LWN.net

The 4.3-rc7 kernel prepatch is out."So it may still be Saturday at home, but with the Kernel Summit inKorea coming up, I'm ahead of the curve in a +0900 timezone, and it'sSunday here. So it's release day." This looks to be the finalprepatch, with 4.3 likely to come out on November 1.

Python language developer Nick Coghlan has posted asurvey of 27 languages that, he thinks, have lessons for Python."One of the things we do as part of the Python core developmentprocess is to look at features we appreciate having available in otherlanguages we have experience with, and see whether or not there is a way toadapt them to be useful in making Python code easier to both read andwrite. This means that learning another programming language that focusesmore specifically on a given style of software development can help improveanyone's understanding of that style of programming in the context ofPython."

Mozilla CEO Mitchell Baker has announced the launch of "an award program specifically focused on supporting open source and free software. The main focus of the program will be to provide financial support of other projects, "to recognize and celebrate communities who are leading the way with open source projects that contribute to our work and the health of the Web. It encompasses both: a) a “give back” element for open source and free software projects that Mozilla relies on; and b) a “give forward” component for supporting other projects where financial resources from Mozilla can make our entire community more successful." The initial funding allocation for the program is $1,000,000, and Mozilla is seeking applications for ten recipient projects. The announcement also notes that one planned component of the program will be to fund security-related work. (Thanks to Martin Michlmayr)

Arch Linux has updated jdk7-openjdk (multiple vulnerabilities), jdk8-openjdk (multiple vulnerabilities), jre7-openjdk (multiple vulnerabilities), jre7-openjdk-headless (multiple vulnerabilities), jre8-openjdk (multiple vulnerabilities), and jre8-openjdk-headless (multiple vulnerabilities).CentOS has updated kvm (C5:code execution)and qemu-kvm (C6: code execution).Debian-LTS has updated cakephp (denial of service), optipng (use after free), and polarssl (code execution).openSUSE has updated python-Django (13.2: multiple vulnerabilities).Oracle has updated kvm (O5:code execution)and qemu-kvm (O6: code execution).Red Hat has updated java-1.6.0-sun (RHEL 5, 6, 7: multiple vulnerabilities), java-1.7.0-oracle (RHEL 5, 6, 7: multiple vulnerabilities), java-1.8.0-oracle (RHEL 6, 7: multiple vulnerabilities), kvm (RHEL 5: code execution), openstack-ironic-discoverd (RHEL OSP 7:command execution), and qemu-kvm (RHEL 6: code execution).Scientific Linux has updated kvm (SL5: code execution) and qemu-kvm (SL6: code execution).Ubuntu has updated miniupnpc(15.10: code execution) and oxide-qt(15.10: multiple vulnerabilities).

Here's asurvey of orchestration systems on the O'Reilly site. "Varioussoftware tools and solutions exist to help with these challenges. Let’sfocus on orchestration tools, which help make all the pieces work together,working with the cluster to start containers on appropriate hosts andconnect them together. Along the way, we’ll consider scaling and automaticfailover, which are important features."

The4.2.4,4.1.11,3.14.55, and3.10.91 stable kernel updates areavailable. These are relatively large updates with a lot of importantfixes.

Ubuntu 15.10 (codenamed "Wily Werewolf") has been released. "Under the hood, there have been updates to many core packages, includinga new 4.2-based kernel, a switch to gcc-5, and much more.Ubuntu Desktop has seen incremental improvements, with newer versions ofGTK and Qt, updates to major packages like Firefox and LibreOffice, andstability improvements to Unity.Ubuntu Server 15.10 includes the Liberty release of OpenStack, alongsidedeployment and management tools that save devops teams time whendeploying distributed applications - whether on private clouds, publicclouds, x86, ARM, or POWER servers, or on developer laptops. Severalkey server technologies, from MAAS to juju, have been updated to newupstream versions with a variety of new features." More informationcan be found in the releasenotes.

Arch Linux has updated ntp(multiple vulnerabilities).CentOS has updated java-1.7.0-openjdk (C7; C6; C5: many vulnerabilities) andjava-1.8.0-openjdk (C7; C6: many vulnerabilities).Debian-LTS has updated unzip (twovulnerabilities).openSUSE has updated python-django (13.1: two vulnerabilities).Oracle has updated java-1.7.0-openjdk (OL7; OL6; OL5: many vulnerabilities) and java-1.8.0-openjdk (OL7; OL6: many vulnerabilities).Red Hat has updated java-1.7.0-openjdk (RHEL6&7; RHEL5: many vulnerabilities) and java-1.8.0-openjdk (RHEL6&7: many vulnerabilities).Scientific Linux has updated java-1.7.0-openjdk (SL6&7; SL5: many vulnerabilities) and java-1.8.0-openjdk (SL6&7: many vulnerabilities).

The LWN.net Weekly Edition for October 22, 2015 is available.

Mark Shuttleworth introduces thenext Ubuntu release, 16.04 LTS.All of these are coming together beautifully, making Ubuntu the fastest path to magic of all sorts. And that magic will go by the codename… xenial xerus!What fortunate timing that our next LTS should be X, because “xenial” means “friendly relations between hosts and guests”, and given all the amazing work going into LXD and KVM for Ubuntu OpenStack, and beyond that the interoperability of Ubuntu OpenStack with hypervisors of all sorts, it seems like a perfect fit.And Xerus, the African ground squirrels, are among the most social animals in my home country. They thrive in the desert, they live in small, agile, social groups that get along unusually well with their neighbours (for most mammals, neighbours are a source of bloody competition, for Xerus, hey, collaboration is cool). They are fast, feisty, friendly and known for their enormous… courage. That sounds just about right. With great… courage… comes great opportunity!

CentOS has updated libwmf (C7; C6:multiple vulnerabilities).Debian has updated chromium-browser (multiple vulnerabilities).Oracle has updated libwmf (OL7; OL6: multiple vulnerabilities).Red Hat has updated libwmf(RHEL6,7: multiple vulnerabilities).Scientific Linux has updated libwmf (SL6,7: multiple vulnerabilities).Ubuntu has updated kernel (15.04:multiple vulnerabilities), linux-lts-vivid(14.04: multiple vulnerabilities), miniupnpc (15.04, 14.04, 12.04: codeexecution), and oxide-qt (15.04, 14.04: multiple vulnerabilities).

Access control lists (ACLs) can implement finer-grained access permissionsfor files than the traditional Unix mode bits. Linux has ACL support, butthe POSIX ACLs supported by Linux now have been showing their age for a while. POSIX ACLs may soon besuperseded by a more capable mechanism known as RichACLs. Click below (subscribers only) fora look at RichACLs and what they bring to Linux.

OwnCloud Server 8.2 is available.This release features a a revamped user interface and many improvements forownCloud administrators. "ownCloud Server 8.2 makes it possible forownCloud Administrators to send their users notifications, useful to letusers know about a maintenance window for example. Admins can now also setlimits on trash and version retention, ensuring that trashed files andversions get deleted after a set number of days or are not purged for acertain period. The occ command line tool has gained significant new maintenance and control features. It enables encrypting, decrypting and re-encrypting existing user data and can now set and get system and app configuration values. It can also be used to rescan the file system and update mime types after custom types have been defined."

Debian has updated postgresql-9.4 (two vulnerabilities) and wordpress (multiple vulnerabilities).Fedora has updated opensmtpd(F22: multiple vulnerabilities) and sssd (F22; F21: memory leak).openSUSE has updated flash-player(11.4: multiple vulnerabilities).SUSE has updated librsvg(SLE11SP3,4: denial of service) and qemu(SLE12: multiple vulnerabilities).Ubuntu has updated kernel (14.04; 12.04:multiple vulnerabilities), linux-lts-trusty(12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiplevulnerabilities), and linux-ti-omap4(12.04: multiple vulnerabilities).

Opensource.com has an interviewwith Sam Aaron, creator of Sonic Pi. "Sonic Pi is a musical instrument that happens to use code as its interface. It's also a programming environment that happens to be very capable of making sophisticated sounds. It's actually many things—a tool for learning how to program, for exploring new notations for music, for improvising electronic music, for collaborating on musical ideas via text, for researching new programming techniques related to time and liveness. Most of all, it's a lot of fun."

Arch Linux has updated flashplugin (multiple vulnerabilities), miniupnpc (code execution), and spice (multiple vulnerabilities).Debian has updated owncloud (multiple vulnerabilities).Debian-LTS has updated freeimage(integer overflow) and postgresql-8.4 (denialof service).Fedora has updated firefox (F22: multiple vulnerabilities) and lxdm (F22; F21: two vulnerabilities).Gentoo has updated bind (denial of service).Mageia has updated flash-player-plugin (multiple vulnerabilities).openSUSE has updated docker(13.2: two vulnerabilities).Red Hat has updated flash-plugin(RHEL6: multiple vulnerabilities).

Linus has released 4.3-rc6 fortesting. "Things continue to be calm, and in fact have gottenprogressively calmer. All of which makes me really happy, although mysuspicious nature looks for things to blame. Are people just on their bestbehavior because the Kernel Summit is imminent, and everybody is puttingtheir best foot forward?"

Theo de Raadt is celebrating the twentieth anniversary of the creation ofthe OpenBSD source tree. "Chuck [Cranor] and I also worked onsetting up the first 'anoncvs' to make sure noone was ever cut out from'the language of diffs' again. I guess that was the precursor for thegithub concept these days :-)"

Ars Technica reportsthat a handful of app distributors are putting many Android users at risk bybundling root exploits with their wares. "It took just one month of part-time work for the computer scientists to reverse engineer 167 exploits from a single provider so they could be reused by any app of their choosing. Ultimately, the researchers concluded that the providers, by providing a wide array of highly customized exploits that are easy to reverse engineer and hard to detect, are putting the entire Android user base at increased risk."

Here's alengthy Techdirt article looking through the US Appeals Court rulingthat Google's scanning of books constitutes fair use under copyright law."Thus, while authors are undoubtedly important intended beneficiariesof copyright, the ultimate, primary intended beneficiary is the public,whose access to knowledge copyright seeks to advance by providing rewardsfor authorship."

The Free Software Foundation has announced theposting of a setof criteria meant to be used for judging the suitability ofcode-hosting sites. "The criteria emphasize protection of privacy(including accessibility through the Tor network), functionality withoutnonfree JavaScript, compatibility with copyleft licensing and philosophy,and equal treatment of all users' traffic."

Arch Linux has updated firefox (information disclosure).Debian-LTS has updated zendframework (SQL injection).Fedora has updated kernel (F22: privilege escalation).Mageia has updated 389-ds-base (cipher downgrade), cyrus-imapd (unspecified), and wireshark (denial of service).openSUSE has updated flash-player(13.2, 13.1: unspecified).Oracle has updated lxc (OL7; OL6: apparmor policy bypass).Red Hat has updated chromium-browser (RHEL6: multiplevulnerabilities), openstack-glance(RHELOSP: two vulnerabilities), openstack-neutron (RHELOSP: ACL bypass), openstack-nova (RHELOSP: denial of service),openstack-swift (RHELOSP: informationdisclosure), python-django (RHELOSP:multiple vulnerabilities), and qemu-kvm-rhev (RHELOSP: code execution).SUSE has updated flash-player (SLE12; SLE11SP3,4: unspecified).Ubuntu has updated click (15.04,14.04: privilege escalation), firefox(15.04, 14.04, 12.04: information disclosure), and postgresql-9.1, postgresql-9.3, postgresql-9.4(15.04, 14.04, 12.04: two vulnerabilities).

Red Hat has announcedthat it is acquiring Ansible, the company behind the Ansible configurationmanagement system. "Ansible's automation capabilities, togetherwith Red Hat's existing management portfolio, will help users drive downthe cost and complexity of deploying and managing both cloud-native andtraditional applications across hybrid cloud environments." LWN looked at Ansible in August.

Arch Linux has updated mbedtls (code execution).Fedora has updated fossil (F22; F21: man-in-the-middle attack).Mageia has updated roundcubemail (multiple vulnerabilities).openSUSE has updated flash-player(13.2, 13.1: multiple vulnerabilities), jakarta-taglibs-standard (13.2, 13.1: codeexecution), rsync (13.2, 13.1: filechecksum collision), and spice (13.2, 13.1:multiple vulnerabilities).Oracle has updated docker-engine (OL7; OL6: two vulnerabilities).Red Hat has updated flash-plugin(RHEL6: multiple vulnerabilities).SUSE has updated docker (SLE12: two vulnerabilities).Ubuntu has updated commons-httpclient (15.04, 14.04, 12.04:multiple vulnerabilities) and pollinate(15.04, 14.04: new certificate).

The LWN.net Weekly Edition for October 15, 2015 is available.

On the final day of LinuxCon Europe 2015, HP's Chief TechnologyOfficer Martin Fink delivered a bold keynote about softwarelicensing. Fink recapped the negative effects of licenseproliferation and addressed projects that use their choice of licenseas hostile act against the competition. He then ended the sessionwith an extended appeal to move the open-source software industry awayfrom permissive licenses like Apache 2.0 and toward copyleft licenseslike the GPL. Not doing so, he said, puts the FOSS community at justas much risk of collapse as license proliferation threatened to inyears past.

Arch Linux has updated chromium (multiple vulnerabilities) and flashplugin (multiple vulnerabilities).Fedora has updated icu (F22:multiple vulnerabilities), php (F22:multiple vulnerabilities), and xen (F22; F21:denial of service).Mageia has updated flash-player-plugin (multiplevulnerabilities), git (multiplevulnerabilities), openjpeg2 (codeexecution), and qemu (multiple vulnerabilities).openSUSE has updated polkit(13.2, 13.1: multiple vulnerabilities).SUSE has updated flash-player (SLE12; SLE11-SP3,4: multiple vulnerabilities).Ubuntu has updated gdk-pixbuf(15.04, 14.04, 12.04: two vulnerabilities).

There has been a lot of concern recently that a newset of rules [PDF] from theUS Federal Communications Commission (FCC) could lead to locking-down ofhome router devices. It appears that the worst-case scenario feared bymany will not come to pass, but that has not stopped a large, high-profilegroup of developers from putting together a detailed counter-proposalto the FCC that could change the game entirely. Not content with fendingoff the lockdown threat, this group seeks to push the pendulum the otherway by forcing router software to be open. The result, it is said, would be anInternet that performs better and which is much more secure.

The term "bundling" refers to the practice of distributing a copy of onesoftware project (usually some sort of library) within another one.Software developers may have a number of reasons for bundling, but Linux distributors tend to dislike it forreasons of their own. The Fedora project, in particular, has longforbidden bundling except in a few cases where it could not beavoided. It now seems, though, that Fedora has decided to back off a biton its anti-bundling policy — a decision that is not uniformly popular inits development community, but which may well be necessary to help ensurethe distribution's ongoing relevance.

CentOS has updated spice (C7:multiple vulnerabilities) and spice-server(C6: multiple vulnerabilities).Debian has updated kernel (multiple vulnerabilities).Debian-LTS has updated linux-2.6 (multiple vulnerabilities).Fedora has updated openjpeg2(F21: code execution) and php (F21: multiple vulnerabilities).Oracle has updated spice (OL7:multiple vulnerabilities) and spice-server(OL6: multiple vulnerabilities).Red Hat has updated spice (RHEL7:multiple vulnerabilities) and spice-server(RHEL6: multiple vulnerabilities).Scientific Linux has updated spice (SL7: multiple vulnerabilities) and spice-server (SL6: multiple vulnerabilities).SUSE has updated kernel-source(SLE12: multiple vulnerabilities).

Here is anarticle in Slate about the dangers of using closed-source software toprovide evidence in criminal trials. "Because eliminating errorsfrom code is so hard, experts have endorsed openness to public scrutiny asthe surest way to keep software secure. Similarly, requiring the governmentto rely exclusively on open-source forensic tools would crowd-sourcecross-examination of forensic device software. Forensic devicemanufacturers, which sell exclusively to government crime laboratories, maylack incentives to conduct the obsessive quality testing required."

The Electronic Frontier Foundation reportsthat 567 relays from the 2014 Tor Challenge are still up and running—"more than were established during the entire inaugural Tor Challenge back in 2011. To put that number in perspective, these nodes represent more than 8.5% of the roughly 6,500 public relays currently active on the entire Tor network, a system that supports more than 2-million directly connecting clients worldwide."

Arch Linux has updated gdk-pixbuf2 (two vulnerabilities).Debian has updated spice (multiple vulnerabilities).Fedora has updated ntp (F22: multiple vulnerabilities).Mageia has updated isodumper(MG5: command execution), jakarta-commons-httpclient (MG5: denial ofservice), kernel-linus (MG5: multiplevulnerabilities), php-ZendFramework/php-ZendFramework2 (MG5:privilege escalation), php/php-timezonedb(MG5: multiple vulnerabilities), and spice(MG5: multiple vulnerabilities).openSUSE has updated chromium(13.2, 13.1: information disclosure) and lxc (13.2, 13.1: apparmor policy bypass).

The fifth 4.3 prepatch is out. "It'sthe usual 'lots of small fixes to drivers and architecture code, with somefilesystem updates thrown in for variety'." This prepatch alsofeatures a change to the kernel codename, which is now "Blurry Fish Butt".

The new version of the WRT1900AC router from Linksys looks like justanother high-end home router, but there is an important difference:"Linksys has collaborated with OpenWrt and Marvell to provide fullopen source support for the WRT1900ACS in OpenWrt's stable and developmentbranches." When asked, the company confirmed that the router isfully supported by free drivers. LWN is not normally filled withnew-product announcements, but, given the pervasive binary-blob problem inthis space, a router with free drivers seems noteworthy.

Arch Linux has updated opensmtpd(multiple vulnerabilities).Fedora has updated 389-ds-base(F21: cipher downgrade), kernel (F22: threevulnerabilities), and qemu (F22 F21: multiple vulnerabilities).openSUSE has updated freetype2(13.1: two vulnerabilities from 2014).Red Hat has updated OpenStackdirector (RHELOSP7: authentication bypass) and python-django (RHELOSP7: denial of service).SUSE has updated firefox(SLE11SP3, SLE11SP4: multiple vulnerabilities).

The Creative Commons has announced that a"detailedanalysis" has determined that materials licensed under BY-SA 4.0license may be distributed under the terms of GPLv3. "But if youruse case calls for or requires (in the case of remixing CC BY-SA 4.0 andGPLv3 material to make a single adaptation) releasing a CC BY-SA 4.0adaptation under GPLv3, now you can: copyright in the guise of incompatiblecopyleft licenses is no longer a barrier to growing the part of the commonsyou’re working in. We hope that this new compatibility not only removes abarrier, but helps inspire new and creative combinations of software andculture, design, education, and science, and the adoption of software bestpractices such as source control (e.g., through “git”) in thesefields."

On his blog, Martin Gräßlin has posted an update on porting KDE's Plasma desktop to Wayland. There has been progress in various areas, including transient window positioning (which makes menus appear at the right location), Plasma/KWin specific extensions, support for multiple X servers, and support for "KWin in the cloud":"So on Friday I decided to dedicate my development time on a virtual framebuffer backend. This backend (to start use kwin_wayland --xwayland --virtual) doesn’t render to any device, but only “simulates” rendering by using a QImage which then isn’t used at all. Well not completely true: there is an environment variable to force the backend to store each rendered frame into a temporary directory.Why is such a virtual backend so exiting? Well it means we can run KWin anywhere. We are not bound to any hardware restrictions like screen attached or screen resolution. With other words we can run it on servers – in the cloud. The first such instance runs on our CI [continuous integration] servers in the form of an automated integration test. And in future there will be much more such tests."

Arch Linux has updated bugzilla(privilege escalation).openSUSE has updated IPython,(cross-site scripting).SUSE has updated php5 (SLE11SP2:three vulnerabilities).

SCSI subsystem maintainer James Bottomley has posted adifferent view on the issue of civility on the kernel's mailing lists."So, by and large, I’m proud of the achievements we’ve made incivility and the way we have improved over the years. Are we perfect? byno means (but then perfection in such a large community isn’t a realisticgoal). However, we have passed our stress test: that an individual withbad patches to several mailing lists was met with courtesy and helpfuladvice, in spite of serially repeating the behaviour."

The LWN.net Weekly Edition for October 8, 2015 is available.

Drivers for graphics hardware are an important part of the graphics stack,so it was not unexpected that the 2015 X.Org DevelopersConference had several status updates for free graphics drivers. Threeprojects had talks: theNouveau driver forNVIDIA devices, the amdgpu driver for AMDhardware, and the Etnaviv driver forVivante GPUs. Each presented an update on its progress and plans.

Debian has updated freetype(denial of service) and zendframework (two vulnerabilities).Fedora has updated openhpi (F22:world writable /var/lib/openhpi directory) and wireshark (F22: multiple vulnerabilities).Ubuntu has updated spice (15.04,14.04: multiple vulnerabilities).

Back in the distant past (May 2015), LWN lookedat a couple of efforts to provide improved string-handling primitivesto the kernel. One of those two was recently merged, while the other hasrun into trouble; both cases highlight a fundamental concern Linus hasabout this type of kernel patch. The end result is that it is possible toevolve the kernel toward safer interfaces, but attempts to do so as a seriesof mass changes will probably not end well.

Open Invention Network (OIN) marks its ten year anniversary. "Since its founding in 2005, Open Invention Network has grown its community to over 1,700 participants – from sizable multinational companies to key open source projects to emerging businesses. OIN has expanded its strategic patent portfolio to more than 1,000 worldwide patents and applications. In parallel, the zone of patent non-aggression that is defined by OIN’s Linux System definition has evolved to include more than 2,300 software packages, which ensures freedom of action in core functionality for global open source projects and technology platforms such as Linux, Red Hat, SUSE, Android, Open Stack and Apache."

Arch Linux has updated nodejs (denial of service).Fedora has updated libvpx (F21:denial of service), openjpeg2 (F22: codeexecution), pixman (F22: buffer overflow),unzip (F21: two vulnerabilities), webkitgtk (F22; F21: denial of service), and webkitgtk3 (F22; F21: denial of service).openSUSE has updated apache2(13.2, 13.1: multiple vulnerabilities), conntrack-tools (13.2, 13.1: denial ofservice), froxlor (13.2, 13.1: privilegeescalation), redis (13.2, 13.1: codeexecution), seamonkey (13.2, 13.1: multiplevulnerabilities), thunderbird (13.2, 13.1:multiple vulnerabilities), and vorbis-tools(13.2, 13.1: code execution).SUSE has updated firefox, nspr(SLE12: multiple vulnerabilities).Ubuntu has updated kernel (15.04; 14.04:multiple vulnerabilities), linux-lts-trusty(12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiplevulnerabilities), linux-lts-vivid (14.04:multiple vulnerabilities), and lxc (14.04:regression in previous update).

The nomination process has begun for the 2015 election of the TechnicalAdvisory Board for the Linux Foundation. That election will happen onOctober 26 at the Kernel Summit in Seoul, South Korea. There are fivepositions to be filled; terms are for two years.

Ars Technica presentsa lengthy review of Android 6.0 "Marshmallow". "While this is a review of the final build of "Android 6.0," we're going to cover many of Google's apps along with some other bits that aren't technically exclusive to Marshmallow. Indeed, big chunks of "Android" don't actually live in the operating system anymore. Google offloads as much of Android as possible to Google Play Services and to the Play Store for easier updating and backporting to older versions, and this structure allows the company to retain control over its open source platform. As such, consider this a look at the shipping Google Android software package rather than just the base operating system. "Review: New Android stuff Google has released recently" would be a more accurate title, though not as catchy."

Arch Linux has updated hostapd(multiple vulnerabilities) and libunwind (denial of service).Fedora has updated activemq (F22:information disclosure), bind (F21: denialof service), jenkins-script-security-plugin(F22: unspecified vulnerability), kernel (F22; F21:denial of service), libwmf (F22: twovulnerabilities), scap-security-guide (F22; F21:unspecified vulnerability), seamonkey (F22; F21:multiple vulnerabilities), thunderbird(F22: multiple vulnerabilities), and xen (F22; F21:multiple vulnerabilities).Mageia has updated chromium-browser (MG5: information disclosure)and gdk-pixbuf2.0 (MG5: two vulnerabilities).openSUSE has updated phpMyAdmin(13.2, 13.1: guessable user credentials).Ubuntu has updated oxide-qt(15.04, 14.04: information disclosure), thunderbird (15.04, 14.04, 12.04: multiplevulnerabilities), and firefox (15.04,14.04, 12.04: regression in previous update).

Sarah Sharp has madeofficial her departure from the kernel development community. "Ididn’t take the decision to step down lightly. I felt guilty, for a longtime, for stepping down. However, I finally realized that I could no longercontribute to a community where I was technically respected, but I couldnot ask for personal respect. I could not work with people who helpfullyencouraged newcomers to send patches, and then argued that maintainersshould be allowed to spew whatever vile words they needed to in order tomaintain radical emotional honesty. I did not want to work professionallywith people who were allowed to get away with subtle sexist or homophobicjokes. I feel powerless in a community that had a 'Code of Conflict'without a specific list of behaviors to avoid and a community with no teethto enforce it."