Feed aggregator

Linux containers have made it reasonably easy to develop, distribute, and deploy server applications along with all the distribution dependencies that they need. For example, anyone can deploy and run a Debian-based PostgreSQL container on a Fedora Linux host. Distrobox is a project that is designed to bring the cross-distribution compatibility to the desktop and allow users to mix-and-match Linux distributions without fussing with dual-booting, virtual machines, or multiple computers. It is an ideal way to install additional software on image-based systems, such as Fedora's Atomic Desktops or Bazzite, and also provides a convenient way to move a development environment or favorite applications to a new system.

Security updates have been issued by AlmaLinux (abrt and kernel), Debian (libpng1.6, libsoup2.4, pdns-recursor, webkit2gtk, and wordpress), Fedora (imhex, libwebsockets, lunasvg, python3-docs, and python3.14), Mageia (python3 and webkit2), Red Hat (abrt, firefox, mysql8.4, and postgresql:15), Slackware (mozilla), SUSE (gegl, gnutls, go1.24, go1.25, libpng16-16, openssh, postgresql13, python-Jinja2, and sssd), and Ubuntu (fonttools and netty).

postmarketOS is an Alpine-based Linux distribution for mobile devices and desktop computers. The project offers several mobile interfaces - including GNOME Mobile, Phosh, Plasma Mobile and Simple X Mobile (Sxmo). The distribution also offers a range of popular desktop environments, window managers and Wayland compositors for x86_64 and AArch64 computers, such as COSMIC, GNOME, KDE Plasma and Sway. The project aims to provide long-term support for a range of mobile devices, key among them the Librem 5 and the PinePhone, though others, traditionally Android devices, are also supported.

The topic of the Rust experiment was just discussed at the annual Maintainers Summit. The consensus among the assembled developers is that Rust in the kernel is no longer experimental — it is now a core part of the kernel and is here to stay. So the "experimental" tag will be coming off. Congratulations are in order for all of the Rust for Linux team.

(Stay tuned for details in our Maintainers Summit coverage.)

Version:next-20251210 (linux-next) Released:2025-12-10

Madrid_Linux, or MAX for short, is an GNU/Linux distribution created by the Council of Education of Madrid, Spain. It is a live operating system based on Ubuntu. Besides the ability to boot the operating system on any computer, the distribution includes a graphical installer with an option to resize FAT or NTFS partition and create space for installing MAX on a hard disk.

The Free Software Foundation has announced the recipients of its 2024 (even though 2025 is almost over) Free Software Awards. Andy Wingo won the award for the advancement of free software, Alx Sa is the outstanding new free-software contributor, and Govdirectory takes the award for projects of social benefit.

AerynOS is an independently-developed, rolling-release Linux distribution designed for general desktop use. Its main features include the GNOME desktop, a custom package manager called "moss", atomic updates with rollback options, a package build system called "boulder", and smart boot management with complex EFI configuration through a utility called "blsforme".

CentOS as a group is a community of open source contributors and users which started in 2003 and has been sponsored by Red Hat since 2014. CentOS Linux versions up to CentOS Linux 8 are 100% compatible rebuilds of Red Hat Enterprise Linux, in full compliance with Red Hat's redistribution requirements. In 2020 it was announced CentOS Linux is being discontinued and replaced with CentOS Stream, a developer-focused distribution which acts as a middle-stream between Fedora and Red Hat Enterprise Linux.

Whonix is an operating system focused on anonymity, privacy and security. It is based on the Tor anonymity network, Debian GNU/Linux and security by isolation. Whonix consists of two parts: One solely runs Tor and acts as a gateway, which is called Whonix-Gateway. The other, which is called Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. With Whonix, you can use applications and run servers anonymously over the Internet. DNS leaks are impossible, and even malware with root privileges cannot find out the user's real IP.

One of the things that has historically stood between Linux and the fabled "year of the Linux desktop" is its lack of support for video games. Many users who would have happily abandoned Windows have, reluctantly, stayed for the video games or had to deal with dual booting. In the past few years, though, Linux support for games—including those that only have Windows versions—has improved dramatically, if one is willing to put the pieces together. Bazzite, an image-based Fedora derivative, is a project that aims to let users play games and use the Linux desktop with almost no assembly required.

Version 146.0 of the Firefox web browser has been released. One feature of particular interest to Linux users is that Firefox now natively supports fractional scaled displays on Wayland. Firefox Labs has also been made available to all users even if they opt out of telemetry or participating in studies. "This means more experimental features are now available to more people."

This release also adds support for Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) for WebRTC. ML-KEM is "believed to be secure against attackers with large quantum computers". See the release notes for all changes.

Security updates have been issued by AlmaLinux (kernel, kernel-rt, and webkit2gtk3), Fedora (abrt and mingw-libpng), Mageia (apache and libpng), Oracle (abrt, go-toolset:rhel8, kernel, sssd, and webkit2gtk3), Red Hat (kernel and kernel-rt), SUSE (gimp, gnutls, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, and postgresql13), and Ubuntu (gnupg2, python-apt, radare2, and webkit2gtk).

Univention Corporate Server is an enterprise-class distribution based on Debian. It features an integrated management system for central administration of servers, Microsoft Active Directory-compatible domain services, and functions for parallel operation of virtualised server and desktop operating systems. UCS offers such features as a single sign-on portal and an app centre. One key component of UCS is the Identity and Access Management (IAM) utility which acts as a central solution for managing identities, roles, and groups. The integrated portal with Single Sign-On and self-service functions provides access to all IT services and applications and can work across blended Linux, Windows, and macOS networks.

Talos is a specialist Linux-based operating system for running Kubernetes, an open-source system for automating deployment, scaling and management of containerised applications. Minimal, immutable and hardened, it does not offer any shell or interactive console; instead, all system management is done via remote Application Programming Interface (API) calls, where messages sent from a client application are protected with mutual Transport Layer Security TLS (mTLS) authentication. Talos also delivers atomic updates, thus maintaining the Linux and Kubernetes versions up-to-date. Talos is developed in the USA by Sidero Labs, Inc.

Version:next-20251209 (linux-next) Released:2025-12-09

HackerOS is a live Linux distribution based on Debian's "Testing" branch and designed for regular users, gamers and cybersecurity enthusiasts. Some of its features include an optimised XanMod Linux kernel for faster boot times and reduced resource usage, out-of-the-box support for NVIDIA graphics cards, and a collection of cybersecurity tools, such as enhanced firewalls and intrusion detection software. The distribution uses the KDE Plasma desktop.

Kicksecure is a security-hardened Linux distribution based on Debian's "Stable" branch, with Xfce as the default desktop user interface. It is a hardened operating system designed to be resistant to viruses, malware and attacks, and extensively reconfigured in accordance with an advanced multi-layer defense model, thereby providing in-depth security. Kicksecure provides protection from many types of malware in its default configuration with no customization required.

The Internet Engineering Task Force (IETF) is the standards body responsible for the TLS encryption standard — which your browser is using right now to allow you to read LWN.net. As part of its work to keep TLS secure, the IETF has been entertaining proposals to adopt "post-quantum" cryptography (that is, cryptography that is not known to be easily broken by a quantum computer) for TLS version 1.3. Discussion of the proposal has exposed a large disagreement between participants who worried about weakened security and others who worried about weakened marketability.

Jon Seager, VP of engineering for Canonical, has announced a plan to develop a universal Public Key Infrastructure tool called upki:

Earlier this year, LWN featured an excellent article titled "Linux's missing CRL infrastructure". The article highlighted a number of key issues surrounding traditional Public Key Infrastructure (PKI), but critically noted how even the available measures are effectively ignored by the majority of system-level software on Linux.

One of the motivators for the discussion is that the Online Certificate Status Protocol (OCSP) will cease to be supported by Let's Encrypt. The remaining alternative is to use Certificate Revocation Lists (CRLs), yet there is little or no support for managing (or even querying) these lists in most Linux system utilities.

To solve this, I'm happy to share that in partnership with rustls maintainers Dirkjan Ochtman and Joe Birr-Pixton, we're starting the development of upki: a universal PKI tool. This project initially aims to close the revocation gap through the combination of a new system utility and eventual library support for common TLS/SSL libraries such as OpenSSL, GnuTLS and rustls.

No code is available as of yet, but the announcement indicates that upki will be available as an opt-in preview for Ubuntu 26.04 LTS. Thanks to Dirjan Ochtman for the tip.