By some appearances, at least, the kernel community has been relativelyinsulated from the onslaught of AI-driven software-development tools.There has not been a flood of vibe-coded memory-management patches - yet.But kernel development is, in the end, software development, and thesetools threaten to change many aspects of how software development is done.In a world where companies are actively pushing their developers to usethese tools, it is not surprising that the topic is increasingly prominentin kernel circles as well. There are currently a number of ongoingdiscussions about how tools based on large language models (LLMs) fit intothe kernel-development community.
The release of Rust 1.89 has beenannounced. Changes this time includesupport for inferring the length of certain arrays, lint messages suggesting how to clarify potentially confusing uses of lifetime elision in function signatures, and improvements to the C ABI. Thefull changelog is also available.
Security updates have been issued by AlmaLinux (glibc, kernel, libxml2, python-requests, and python-setuptools), Debian (chromium), Fedora (chromium, firefox, gdk-pixbuf2, iputils, libsoup3, libssh, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, and poppler), Gentoo (Composer and Spreadsheet-ParseExcel), Oracle (glibc, kernel, libxml2, python-setuptools, sqlite, and virt:rhel and virt-devel:rhel), Red Hat (libxml2), SUSE (grub2, libarchive, libgcrypt, and python311), and Ubuntu (cifs-utils and poppler).
The AlmaLinux project has announcedthe availability of packages to enable native NVIDIA driver support,including CUDA and Secure Boot, for AlmaLinux9 and 10.
There is a great deal of misunderstanding, and some misinformation, about theTrustedPlatform Module (TPM); to combat this, Debian developer JonathanMcDowell would like to clear the air and help users understand what itis good for, as well as what it's not. At DebConf25 in Brest, France,he delivered atalk about TPMs that explained what they are, why people might beinterested in using them, and how users might do so on a Debiansystem.
Version0.10.0 of the Tubafediverse client has been released. Notable changes in this releaseinclude a new post composer, an in-app web browser, search history,and many other refinements. See this thread formore details and highlights.
For eight years, Masahiro Yamada has been the sole maintainer of thekernel's build and configuration systems - two complex pieces ofinfrastructure that many people interact with, but few truly understand.Yamada has just steppeddown from that position. Maintenance of the build system will be takenup by Nathan Chancellor and Nicolas Schier (in the "odd fixes" capacity),while the configuration system is now entirely unmaintained.Thanks are due to Yamada for all that work, and to Chancellor and Schierfor stepping up. Hopefully a way will be found to better support theseimportant subsystems in the near future.
Security updates have been issued by AlmaLinux (kernel and python3.12-setuptools), Fedora (perl-Crypt-CBC and unbound), Gentoo (FontForge, GPL Ghostscript, Mozilla Network Security Service (NSS), and PAM), Oracle (gdk-pixbuf2, jq, kernel, mod_security, ncurses, python-requests, and python3-setuptools), Red Hat (python-requests and socat), SUSE (docker, kernel-livepatch-MICRO-6-0-RT_Update_2, kernel-livepatch-MICRO-6-0-RT_Update_4, kernel-livepatch-MICRO-6-0-RT_Update_5, kernel-livepatch-MICRO-6-0-RT_Update_6, kernel-livepatch-MICRO-6-0-RT_Update_7, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, kernel-livepatch-MICRO-6-0_Update_5, kernel-livepatch-MICRO-6-0_Update_6, kubeshark-cli, libgcrypt, pam-config, perl, python-requests, python311, and python313), and Ubuntu (linux-raspi).
Proxmox Virtual Environment 9.0, based on Debian13("trixie"), has been released. Notablenew features include snapshots for thick-provisioned LVM sharedstorage, affinity rules for high availability (HA) clusters, and amodernized mobile web interface for managing Proxmox systems. See thereleasenotes and knownissues for more details about the release.
The use of huge pages can significantly increase the performance of manyworkloads by reducing both memory-management overhead in the kernel andpressure on the system's translation lookaside buffer (TLB). The additionof transparent huge pages (THP) for the 2.6.38 kernel release in 2011caused the kernel to allocate huge pages automatically to make theirbenefits available to all workloads without any effort needed on theuser-space side. But it turns out that use of huge pages can make someworkloads slower as the result of internal memory fragmentation, so the THPfeature is often disabled. Two patch sets aimed at better targeting theuse of transparent huge pages are currently working their way through thereview process.
The call for topics forthe 2025 Maintainers Summit has been posted. The Summit, to be held inTokyo on December10, will involve around 30 developers gathered todiscuss development-process issues for the kernel. Anybody who isinterested in attending is encouraged to post a nomination along with thetopic they would like to discuss. Nominations and topics are best sentbefore September10.The call for topics for the Kernel Summit, which runs as a Linux Plumbers Conference track, is alsoout.
Antonio Cuni, whois a longtime Python performance engineer and PyPy developer, gave a presentation at EuroPython2025 about "Myths and fairy tales around Python performance" onthe first day of the conference in Prague. As might be guessed from thetitle, he thinks that much of the conventional wisdom about Pythonperformance is misleading at best. With lots of examples, he showed wherethe real problems that he sees lie. He has come to the conclusion that memorymanagement will ultimately limit what can be done about Python performance,but he has anearly-stage project called SPy thatmight be a way toward a super-fast Python.
A pair of packages containing fortune "cookies" that weredeemed offensive have been removed from the upcoming Debian13("trixie") release. This has, of course, led to a lengthy discussionand debate about what does, or does not, belong in thedistribution. It may also lead to a general resolution (GR) to decidewhether Debian's codeof conduct (CoC) applies to the contents of packages.
Running a modern mail server is acomplicated business. In part, thiscomplication is caused by the series of incrementally developed practicesdesigned to combat the huge flood of spam that dominates modern emailcommunication. An unfortunate side effect is that it prevents people fromrunning their own mail servers, concentrating people on a few big providers.NNCPNET is a suite of software written by John Goerzen based on thenode-to-node copy (NNCP)protocol that aims to make running one's own mail servers as easy as it oncewas. While the default configurations communicates only with otherNNCPNET servers, there is a public relay that connects the system to the broaderinternet mail ecosystem.
Linuxiac reportsthat another malicious package has been uploaded to the Arch UserRepository (AUR). This time around the package wasgoogle-chrome-stable, which installed a remote-access trojan along with Google Chrome.
Security updates have been issued by AlmaLinux (firefox and thunderbird), Debian (libcommons-lang-java, node-form-data, redis, and sope), Fedora (chromium), Mageia (slurm), Oracle (apache-commons-beanutils, firefox, kernel, redis:6, and thunderbird), Red Hat (kernel, kernel-rt, libxml2, and redis), SUSE (chromium, docker, ffmpeg-7, gnutls, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, libgcrypt, rav1e, and sccache), and Ubuntu (linux-lowlatency, linux-lowlatency-hwe-6.8).
SilverBullet is a MIT-licensed note-taking application, designed to run as aself-hosted web server. Started in 2022, the project is approachingits 2.0 release, making this a good time to explore the features it offers.SilverBullet stores notes as plainMarkdown files, and provides aLuascripting API to customize the application's appearance and behavior.
As of this writing, just over 4,000 non-merge changesets have been pulledinto the mainline repository during the 6.17 merge window. When he announcedthe merge-window opening, Linus Torvalds let it be known that, due to abusy personal schedule, he was likely to pull changes more quickly thanusual this time around; that has been borne out to some extent. Changesmerged so far are focused on core-kernel and filesystem work; read on forthe details.
GitHub director of developer policy, Felix Reda, has publisheda blog post about a GitHub-commissioned study by Open Forum Europe, Fraunhofer ISI andthe European UniversityInstitute. The study finds, not surprisingly, "a profoundmismatch between the importance of open source maintenance and thepublic attention it receives"; it calls for a European sovereigntech fund (STF) modeled after Germany's Sovereign Tech Agency.
There are a lot of things people expect the Linux kernel to do correctly. Someof these are checked by testing or static analysis; a few are ensured byrun-time verification: checking a live property of a running Linux system. Forexample, the scheduler has a handful of different correctness properties thatcan bechecked in this way.Nam Cao posted apatch series that aims to extend the kinds of properties that the kernel'srun-timeverification system can check, by adding support forlinear temporal logic (LTL). The patch set has seen eleven revisions since thefirst version in March2025, and recently made it into the linux-nexttree, from where it seems likely to reach the mainline kernel soon.
In the first keynote atEuroPython 2025 in Prague,Savannah Bailey described her path to becoming a CPython core developer inNovember 2024. She started down that path a few years earlier and hertalk was meant to inspire others-not to slavishly follow hers,but to create their own. In the talk, entitled "You don't have to be a compiler engineerto work on Python", she had lots of ideas for those whomight be thinking about contributing and are wondering how to do so.
Security updates have been issued by AlmaLinux (firefox, icu, kernel-rt, libtpms, redis:6, redis:7, and sqlite), Fedora (chromium and cloud-init), Oracle (icu, java-1.8.0-openjdk, java-21-openjdk, kernel, nodejs:22, perl, and sqlite), SUSE (docker, java-1_8_0-openj9, libxml2, python-starlette, and thunderbird), and Ubuntu (cloud-init, linux-azure, linux-azure-5.4, linux-azure-fips, linux-raspi, linux-raspi-5.4, and perl).
The HeliumOS project has announcedthe release of HeliumOS10. It is relatively new image-based ("atomic")desktop distribution based on packages from CentOSStream andAlmaLinux, with a goal of providing 10 years ofsupport. HeliumOS10 uses the KDE Plasma Desktop, Zsh as itsdefault shell, and Btrfs as its default filesystem.
Priority inversion comes about when a low-priority task holds a resourcethat is also needed by a high-priority task, preventing the latter fromrunning. This problem is made much worse if the low-priority task isunable to gain access to the CPU and, as a result, cannot complete its workand free the resources it holds. Proxy execution is a potential solutionto this problem, but it is a complex solution that has been underdevelopment for several years; LWN first lookedat it in 2020. The 6.17 kernel is likely to contain an important stepforward for this long-running project.
Version 2.42 of the GNUC Library has been released. Changes include the addition of a number ofnew math functions, support for arbitrary baud rates in thetermios.h interface, support for SFrame-based stack tracing(described in this article), support formemory guard pages, and a handful ofsecurity fixes.
The 6.16 development cycle was another busy one, with 14,639 non-mergechangesets pulled into the mainline - just 18commits short of thetotal for 6.15. The 6.16 release happenedon July27, as expected. Also as expected, LWN has put together itstraditional look at where the code for this release came from.
Fedora's qualityteam is looking to reduce the scope of test coverage and changethe project's release criteria to drop some features from the list ofrelease blockers. This is, in part, an exercise in getting rid ofcriteria, such as booting from optical media, that are less relevant. It is also a necessity, since the Red Hat team focusing on Fedoraquality assurance (QA) is only half the size it was a year ago.
The good folks at Linode still have not managed to fix whatever broke intheir data center, so we are running on an emergency backup server. Thingsseem to be working, but the occasional glitch is to be expected. Pleaseaccept our apologies for the extended downtime!Update: we're back on the regular production server, and all seemsstable now.
There is an inherent limit to the privacy of the publiccloud. While Linux can isolate virtual machines (VMs) from each other,nothing in the system's memory is ultimately out of reach for the host cloudprovider. To accommodate the most privacy-conscious clients, confidentialcomputing protects the memory of guests, even fromhypervisors. But the Linux cloud stack needs to be rethought in order to hostconfidential VMs, juggling two goals that are often at odds: performanceand security.
Security updates have been issued by AlmaLinux (git, kernel, nginx:1.24, and sudo), Fedora (dpkg, java-21-openjdk, java-25-openjdk, java-latest-openjdk, and valkey), Oracle (apache-commons-vfs, sudo, tigervnc, and xorg-x11-server), Red Hat (kernel, krb5, and openssh), SUSE (gnutls, ImageMagick, iputils, kernel-livepatch-MICRO-6-0-RT_Update_10, kubernetes1.18, libarchive, ovmf, python, and salt), and Ubuntu (iputils, linux-aws-6.14, linux-raspi, openjdk-21, and openjdk-24).
People tend to put a lot of trust into their phones. Those devices haveaccess to no end of sensitive data about our lives - our movements,finances, communications, and more - so phones belonging to even relativelylow-profile people can be high-value targets. Android devices run freesoftware, at least at some levels, so it should be possible to ensure thatthey are working in their owners' interests. Off-the-shelf Androidinstallations tend to fall short of that goal. The GrapheneOS Android rebuild is an attemptto improve on that situation.
Security updates have been issued by Debian (chromium, firefox-esr, and mediawiki), Fedora (firefox), Oracle (git, kernel, redis, and sudo), Red Hat (aardvark-dns, firefox, kernel, and thunderbird), Slackware (httpd), SUSE (php7, php8, and salt), and Ubuntu (linux-raspi-realtime and ruby-rack).
Richard van der Hoff, a member of the team that runs the Matrix.org homeserver,has writtena detailed blog post about diagnosing and fixing a problem where Matrix roomswould simply stop working:
Providing security updates for a Linux distribution, such asDebian, involves a lot of work behind the scenes-and requiresmuch more than simply shipping the latest code. On July 15, at DebConf25 in Brest, France,Samuel Henrique walked through the process of providing securityupdates to users; he discussed how Debian learns about securityvulnerabilities, decides on the best response, and the process ofsending out updates to keep its users safe. He also provided guidanceon how others could get involved.
LWN.net