Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] Indico: event management using Python
The Indico event-management tool has been in development at CERN for two decades at this point. The MIT-licensed web application helps organize conferences, meetings, workshops, and so on; it runs on Python and uses the Flask web framework. Two software engineers on the project, Dominic Hollis and Tomas Roun, came to EuroPython 2025 in Prague to talk about Indico, its history, and some metrics about its community. There is a bit of a connection between Indico and the conference: in 2006 and 2007, the tool was used to manage EuroPython.
[$] Possible paths for signing BPF programs
BPF programs are loaded directly into the kernel. Even though the verifier protects the kernel from certain kinds of misbehavior in BPF programs, some people are still justifiably concerned about adding unsigned code to their kernel. A fully correct BPF program can still be used to expose sensitive data, for example. To remedy this, Blaise Boscaccy and KP Singh have both shared patch sets that add ways to verify cryptographic signatures of BPF programs, allowing users to configure their kernels to load only pre-approved BPF programs. This work follows on from the discussion at the Linux Storage, Filesystem, Memory-Management, and BPF Summit (LSFMM+BPF) in April and Boscaccy's earlier proposal of a Linux Security Module (LSM) to accomplish the same goal. There are still some fundamental disagreements over the best approach to signing BPF programs, however.
[$] Arch shares its wiki strategy with Debian
The Arch Linux project is especially well-known in the Linux community for two things: its rolling-release model and the quality of the documentation in the ArchWiki. No matter which Linux distribution one uses, the odds are that eventually the ArchWiki's documentation will prove useful. The Debian project recognized this and has sought to improve its own documentation game by inviting ArchWiki maintainers Jakub Klinkovsky and Vladimir Lavallade to DebConf25 in Brest, France, to speak about how Arch manages its wiki. The talk has already borne fruit with the launch of an effort to revamp the Debian wiki.
[$] StarDict sends X11 clipboard to remote servers
StarDict is a GPLv3-licensed cross-platform dictionary application. It includes dictionaries for a number of languages, and has a rich plugin ecosystem. It also has a glaring security problem: while running on X11, using Debian's default configuration, it will send a user's text selections over unencrypted HTTP to two remote servers.
[$] The rest of the 6.17 merge window
The 6.17-rc1 prepatch was released by Linus Torvalds on August 10; the 6.17 merge window is now closed. There were 11,404 non-merge changesets pulled into the mainline this time around, a little over 7,000 of which came in after the first-half merge-window summary was written. As one would expect, quite a few changes and new features were included in that work.
[$] Treating Python's debugging woes
Debugging in Python is not like it is for some other languages, as there is no way to attach a debugger to a running program to try to diagnose its ills. Pablo Galindo Salgado noticed that when he started programming in Python ten years ago or so; it bugged him enough that he helped fill the hole. The results will be delivered in October with Python 3.14. At EuroPython 2025, he gave a characteristically fast-paced and humorous look at debugging and what will soon be possible for Python debugging—while comparing it all to medical diagnosis.
[$] On the use of LLM assistants for kernel development
By some appearances, at least, the kernel community has been relatively insulated from the onslaught of AI-driven software-development tools. There has not been a flood of vibe-coded memory-management patches — yet. But kernel development is, in the end, software development, and these tools threaten to change many aspects of how software development is done. In a world where companies are actively pushing their developers to use these tools, it is not surprising that the topic is increasingly prominent in kernel circles as well. There are currently a number of ongoing discussions about how tools based on large language models (LLMs) fit into the kernel-development community.
[$] LWN.net Weekly Edition for August 7, 2025
Posted Aug 7, 2025 0:51 UTC (Thu)The LWN.net Weekly Edition for August 7, 2025 is available.
Inside this week's LWN.net Weekly Edition
- Front: Don't fear the TPM; Python performance; Offensive Debian packages; NNCPNET; 6.17 Merge window; Transparent huge pages; SilverBullet.
- Briefs: AUR malware; Secure boot; kbuild and kconfig maintenance; GPU drivers; NVIDIA on AlmaLinux; Proxmox 9.0; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] Don't fear the TPM
There is a great deal of misunderstanding, and some misinformation, about the Trusted Platform Module (TPM); to combat this, Debian developer Jonathan McDowell would like to clear the air and help users understand what it is good for, as well as what it's not. At DebConf25 in Brest, France, he delivered a talk about TPMs that explained what they are, why people might be interested in using them, and how users might do so on a Debian system.
[$] Improving control over transparent huge page use
The use of huge pages can significantly increase the performance of many workloads by reducing both memory-management overhead in the kernel and pressure on the system's translation lookaside buffer (TLB). The addition of transparent huge pages (THP) for the 2.6.38 kernel release in 2011 caused the kernel to allocate huge pages automatically to make their benefits available to all workloads without any effort needed on the user-space side. But it turns out that use of huge pages can make some workloads slower as the result of internal memory fragmentation, so the THP feature is often disabled. Two patch sets aimed at better targeting the use of transparent huge pages are currently working their way through the review process.
NGINX adds native support for ACME protocol
NGINX has announced the preview release of the nginx-acme module, which adds native support to NGINX for the Automatic Certificate Management Environment (ACME) protocol:
NGINX's native support for ACME brings a variety of benefits that simplify and enhance the overall SSL/TLS certificate management process. Being able to configure ACME directly using NGINX directives drastically reduces manual errors and eliminates much of the ongoing overhead traditionally associated with managing SSL/TLS certificates. It also reduces reliance on external tools like Certbot, creating a more secure and streamlined workflow with fewer vulnerabilities and a smaller attack surface.
Go 1.25 released
Version 1.25 of Go has been released. Notable changes include support for generating debug information in the DWARF 5 format, "container awareness" when setting the maximum number of CPUs to be used, and a new testing/synctest package with support for testing concurrent code. See the release notes for a comprehensive list of changes in 1.25.
Syncthing 2.0 released
Version
2.0 of Syncthing, a
continuous file synchronization utility, has been released. Notable
changes in 2.0 include multiple connections for synchronizing metadata
and file data, a new logging format, as well as a switch from LevelDB
to SQLite for Syncthing's backend. This the first release in the 2.0
series, and the release notes advise users to "expect some rough
edges and keep a sense of adventure
".
Security updates for Wednesday
Security updates have been issued by Debian (apache2, kernel, linux-6.1, openjdk-17, and pgpool2), Fedora (glib2, matrix-synapse, openjpeg, python3-docs, and python3.13), Oracle (gdk-pixbuf2, glibc, java-1.8.0-openjdk, kernel, libxml2, python-requests, python3.11-setuptools, and thunderbird), SUSE (amber-cli, apache-commons-lang3, eclipse-jgit, go1.23, go1.24, govulncheck-vulndb, grub2, icinga2, kubernetes1.23, libgcrypt, python3, python313, sccache, slurm, tiff, and webkit2gtk3), and Ubuntu (linux-oracle).
Radicle 1.3.0 released
Version 1.3.0 of the Radicle distributed software forge system has been released. Changes this time around include canonical references, a new radicle-protocol crate, better log rotation, and more. (LWN looked at Radicle in 2024).
Security updates for Tuesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and python-requests), Debian (ca-certificates-java), Fedora (chromium, clash-meta, mingw-python3, openjpeg, php-adodb, and toolbox), Mageia (kernel and kernel-linus), SUSE (chromium, ImageMagick, libgcrypt, libssh, libxml2, opensc, postgresql14, and postgresql16), and Ubuntu (dnsmasq, linux-gcp-6.8, linux-raspi, linux-oracle-6.14, and openjdk-17).
Debian GNU/Hurd 2025 released
Debian's GNU/Hurd team has announced the release of Debian GNU/Hurd 2025:
This is a snapshot of Debian "sid" at the time of the stable Debian "Trixie" release (August 2025), so it is mostly based on the same sources. It is not an official Debian release, but it is an official Debian GNU/Hurd port release. [...]
Debian GNU/Hurd is currently available for the i386 and amd64 architectures with about 72% of the Debian archive, and more to come!
See the FAQ and configuration guide for more on the GNU/Hurd port.
Hughes: LVFS Sustainability Plan
Richard Hughes, creator and maintainer of the Linux Vendor Firmware Service (LVFS), has written a blog post about the sustainability plan he has put together for the service. He is calling for the vendors that use the service to help fund its development and maintenance going forward.
The Linux Foundation is kindly paying for all the hosting costs of the LVFS, and Red Hat pays for all my time — but as LVFS grows and grows that's going to be less and less sustainable longer term. We're trying to find funding to hire additional resources as a "me replacement" so that there is backup and additional attention to LVFS (and so that I can go on holiday for two weeks without needing to take a laptop with me).This year there will be a fair-use quota introduced, with different sponsorship levels having a different quota allowance. Nothing currently happens if the quota is exceeded, although there will be additional warnings asking the vendor to contribute. The "associate" (free) quota is also generous, with 50,000 monthly downloads and 50 monthly uploads. This means that almost all the 140 vendors on the LVFS should expect no changes.
(Thanks to Paul Wise.)
Security updates for Monday
Security updates have been issued by AlmaLinux (jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base and libxml2), Debian (distro-info-data, gnutls28, modsecurity-crs, and node-tmp), Fedora (chromium, incus, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, varnish, and xen), Red Hat (kernel, kernel-rt, and rhc), and SUSE (chromedriver, ffmpeg-4, go1.23, go1.24, go1.25, govulncheck-vulndb, himmelblau, iperf, keylime-ima-policy, net-tools, sqlite3, texmaker, tomcat, and zabbix).
Kernel prepatch 6.17-rc1
Linus has released 6.17-rc1 and closed the merge window for this development cycle.
Anyway, the merge window did end up looking fairly healthy, despite me having to go through a couple of bisections for trouble spots (one during travels with a laptop - not optimal, but thankfully it was at least one of the "reliable symptoms that bisect right to the culprit" kind). The stats look pretty normal both in patch size and in number of commits.
In the end, 11,404 non-merge changesets found their way into the mainline during the merge window.