Feed aggregator

Mauna Linux is a Brazilian desktop Linux distribution based on Debian's "stable" branch. The project offers a set of live images with four desktop environments - Cinnamon, LXQt, MATE and Xfce, plus a separate "Christian Edition" which includes the Bible and various applications meant for use in churches. Some of the distribution's main features include the Calamares system installer, a software store with hundreds of applications maintained by Debian and Mauna Linux, a software manager and updater, and an out-of-the box support for the Portuguese language. The goal of Mauna Linux is to develop a distribution that is easy to use, practical and robust, and which would complement the existing Linux user communities in Brazil and abroad.

Efforts to introduce malicious code into the open-source supply chain have been on the rise in recent years, and there is no indication that they will abate anytime soon. These attacks are often found quickly, but not quickly enough to prevent the compromised code from being automatically injected into other projects or code deployed by users where it can wreak havoc. One method of avoiding supply-chain attacks is to add a delay of a few days before pulling upates in what is known as a "dependency cooldown". That tactic is starting to find favor with users and some language ecosystem package managers. While this practice is considered a reasonable response by many, others are complaining that those employing dependency cooldowns are free-riding on the larger community by letting others take the risk.

In Rust, types either possess a constant size known at compile time, or a dynamically calculated size known at run time. That is fine for most purposes, but recent proposals for the language have shown the need for a more fine-grained hierarchy. RFC 3729 from David Wood and Rémy Rakic would add a hierarchy of traits to describe types with sizes known under different circumstances. While the idea has been subject to discussion for many years, a growing number of use cases for the feature have come to light.

Version 2.26.0 of the LilyPond music-engraving program has been released. Major changes include the ability to use the Cairo library to generate output and improvements in spacing between clefs and time signatures. See the release notes for a full list of miscellaneous improvements as well as what's new with musical and specialist notation.

Greg Kroah-Hartman has announced the release of the 7.0.1, 6.19.14, 6.18.24, and 6.12.83 stable kernels. As usual, each contains important fixes throughout the tree. Users are encouraged to upgrade.

Security updates have been issued by Debian (firefox-esr, flatpak, ngtcp2, ntfs-3g, packagekit, python-geopandas, simpleeval, strongswan, and xdg-dbus-proxy), Fedora (chromium, cups, curl, jq, opkssh, perl-Net-CIDR-Lite, python-cbor2, python-pillow, tinyproxy, xdg-dbus-proxy, and xorg-x11-server-Xwayland), Slackware (libXpm and mozilla), SUSE (botan, chromium, clamav, cockpit, cockpit-machines, cockpit-packages, cockpit-podman, cockpit-subscriptions, dovecot24, firefox, flatpak, freeipmi, gdk-pixbuf, glibc, gnome-remote-desktop, go1.25, go1.26, go1.26-openssl, google-cloud-sap-agent, gosec, graphicsmagick, haproxy, kernel, libpng16, libraw, libtasn1, libvncserver, ncurses, nebula, nodejs24, openssl-3, ovmf, pam, pcre2, perl-Authen-SASL, pgvector, plexus-utils, podman, python-cbor2, python-cryptography, python-django, python-gi-docgen, python-pypdf2, python-python-multipart, python311, python311-PyPDF2, python313, qemu, roundcubemail, rust1.94, sqlite3, strongswan, systemd, tar, tigervnc, util-linux, vim, webkit2gtk3, xorg-x11-server, xwayland, and zlib), and Ubuntu (commons-io, libcap2, ntfs-3g, and rapidjson).

Version:next-20260422 (linux-next) Released:2026-04-22

Version:7.0.1 (stable) Released:2026-04-22 Source:linux-7.0.1.tar.xz PGP Signature:linux-7.0.1.tar.sign Patch:full ChangeLog:ChangeLog-7.0.1

Version:6.19.14 (EOL) (stable) Released:2026-04-22 Source:linux-6.19.14.tar.xz PGP Signature:linux-6.19.14.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.19.14

Version:6.18.24 (longterm) Released:2026-04-22 Source:linux-6.18.24.tar.xz PGP Signature:linux-6.18.24.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.24

Version:6.12.83 (longterm) Released:2026-04-22 Source:linux-6.12.83.tar.xz PGP Signature:linux-6.12.83.tar.sign ChangeLog:ChangeLog-6.12.83

Redcore Linux explores the idea of bringing the power of Gentoo Linux to the masses. It aims to be a very quick way to install a pure Gentoo Linux system without spending hours or days compiling from source code, and reading documentation. To achieve this goal, Redcore provides a repository with pre-built binary packages which receives continuous updates, following a rolling release model.

There are a number of ongoing efforts to remove kernel code, mostly from the networking subsystem, as an alternative to dealing with the increase in security-bug reports from large language models. The proposed removals include ISA and PCMCIA Ethernet drivers, a pair of PCI drivers, the ax25 and amateur radio subsystem, the ATM protocols and drivers, and the ISDN subsystem.

Remove the amateur radio (AX.25, NET/ROM, ROSE) protocol implementation and all associated hamradio device drivers from the kernel tree. This set of protocols has long been a huge bug/syzbot magnet, and since nobody stepped up to help us deal with the influx of the AI-generated bug reports we need to move it out of tree to protect our sanity.

This Firefox blog post reports that the Firefox 150 release includes fixes for 271 vulnerabilities found by the Claude Mythos preview.

Elite security researchers find bugs that fuzzers can't largely by reasoning through the source code. This is effective, but time-consuming and bottlenecked on scarce human expertise. Computers were completely incapable of doing this a few months ago, and now they excel at it. We have many years of experience picking apart the work of the world's best security researchers, and Mythos Preview is every bit as capable. So far we've found no category or complexity of vulnerability that humans can find that this model can't.

This can feel terrifying in the immediate term, but it's ultimately great news for defenders. A gap between machine-discoverable and human-discoverable bugs favors the attacker, who can concentrate many months of costly human effort to find a single bug. Closing this gap erodes the attacker's long-term advantage by making all discoveries cheap.

CentOS as a group is a community of open source contributors and users which started in 2003 and has been sponsored by Red Hat since 2014. CentOS Linux versions up to CentOS Linux 8 are 100% compatible rebuilds of Red Hat Enterprise Linux, in full compliance with Red Hat's redistribution requirements. In 2020 it was announced CentOS Linux is being discontinued and replaced with CentOS Stream, a developer-focused distribution which acts as a middle-stream between Fedora and Red Hat Enterprise Linux.

The Fedora Project has been wrestling with the question of who should be able to vote in Fedora elections recently, with project membership being a major topic at the Fedora Council face-to-face held in early February. Now the project is considering a new contributor status, "Fedora Verified", and is looking to get input on the idea from the community.

What are the proposed benefits? The primary motivation behind "Fedora Verified" is to build trust-based recognition that grants elevated, privileged rights within the project. Most notably, this status would determine eligibility for strategic governance activities, such as:

• Voting in Fedora community elections.
• Running for leadership or decision-making roles within the project (i.e., Fedora Council, FESCo, Mindshare Committee, EPEL Steering Committee).
• (Potential, unplanned) Accessing specific shared project resources or educational opportunities (e.g., Red Hat training credits).

The blog post includes a list of proposed baseline metrics for "Verified" status as well as open questions to be decided. A survey on the topic will be open until May 5.

TUXEDO OS is an Ubuntu-based distribution developed in Germany by TUXEDO Computers GmbH, designed and optimised for the company's own range of Linux-friendly personal computers and notebooks. The distribution uses KDE Plasma as the preferred desktop. Some of the differences between Ubuntu and TUXEDO OS include custom boot menu, the TUXEDO Control Centre, Calamares installer, availability of the Lutris open gaming platform, preference for the PipeWire audio daemon (over PulseAudio), removal of Ubuntu's snap daemon and snap packages, and various other tweaks and enhancements.

GNU/Linux KDu is a Brazilian desktop Linux distribution based on Ubuntu and KDE neon. It features a customised KDE Plasma desktop and a large collection of software applications for daily and technical use, including office and productivity suites, various maintenance, data recovery and hardware diagnostic utilities, as well as tools for remote access and virtualisation. The distribution is localised into Brazilian Portuguese, inclusive of Brazilian data formats, and is suitable for both new and advanced Linux users.

StormOS is a desktop-oriented Linux distribution based on Arch Linux. The project's goal is to build an operating system which is easy-to-install, beginner-friendly and usable out of the box in order to attract new users over to the world of Arch Linux.

Version:next-20260421 (linux-next) Released:2026-04-21