LWN.net

Python has aunique approach to static typing. Python programs can contain typeannotations, and even access those annotations at run time, but the annotationsaren't evaluated by default. Instead, it is up to external programs to ascribemeaning to those annotations. The annotations themselves can be arbitrary Pythonexpressions, but in practice usually involve using helpers from the built-intyping module, the meanings of which external type-checkers mostlyagree upon. Yet the type system implicitly defined by the typing moduleand common type-checkers is insufficiently powerful to model all of the kinds ofdynamic metaprogramming found in real-world Python programs.PEP 827 ("Type Manipulation")aims to add additionalcapabilities to Python's type system to fix this, butdiscussionof the PEP has been of mixed sentiment.

Version9.0.0 of the digiKam photo-management system has beenreleased. "This major version introduces groundbreakingimprovements in performance, usability, and workflow efficiency, witha strong focus on modernizing the user interface, enhancing metadatamanagement, and expanding support for new camera models and fileformats." Some of the changes include anew survey tool, more advanced search and sorting options, as wellas bulkediting of geolocation coordinates.

Security updates have been issued by AlmaLinux (delve, git-lfs, and postgresql16), Fedora (cef, chezmoi, chromium, coturn, erlang-hex_core, firefox, gh, gimp, k9s, keylime, keylime-agent-rust, libsixel, microcode_ctl, nextcloud, nss, perl-Crypt-URandom, pgadmin4, php-zumba-json-serializer, postgresql16-anonymizer, prometheus, python-asyncmy, python3.10, python3.11, python3.9, staticcheck, valkey, and vim), SUSE (chromedriver, chromium, coredns, expat, freetype2-devel, gitea-tea, go1.24-openssl, go1.25-openssl, grpc, gstreamer-rtsp-server, gstreamer-plugins-ugly,, helm, jetty-annotations, kubeshark-cli, libaec, libblkid-devel, libsoup, libxml2, libxslt, NetworkManager-applet-strongswan, podman, python-joserfc, python-Markdown, python-pypdf2, python-tornado, python-uv, python311-Django, python311-joserfc, python311-nltk, roundcubemail, and valkey), and Ubuntu (python3.4, python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, python3.14).

Linus has released 7.0-rc3 for testing."So it's still pretty early in the release cycle, and it just feels abit busier than I'd like. But nothing particularly stands out or looksbad."

Geoff Huston looks at the networktime protocol, and efforts to secure it, in detail.

In early February, members of the Fedora Council met in Tirana,Albania to discuss and set the strategic direction for the Fedora Project. Thecouncil has publishedsummaries from its strategy summit, and Fedora Project Leader (FPL) Jef Spaleta,as well as some of the council members, held a video meeting to discuss outcomes fromthe summit on February25. Topics included a plan to experiment with Open Collective to raisefunds for specific Fedora projects, tools to build image-based editions, andmore. Spaleta also explained his model for Fedora governance.

Version25.12.0 of the OpenWrt router distribution is available; this releasehas been dedicated to the memory of Dave Taht. Changes include a switch tothe apk package manager, the integration of the attendedsysupgrade method, and support for a long list of new targets.

Security updates have been issued by Debian (chromium), Fedora (freerdp, libsixel, opensips, and yt-dlp), Mageia (python-django, rsync, and vim), Red Hat (go-rpm-macros and osbuild-composer), SUSE (7zip, assertj-core, autogen, c3p0, cockpit-machines, cockpit, cockpit-repos, containerized-data-importer, cpp-httplib, docker, docker-stable, expat, firefox, gnutls, go1.25-openssl, golang-github-prometheus-prometheus, haproxy, ImageMagick, incus, kernel, kubevirt, libsoup, libsoup2, mchange-commons, ocaml, openCryptoki, openvpn, php-composer2, postgresql14, postgresql15, python-Authlib, python-azure-core, python-nltk, python-urllib3_1, python311-Django4, python311-pillow-heif, python311-PyPDF2, python313, python313-Django6, qemu, rhino, roundcubemail, ruby4.0-rubygem-rack, sdbootutil, and wicked2nm), and Ubuntu (less, nss, python-bleach, qtbase-opensource-src, and zutty).

Version1.94.0 of the Rust language has been released. Changes include arraywindows (an iterator for slices), some Cargo enhancements, and a numberof newly stabilized APIs.

The grith.ai blog reportson an LLM prompt-injection vulnerability that led to 4,000 installations ofa compromised version of the Cline utility.

Chardetis a Python module that attempts to determine which character set was usedto encode a text string. It was originally written by Mark Pilgrim, who isalso the author of a number of Python books; the 1.0 release happened in2006. For many years, this module has been under the maintainership ofDan Blanchard. Chardet has always been licensed under the LGPL, but, withthe 7.0.0release, Blanchard changed the terms to the permissive MIT license.That has led to an extensive (and ongoing) discussion on when code can berelicensed against the wishes of its original author, and whether using alarge language model to rewrite code is a legitimate way to strip copyleftrequirements from code.

Peter Korsgaard has announced version 2026.02 of Buildroot, a tool for generatingembedded Linux systems through cross-compilation. Notable changesinclude added support for HPPA, use of the 6.19.x kernel headers bydefault, better SBOM generation, and more.

Sasha Levin has announced the release of the 6.12.76, 6.6.129, and 6.1.166 stable kernels. These releasesaddress a regression reportedby Peter Schneider; Levin said that an upgrade is only necessary forthose who have observed a build failure with the 6.12.75, 6.6.128, or6.1.165 kernels.

The multi-generational LRU (MGLRU) is analternative memory-management algorithm that was merged for the 6.1 kernelin late 2022. It brought a promise of much-improved performance andsimplified code. Since then, though, progress on MGLRU has stalled, and itstill is not enabled on many systems. As the 2026 Linux Storage,Filesystem, Memory-Management and BPF Summit (LSFMM+BPF) approaches,several memory-management developers have indicated a desire to talk aboutthe future of MGLRU. While some developers are looking for ways to improvethe subsystem, another has called for it to be removed entirely.

Security updates have been issued by AlmaLinux (go-rpm-macros, libpng, thunderbird, udisks2, and valkey), Fedora (coturn, php-zumba-json-serializer, valkey, and yt-dlp), Red Hat (delve, go-rpm-macros, grafana, grafana-pcp, image-builder, osbuild-composer, and postgresql), Slackware (nvi), SUSE (firefox, glibc, haproxy, kernel, kubevirt, libsoup, libsoup2, libxslt, mozilla-nss, ocaml, python, python-Django, python-pip, util-linux, virtiofsd, wicked2nm,suse-migration-services,suse-migration- sle16-activation,SLES16-Migration,SLES16-SAP_Migration, and wireshark), and Ubuntu (gimp, linux-aws, linux-lts-xenial, linux-aws-fips, linux-azure, linux-azure-fips, linux-fips, nss, postgresql-14, postgresql-16, postgresql-17, and qemu).

Inside this week's LWN.net Weekly Edition:

Sasha Levin has announced the release of the 6.19.6, 6.18.16, 6.12.75, 6.6.128, 6.1.165, 5.15.202, and 5.10.252 stable kernels. Each containsimportant fixes throughout the tree; users of these kernels areadvised to upgrade.

Security updates have been issued by AlmaLinux (container-tools:rhel8, firefox, go-rpm-macros, kernel, kernel-rt, mingw-fontconfig, nginx:1.24, thunderbird, and valkey), Debian (gimp), Fedora (apt, avr-binutils, keylime, keylime-agent-rust, perl-Crypt-URandom, python-apt, and rsync), Red Hat (go-rpm-macros and yggdrasil-worker-package-manager), Slackware (python3), SUSE (busybox, cosign, cups, docker, evolution-data-server, freerdp, glibc, gnome-remote-desktop, go1.24-openssl, go1.25-openssl, govulncheck-vulndb, libpng16, libsoup, libssh, libxml2, patch, postgresql14, postgresql15, postgresql16, postgresql17, postgresql18, python, python311, rust-keylime, smc-tools, tracker-miners, and zlib), and Ubuntu (curl, imagemagick, intel-microcode, linux, linux-aws, linux-kvm, linux-aws, linux-aws-5.15, linux-gcp-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle-5.15, linux-aws-fips, and linux-raspi, linux-raspi-5.4).

Jujutsu is an increasingly popular Git-compatible version-control system. It hasa focus on simplifying Git's conceptual model to produce a smoother, clearer command-lineexperience. Some people already have a preferred replacement for Git's usualcommand-line interface, though:Magit, an Emacs package for working with Gitrepositories that also tries to make the interface morediscoverable.Now, a handful of people are working to implement a Magit-style interface for Jujutsu:Majutsu.

This404 Media article looks at how the US Customs and Border Protectionagency (CBP) is using location data from phones to track the location ofpeople of interest.

One of the contradictions of the modern open-source movement isthat projects which respect user freedoms often rely on proprietarytools that do not: communities often turn to non-free software forcode hosting, communication, and more. At Configuration ManagementCamp (CfgMgmtCamp) 2026, Jan Ainali spokeabout the need for open-source projects to adopt open tools; he hoped to persuade new and mature projects to switch to openalternatives, even if just one tool, to reduce their dependencies ontech giants and support community-driven infrastructure.

Matthew Garrett examinesthe factors that go into the decision about whether to install afirmware update or not.

Security updates have been issued by AlmaLinux (containernetworking-plugins, gnutls, kernel, libpng, and skopeo), Debian (firefox-esr, php8.2, and spip), Fedora (erlang and python-pillow), Red Hat (go-toolset:rhel8, golang, and yggdrasil), SUSE (cups, fluidsynth, gvfs, haproxy, libsoup, libsoup-3_0-0, mozilla-nss, python-azure-core, and shim), and Ubuntu (git and mailman).

There are many applications that need to be able to write multi-blockchunks of data to disk with the assurance that the operation will eithercomplete successfully or fail altogether - that the write will not bepartially completed (or "torn"), in other words. For years, kerneldevelopers have worked on providing atomic writes as a way of satisfyingthat need; see, for example, sessions from the Linux Storage, Filesystem,Memory Management, and BPF (LSFMM+BPF) Summit from 2023, 2024,and 2025 (twice). While atomic direct I/O is now supported by some filesystems, atomicbuffered I/O still is not. Fillingthat gap seems certain to be a 2026 LSFMM+BPF topic but, thanks to an earlydiscussion, the shape of a solution might already be coming into focus.

Toke Hoiland-Jorgensen has posted anoverview of how zero-copy networking works in the Linux kernel.

Version 7.3 of Texinfo, the GNU documentation-formatting system, has been released. It contains a number of new features, performance improvements, and enhancements.

The free and open-source software (FOSS) movements have always beenabout giving freedom and power to individuals and organizations;throughout that history, though, there have also been actors tryingto exploit FOSS to their own advantage. At Configuration ManagementCamp (CfgMgmtCamp) 2026 in Ghent, Belgium, Richard Fontana describedthe "exploitation paradox" of open source: the recurringpattern of crises when actors exploit loopholes to restrict freedomsor gain the upper hand over others in the community. He also talkedabout the attempts to close those loopholes as well as the need tolook beyond licenses as a means of keeping freedom alive.

Motorola has announcedthat it will be working with the GrapheneOS Foundation, a producer of asecurity-enhanced Android distribution. "Together, Motorola and theGrapheneOS Foundation will work to strengthen smartphone security andcollaborate on future devices engineered with GrapheneOScompatibility.". LWN looked atGrapheneOS last July.

Version1.0 of Gram, an "opinionated fork of the Zed code editor",has been released. Gram removes telemetry, AI features, collaborationfeatures, and more. It adds built-in documentation, support foradditional languages, and tab-completion features similar to the Supertabplugin for Vim. The mission statement forthe project explains:

Security updates have been issued by Debian (lxd, orthanc, and thunderbird), Fedora (cef, chromium, gimp, nextcloud, pgadmin4, python-django4.2, python-django5, python3-docs, python3.12, python3.13, and python3.9), Oracle (container-tools:rhel8 and mingw-fontconfig), Slackware (gvfs, mozilla, and telnet), SUSE (avahi, cockpit-356, cockpit-podman, cockpit-podman-120, containerized-data-importer, digger-cli, docker, evolution-data-server, expat, firefox, freerdp2, gimp, glib2, glibc, go1, google-guest-agent, google-osconfig-agent, gosec, gpg2, heroic-games-launcher, ImageMagick, kernel, kernel-firmware, kubevirt, libIex-3_4-33, libjxl-devel, libpng16, libsodium, libsoup, libsoup2, libssh, libudisks2-0, libwireshark19, protobuf, python-pyasn1, python-urllib3, python311, python311-Flask, rust-keylime, thunderbird, ucode-intel, and valkey), and Ubuntu (git).

The 7.0-rc2 kernel prepatch is out fortesting. According to Linus:

Version 1.24.0 of the groff text-formatting system has been released.Improvements include the ability to insert hyperlinks between man pages, anew polygon command for the pic preprocessor, variousPDF-output improvements, and more.

The Python bitwise-inversion (or complement) operator, "~", behavespretty much as expected when it is applied to integers-it toggles everybit, from oneto zero and vice versa. It might be expected that applying theoperator to a non-integer, a boolfor example, would raise a TypeError, but, because thebool type is really an intin disguise, the complement operator is allowed, at least for now. Fornearly 15years (and perhaps longer), there have been discussions about theoddity of that behavior and whether it should be changed. Eventually,that resulted in the "feature" being deprecated, producing a warning, with removal slated forPython3.16 (due October 2027). That has led to some reconsideration and thedeprecation may itself be deprecated.

Greg Kroah-Hartman has announced the 6.19.4 and 6.18.14 stable kernels. Shortly after6.19.4 was released Kris Karas reported "getting a repeatable Oops right when networking is initialized, likely when nft is loading itsruleset"; the problem did not appear to be present in 6.18.14. Usersof nftables may wish to hold off on upgrades to 6.19.4 for now. Wewill provide updates as they are available.Update: Kroah-Hartman has released the 6.19.5 and 6.18.15 kernels with a fix for theregression in 6.19.4 and 6.18.14. All users of netfilter are advisedto upgrade to those versions.

Security updates have been issued by AlmaLinux (389-ds-base, buildah, firefox, freerdp, golang-github-openprinting-ipp-usb, grafana-pcp, kernel, libpng15, munge, nodejs:20, nodejs:22, podman, protobuf, python-pyasn1, runc, and skopeo), Debian (chromium, nss, and python-django), Fedora (firefox, freerdp, gh, libmaxminddb, nss, python3.15, and udisks2), Oracle (buildah, firefox, freerdp, kernel, libpng, podman, python-pyasn1, skopeo, and valkey), Red Hat (container-tools:rhel8), SUSE (autogen, chromium, cockpit, cockpit-machines-348, cockpit-packages, cockpit-repos, cockpit-subscriptions, crun, docker, docker-compose, docker-stable, erlang, freerdp, frr, glib2, gpg2, kernel, kernel-firmware, libsodium, libsoup, libsoup2, openvswitch, python, python-pyasn1, python-urllib3, python-urllib3_1, python3, qemu, redis7, regclient, and ucode-intel), and Ubuntu (linux-aws, linux-aws-6.8, linux-ibm, linux-ibm-6.8, linux-xilinx, python-authlib, and ruby-rack).

The International Image InteroperabilityFramework, or IIIF ("triple-eye eff"), is a small set of standards thatform a basis for serving, displaying, and reusing image data on the web. Itconsists of a number of API definitions that compose with each other toachieve a standard for providing, for example, presentations ofhigh-resolution images at multiple zoom levels, as well as bundling multiple imagestogether. Presentations may include metadata about details like authorship,dates, references to other representations of the same work, copyrightinformation, bibliographic identifiers, etc. Presentations can be furthergrouped into collections, and metadata can be added in the form oftranscriptions, annotations, or captions. IIIF is most popular withcultural-heritage organizations, such as libraries, universities, andarchives.

Security updates have been issued by AlmaLinux (freerdp), Debian (firefox-esr and libstb), Fedora (389-ds-base, chromium, firefox, munge, opentofu, python3-docs, python3.14, and vim), Oracle (buildah, containernetworking-plugins, gimp, grafana, grafana-pcp, kernel, podman, runc, and skopeo), Red Hat (go-toolset:rhel8, golang, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, mariadb:10.11, podman, and skopeo), SUSE (cacti, docker-stable, expat, firefox-esr, freerdp, freerdp2, libjxl, libsoup-2_4-1, python-tornado, python-urllib3_1, python3, python311-Django4, python312, python313, python39, and redis), and Ubuntu (ceph, mongodb, protobuf, and rlottie).

Inside this week's LWN.net Weekly Edition:

The stated support periods for the 6.6, 6.12, and 6.18 kernels has been extended.The 6.6 kernel will be supported with stable updates through the end of2027 (for four years of support total), while 6.12 and 6.18 will getupdates through the end of 2028, for four and three years of support.

On February12, Yeoreum Yun posted asuggestionfor an improvement to the security of the kernel's BPF implementation: usememory protection keys to prevent unauthorized access to memory by BPFprograms.Yun wanted to put the topic on the list for discussion at the LinuxStorage, Filesystem, Memory Management, and BPF Summit in May, but thelack of engagement makes that unlikely. They also have a patch set implementingsome of the proposed changes, but has not yet shared that with the mailing list.Yun's proposal does not seem likely to be accepted in itscurrent form, but the kernel hasadded hardware-based hardening options in thepast, sometimes after substantial discussion.

The Network TimeProtocol (NTP) debuted in 1985; it is a universally used, openspecification that is deeply important for all sorts of activities wetake for granted. It also, despite a number of efforts, remainsstubbornly unsecured. Ruben Nijveld presented work at FOSDEM 2026 tospeed adoption of the thus-far largely ignored standard for securingNTP traffic: IETF's RFC-8915 that specifies Network TimeSecurity (NTS) for NTP.

The MetaBrainz Foundation has announced the unexpected passing ofits founder and executive director, Robert Kaye:

Security updates have been issued by AlmaLinux (grafana and grafana-pcp), Debian (gnutls28), Fedora (chromium and yt-dlp), Oracle (389-ds-base, kernel, munge, and openssl), Red Hat (buildah, containernetworking-plugins, opentelemetry-collector, podman, runc, and skopeo), Slackware (mozilla), SUSE (chromium, cosign, firefox, freerdp, gimp, heroic-games-launcher, kernel, libopenssl-3-devel, libxml2, libxslt, mosquitto, openqa, os-autoinst, openqa-devel-container, openvswitch, phpunit, postgresql14, postgresql15, postgresql16, protobuf, python310, python311-PyPDF2, python36, snpguest, warewulf4, and weblate), and Ubuntu (curl, kernel, linux, linux-gcp, linux-gke, linux-gkeop, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia-tegra, linux-oracle, linux-xilinx-zynqmp, linux, linux-gkeop, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-raspi, linux-fips, linux-fips, linux-gcp-fips, linux-gcp, linux-gcp-6.8, linux-gke, linux-oracle-6.8, linux-gcp-fips, linux-ibm, linux-ibm-6.8, linux-intel-iot-realtime, linux-realtime, linux-raspi-realtime, linux-realtime, linux-realtime-6.8, and linux-xilinx).

LibreOffice online is a web-based version of the LibreOffice suite that canbe hosted on anybody's infrastructure. This project was put into stasis back in 2022, a move marked bysome tension with Collabora, a major LibreOffice developer that has its own online offering. Now,the Document Foundation has announceda new effort to breathe life into this project.

Version5.4.0 of GNU awk(gawk) has been released. This is a major release with a change ingawk's default regular-expression matcher: it now uses MinRXas the default regular-expression engine.

Version148 of Firefox has been released. The most notable change in thisrelease is the addition of a "Block AI enhancements" option thatallows turning off "new or current AI enhancements in Firefox, orpop-ups about them" with a single toggle.With this release, Firefox now supports the TrustedTypes API to help prevent cross-site scripting attacks as well asthe SanitizerAPI that provides new methods for HTML manipulation. See the releasenotes for developers for changes that may affect web developers orthose who create Firefox add-ons.

The facilities provided by the kernel for the management of processes haveevolved considerably in the last few years, driven mostly by the advent ofthe pidfd API. A pidfd is a filedescriptor that refers to a process; unlike a process ID, a pidfd is anunambiguous handle for a process; that makes it a safer, more deterministicway of operating on processes. Christian Brauner, who has driven much ofthe pidfd-related work, is proposingtwo new flags for the clone3()system call, one of which changes the kernel's security model in asomewhat controversial way.

Security updates have been issued by AlmaLinux (kernel, kernel-rt, and munge), Debian (openssl), Mageia (gegl), Oracle (firefox, freerdp, gnupg2, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, java-11-openjdk, kernel, libpng15, munge, nodejs:20, nodejs:22, protobuf, and uek-kernel), SUSE (libpng12, libpng16, and openQA, openQA-devel-container, os-autoinst), and Ubuntu (gimp, libssh, and linux-azure).

Version11.1.0 of the GNU Octave scientific programming language has beenreleased.

The 7.0 merge windowclosed on February 22 with 11,588 non-merge commits total,3,893 of which came in afterthe article covering the first half of the mergewindow. The changes in the second half were weighted toward bug fixes overnew features, which is usual. There were still a handful of surprises, however, including89 separate tiny code-cleanup changes from different people for the rtl8723bsdriver, a number thatsurprisedGreg Kroah-Hartman. It's unusual for a WiFi-chip driver to receive that muchattention, especially a staging driver that is not yet ready for general use.