track, is alsoout.
Antonio Cuni, whois a longtime Python performance engineer and PyPy developer, gave a presentation at EuroPython2025 about "Myths and fairy tales around Python performance" onthe first day of the conference in Prague. As might be guessed from thetitle, he thinks that much of the conventional wisdom about Pythonperformance is misleading at best. With lots of examples, he showed wherethe real problems that he sees lie. He has come to the conclusion that memorymanagement will ultimately limit what can be done about Python performance,but he has anearly-stage project called SPy thatmight be a way toward a super-fast Python.
A pair of packages containing fortune "cookies" that weredeemed offensive have been removed from the upcoming Debian13("trixie") release. This has, of course, led to a lengthy discussionand debate about what does, or does not, belong in thedistribution. It may also lead to a general resolution (GR) to decidewhether Debian's codeof conduct (CoC) applies to the contents of packages.
Running a modern mail server is acomplicated business. In part, thiscomplication is caused by the series of incrementally developed practicesdesigned to combat the huge flood of spam that dominates modern emailcommunication. An unfortunate side effect is that it prevents people fromrunning their own mail servers, concentrating people on a few big providers.NNCPNET is a suite of software written by John Goerzen based on thenode-to-node copy (NNCP)protocol that aims to make running one's own mail servers as easy as it oncewas. While the default configurations communicates only with otherNNCPNET servers, there is a public relay that connects the system to the broaderinternet mail ecosystem.
Linuxiac reportsthat another malicious package has been uploaded to the Arch UserRepository (AUR). This time around the package wasgoogle-chrome-stable, which installed a remote-access trojan along with Google Chrome.
Security updates have been issued by AlmaLinux (firefox and thunderbird), Debian (libcommons-lang-java, node-form-data, redis, and sope), Fedora (chromium), Mageia (slurm), Oracle (apache-commons-beanutils, firefox, kernel, redis:6, and thunderbird), Red Hat (kernel, kernel-rt, libxml2, and redis), SUSE (chromium, docker, ffmpeg-7, gnutls, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, libgcrypt, rav1e, and sccache), and Ubuntu (linux-lowlatency, linux-lowlatency-hwe-6.8).
SilverBullet is a MIT-licensed note-taking application, designed to run as aself-hosted web server. Started in 2022, the project is approachingits 2.0 release, making this a good time to explore the features it offers.SilverBullet stores notes as plainMarkdown files, and provides aLuascripting API to customize the application's appearance and behavior.
As of this writing, just over 4,000 non-merge changesets have been pulledinto the mainline repository during the 6.17 merge window. When he announcedthe merge-window opening, Linus Torvalds let it be known that, due to abusy personal schedule, he was likely to pull changes more quickly thanusual this time around; that has been borne out to some extent. Changesmerged so far are focused on core-kernel and filesystem work; read on forthe details.
GitHub director of developer policy, Felix Reda, has publisheda blog post about a GitHub-commissioned study by Open Forum Europe, Fraunhofer ISI andthe European UniversityInstitute. The study finds, not surprisingly, "a profoundmismatch between the importance of open source maintenance and thepublic attention it receives"; it calls for a European sovereigntech fund (STF) modeled after Germany's Sovereign Tech Agency.
There are a lot of things people expect the Linux kernel to do correctly. Someof these are checked by testing or static analysis; a few are ensured byrun-time verification: checking a live property of a running Linux system. Forexample, the scheduler has a handful of different correctness properties thatcan bechecked in this way.Nam Cao posted apatch series that aims to extend the kinds of properties that the kernel'srun-timeverification system can check, by adding support forlinear temporal logic (LTL). The patch set has seen eleven revisions since thefirst version in March2025, and recently made it into the linux-nexttree, from where it seems likely to reach the mainline kernel soon.
In the first keynote atEuroPython 2025 in Prague,Savannah Bailey described her path to becoming a CPython core developer inNovember 2024. She started down that path a few years earlier and hertalk was meant to inspire others-not to slavishly follow hers,but to create their own. In the talk, entitled "You don't have to be a compiler engineerto work on Python", she had lots of ideas for those whomight be thinking about contributing and are wondering how to do so.
Security updates have been issued by AlmaLinux (firefox, icu, kernel-rt, libtpms, redis:6, redis:7, and sqlite), Fedora (chromium and cloud-init), Oracle (icu, java-1.8.0-openjdk, java-21-openjdk, kernel, nodejs:22, perl, and sqlite), SUSE (docker, java-1_8_0-openj9, libxml2, python-starlette, and thunderbird), and Ubuntu (cloud-init, linux-azure, linux-azure-5.4, linux-azure-fips, linux-raspi, linux-raspi-5.4, and perl).
The HeliumOS project has announcedthe release of HeliumOS10. It is relatively new image-based ("atomic")desktop distribution based on packages from CentOSStream andAlmaLinux, with a goal of providing 10 years ofsupport. HeliumOS10 uses the KDE Plasma Desktop, Zsh as itsdefault shell, and Btrfs as its default filesystem.
Priority inversion comes about when a low-priority task holds a resourcethat is also needed by a high-priority task, preventing the latter fromrunning. This problem is made much worse if the low-priority task isunable to gain access to the CPU and, as a result, cannot complete its workand free the resources it holds. Proxy execution is a potential solutionto this problem, but it is a complex solution that has been underdevelopment for several years; LWN first lookedat it in 2020. The 6.17 kernel is likely to contain an important stepforward for this long-running project.
Version 2.42 of the GNUC Library has been released. Changes include the addition of a number ofnew math functions, support for arbitrary baud rates in thetermios.h interface, support for SFrame-based stack tracing(described in this article), support formemory guard pages, and a handful ofsecurity fixes.
The 6.16 development cycle was another busy one, with 14,639 non-mergechangesets pulled into the mainline - just 18commits short of thetotal for 6.15. The 6.16 release happenedon July27, as expected. Also as expected, LWN has put together itstraditional look at where the code for this release came from.
Fedora's qualityteam is looking to reduce the scope of test coverage and changethe project's release criteria to drop some features from the list ofrelease blockers. This is, in part, an exercise in getting rid ofcriteria, such as booting from optical media, that are less relevant. It is also a necessity, since the Red Hat team focusing on Fedoraquality assurance (QA) is only half the size it was a year ago.
The good folks at Linode still have not managed to fix whatever broke intheir data center, so we are running on an emergency backup server. Thingsseem to be working, but the occasional glitch is to be expected. Pleaseaccept our apologies for the extended downtime!Update: we're back on the regular production server, and all seemsstable now.
There is an inherent limit to the privacy of the publiccloud. While Linux can isolate virtual machines (VMs) from each other,nothing in the system's memory is ultimately out of reach for the host cloudprovider. To accommodate the most privacy-conscious clients, confidentialcomputing protects the memory of guests, even fromhypervisors. But the Linux cloud stack needs to be rethought in order to hostconfidential VMs, juggling two goals that are often at odds: performanceand security.
Security updates have been issued by AlmaLinux (git, kernel, nginx:1.24, and sudo), Fedora (dpkg, java-21-openjdk, java-25-openjdk, java-latest-openjdk, and valkey), Oracle (apache-commons-vfs, sudo, tigervnc, and xorg-x11-server), Red Hat (kernel, krb5, and openssh), SUSE (gnutls, ImageMagick, iputils, kernel-livepatch-MICRO-6-0-RT_Update_10, kubernetes1.18, libarchive, ovmf, python, and salt), and Ubuntu (iputils, linux-aws-6.14, linux-raspi, openjdk-21, and openjdk-24).
People tend to put a lot of trust into their phones. Those devices haveaccess to no end of sensitive data about our lives - our movements,finances, communications, and more - so phones belonging to even relativelylow-profile people can be high-value targets. Android devices run freesoftware, at least at some levels, so it should be possible to ensure thatthey are working in their owners' interests. Off-the-shelf Androidinstallations tend to fall short of that goal. The GrapheneOS Android rebuild is an attemptto improve on that situation.
Security updates have been issued by Debian (chromium, firefox-esr, and mediawiki), Fedora (firefox), Oracle (git, kernel, redis, and sudo), Red Hat (aardvark-dns, firefox, kernel, and thunderbird), Slackware (httpd), SUSE (php7, php8, and salt), and Ubuntu (linux-raspi-realtime and ruby-rack).
Richard van der Hoff, a member of the team that runs the Matrix.org homeserver,has writtena detailed blog post about diagnosing and fixing a problem where Matrix roomswould simply stop working:
Providing security updates for a Linux distribution, such asDebian, involves a lot of work behind the scenes-and requiresmuch more than simply shipping the latest code. On July 15, at DebConf25 in Brest, France,Samuel Henrique walked through the process of providing securityupdates to users; he discussed how Debian learns about securityvulnerabilities, decides on the best response, and the process ofsending out updates to keep its users safe. He also provided guidanceon how others could get involved.
Michael Prokop has posted alengthy list of changes coming in the Debian "trixie" release, due inearly August. "As usual with major upgrades, there are some things tobe aware of, and hereby I'm starting my public notes on trixie that mightbe worth for other folks. My focus is primarily on server systems andlooking at things from a sysadmin perspective."
Python has recently seen a number of experiments to improve its parallelperformance, including exposingsubinterpreters as part of the standard library. These allowseparate threads within the same Python process to run simultaneously, as longas any data sent between them is copied, rather than shared.PEP795 ("Deep Immutability in Python")seeks to make efficient sharing of data between subinterpreters possible byallowing Python objects to be "frozen", so that they can be accessed frommultiple subinterpreters without copying or synchronization.That task is more difficult than itseems, and the PEP prompted a good deal of skepticism from the Python community.
Security updates have been issued by AlmaLinux (cloud-init, fence-agents, git, kernel, and kernel-rt), Debian (openjdk-11), Fedora (firefox, golang, libinput, transfig, and yasm), Mageia (qtbase5, qtbase6), Red Hat (fence-agents, go-toolset:rhel8, golang, kernel, and python-setuptools), Slackware (mozilla), SUSE (cyradm, gstreamer-plugins-base, and xen), and Ubuntu (gdk-pixbuf, jq, linux-gcp, linux-gcp-6.8, linux-oracle, ruby-sinatra, thunderbird, and unbound).
Version141.0 of the Firefox browser is out. Changes include "a local AImodel" that can perform tab grouping, unit conversions in the addressbar, and a change that many of us will find welcome: "On Linux, Firefoxuses less memory and no longer requires a forced restart after an updatehas been applied by a package manager".
GNOME and Fedora contributor Michael Catanzaro has written alengthy blogpost about the future of Fedora Workstation as an image-basedrelease and the need to enable Flathub by default. He writes that theFedora Workstation of the future must be "safe and image-based bydefault", with applications provided through Flathub:
The QUIC transport-layer network protocol is not exactly new; it was firstcovered here in 2013. Despite carrying asignificant part of the traffic on the Internet, QUIC has been anything butquick when it comes to getting support into the Linux kernel. The pacemight be picking up, though; Xin Long has posted the first set ofpatches intended to provide mainline support for this protocol.
LWN.net