Linux Weekly News

Ian Jackson (along with Sean Whitton) has posted a manifesto and status update to the effect that, since Git repositories have become the preferred method to distribute source, that is how Debian should be distributing its source packages.

Everyone who interacts with Debian source code should be able to do so entirely in git.

That means, more specifically:

1. All examination and edits to the source should be performed via normal git operations.
2. Source code should be transferred and exchanged as git data, not tarballs. git should be the canonical form everywhere.
3. Upstream git histories should be re-published, traceably, as part of formal git releases published by Debian.
4. No-one should have to learn about Debian Source Packages, which are bizarre, and have been obsoleted by modern version control.

This is very ambitious, but we have come a long way!

At Open Source Summit Japan 2025, Erin McKean talked about the challenges to producing good project documentation, along with some tooling that can help guide the process toward success. It is a problem that many projects struggle with and one that her employer, Google, gained a lot of experience with from its now-concluded Season of Docs initiative. Through that program, more than 200 case studies of documentation projects were gathered that were mined for common problems and solutions, which led to the tools and techniques that McKean described.

John Paul Adrian Glaubitz has announced that loong64 is now an official architecture for Debian, and will be part of the Debian 14 ("forky") release "if everything goes along as planned". This is a bit more than two years after the initial bootstrap of the architecture.

So far, we have manually built and imported an initial set of 112 packages with the help of the packages in Debian Ports. This was enough to create an initial chroot and set up the first buildd which is now churning through the build queue. Over night, the currently single buildd instance already built and uploaded 300 new packages.

Security updates have been issued by Debian (chromium, dropbear, mediawiki, php8.4, python-mechanize, rails, roundcube, usbmuxd, and wordpress), Fedora (cef, chromium, fonttools, gobuster, gosec, mingw-libpng, moby-engine, mqttcli, nextcloud, pgadmin4, python-unicodedata2, uriparser, and util-linux), Mageia (php and webkit2), Oracle (binutils, curl, gcc-toolset-13-binutils, gimp, git-lfs, kernel, openssh, php:8.3, podman, python-kdcproxy, python3.12, python3.9, skopeo, and webkit2gtk3), Red Hat (rsync), Slackware (php), SUSE (alloy, busybox, chromedriver, chromium, coredns-for-k8s, duc, firefox, kernel-devel, libpng16, libruby3_4-3_4, mariadb, netty, php8, python311-tornado6, rsync, taglib, and xen), and Ubuntu (linux-oracle-5.4, linux-raspi, linux-realtime-6.14, and linux-xilinx).

The 6.19-rc2 kernel prepatch is out for testing. "I obviously expect next week to be even quieter, with people being distracted by the holidays. So let's all enjoy taking a little break, but maybe break the boredom with some early rc testing?"

The 2025 election for members of the Linux Foundation Technical Advisory Board has concluded; the winners are Greg Kroah-Hartman, Steven Rostedt, Julia Lawall, David Hildenbrand, and Ted Ts'o.

The FreeBSD Foundation has a blog post about the progress it has made in 2025 on the Laptop Support & Usability Project for FreeBSD. The foundation committed $750,000 to the project in 2025 and has made progress on graphics drivers, Wi-Fi 4 and 5 support, audio improvements, sleep states, and more.

The installer for FreeBSD has gained a couple of new features that benefit laptop users. In 15.0 the installer now supports downloading and installing firmware packages after the FreeBSD base system installation is complete. Coming in 15.1 it will be possible to install the KDE graphical desktop environment during the installation process. Grateful thanks to Bjoern Zeeb and Alfonso Siciliano respectively. [...]

The project continues into 2026 with a similar sized investment and scope. Key targets include completing work on sleep states (modern standby and hibernate), adding support for graphics drivers up to Linux 6.18, Wi-Fi 6 support, USB4 and Thunderbolt support, HDMI improvements, UVC webcam support, and Bluetooth improvements.

A substantial testing program will also start in January, aiming to test all the functionality together across a range of hardware. Community testers are very welcome to help out, the Foundation will release a blog post and send an invite to help to the Desktop mailing list some time in January 2026.

The BPF verifier is complicated. It needs to check every possible path that a BPF program's execution could take. The fact that its determination of whether a BPF program is safe is based on the whole lifetime of the program, instead of simple local factors, means that the cause of a verification failure is not always obvious. Ihor Solodrai and Jordan Rome gave a presentation (slides) at the 2025 Linux Plumbers Conference in Tokyo about the BPF verifier visualizer that they have been building to make diagnosing verification failures easier.

Security updates have been issued by Debian (roundcube), Fedora (checkpointctl, containernetworking-plugins, mingw-libpng, NetworkManager, php, python3-docs, python3.13, and webkitgtk), Oracle (kernel, keylime, and libssh), and SUSE (apache2, clair, colord, flannel, gnutls, golang-github-prometheus-alertmanager, grafana, grub2, helm, ImageMagick, libpng16, netty, openssl-3, postgresql13, postgresql14, postgresql15, python36, salt, uyuni-tools, and venv-salt-minion).

Stephen Rothwell, who has maintained the kernel's linux-next integration tree from its inception, has announced his retirement from that role:

I will be stepping down as Linux-Next maintainer on Jan 16, 2026. Mark Brown has generously volunteered to take up the challenge. He has helped in the past filling in when I have been unavailable, so hopefully knows what he is getting in to. I hope you will all treat him with the same (or better) level of respect that I have received.

It has been a long but mostly interesting task and I hope it has been helpful to others. It seems a long time since I read Andrew Morton's "I have a dream" email and decided that I could help out there - little did I know what I was heading for.

Over the last two decades or so, the kernel's development process has evolved from an unorganized mess with irregular releases to a smooth machine with a new release every nine or ten weeks. That would not have happened without linux-next; thanks are due to Stephen for helping to make the current process possible.

Linus Torvalds is famously averse to presenting prepared talks, but the wider community is always interested in what he has to say about the condition of the Linux kernel. So, for some time now, his appearances have been in the form of an informal conversation with Dirk Hohndel. At the 2025 Open Source Summit Japan, the pair followed that tradition for the 29th time. Topics covered include the state of the development process, what Torvalds actually does, and how machine-learning tools might fit into the kernel project.

Systemd v259 has been released. Notable changes include a new "--empower" option for run0 that provides elevated privileges to a user without switching to root, ability to propagate a user's home directory into a VM with systemd-vmspawn, and more. Support for System V service scripts has been deprecated, and will be removed in v260. See the release notes for other changes, feature removals, and deprecated features.

Greg Kroah-Hartman has announced the release of the 6.18.2, 6.17.13, and 6.12.63 stable kernels. As always, each contains important fixes throughout the tree. He notes that 6.17.13 is the last release of the 6.17.y kernel; users are advised to move to the 6.18.y kernel branch.

Security updates have been issued by AlmaLinux (kernel, keylime, mysql:8.4, and tomcat), Debian (c-ares and webkit2gtk), Fedora (brotli, cups, golang-github-facebook-time, nebula, NetworkManager, perl-Alien-Brotli, python-django4.2, python-django5, and vips), Red Hat (binutils, buildah, curl, go-toolset:rhel8, golang, grafana, multiple packages, php:8.3, podman, python3.12, python39:3.9, ruby:3.3, and skopeo), SUSE (buildah, cups, firefox, glib2, grub2, helm, icinga-php-library, icingaweb2, ImageMagick, imagemagick, kernel, libpng12, libpng16, mariadb, openssl-3, poppler, python39, usbmuxd, webkit2gtk3, wireshark, and xkbcomp), and Ubuntu (linux-azure-fips).

Inside this week's LWN.net Weekly Edition:

• Front: Civil Infrastructure Platform; COSMIC desktop; Calibre adds AI; Maintainer's Summit; ML tools for kernel development; linux-next; Rust in the kernel; kernel development tools; Linux process improvements; 6.19 merge window part 2.
• Briefs: capsudo; Asahi Linux 6.18; Pop!_OS 24.04; Vojtux; KDE Gear 25.12; Rust 1.92.0; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

After three years of development, Linux hardware provider System76 has declared the COSMIC desktop environment stable. It shipped COSMIC Epoch 1 as part of the long-awaited Pop!_OS 24.04 LTS release on December 11, just in time for Linux enthusiasts to have something to tinker with over the end-of-year holidays. With the stable release out the door, it seemed like a good time to check back in on COSMIC and see how it has evolved since the first alpha. For a first stable release of a new desktop environment, COSMIC shows a lot of promise and room to grow.

The Asahi Linux project has published its progress report following the release of Linux 6.18. This time around the project reports progress on many fronts, including microphone support for M2 Pro/Max MacBooks, work queued for Linux 6.19 to support USB3 via the USB-C ports, and work to improve the Asahi Linux installation experience. The project is also enabling as additional System Management Controller (SMC) drivers, which means that "the myriad voltage, current, temperature and power sensors controlled by the SMC will be readable using the standard hwmon interfaces".

The Civil Infrastructure Platform (CIP) first launched in that form in April 2016, so it has a tenth-anniversary celebration in its near future. At the 2025 Open Source Summit Japan, Yoshitake Kobayashi talked about the goals of this project and where it is headed in the future. Supporting a Linux system for even one year is a challenging task; maintaining that support for a decade or more is rather more so, and a changing regulatory environment complicates the task further.

Security updates have been issued by Debian (node-url-parse), Fedora (assimp, conda-build, mod_md, util-linux, and webkitgtk), Oracle (firefox), SUSE (chromium, librsvg, poppler, python311, qemu, strongswan, webkit2gtk3, wireshark, and xen), and Ubuntu (linux-azure, linux-azure-5.4, linux-azure-5.15, linux-azure-fips, and linux-raspi, linux-raspi-realtime, linux-xilinx).

Mozilla has announced a new CEO, Anthony Enzor-DeMeo. Prior to becoming CEO, Enzor-DeMeo was general manager of Firefox and led its "vision, strategy, and business performance". He has published a blog post about taking over from interim CEO Laura Chambers, and his plans for Mozilla and Firefox:

As Mozilla moves forward, we will focus on becoming the trusted software company. This is not a slogan. It is a direction that guides how we build and how we grow. It means three things.

• First: Every product we build must give people agency in how it works. Privacy, data use, and AI must be clear and understandable. Controls must be simple. AI should always be a choice — something people can easily turn off. People should know why a feature works the way it does and what value they get from it.
• Second: our business model must align with trust. We will grow through transparent monetization that people recognize and value.
• Third: Firefox will grow from a browser into a broader ecosystem of trusted software. Firefox will remain our anchor. It will evolve into a modern AI browser and support a portfolio of new and trusted software additions.