Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] Some 6.16 development statistics
The 6.16 development cycle was another busy one, with 14,639 non-merge changesets pulled into the mainline — just 18 commits short of the total for 6.15. The 6.16 release happened on July 27, as expected. Also as expected, LWN has put together its traditional look at where the code for this release came from.
[$] Smaller Fedora quality team proposes cuts
Fedora's quality team is looking to reduce the scope of test coverage and change the project's release criteria to drop some features from the list of release blockers. This is, in part, an exercise in getting rid of criteria, such as booting from optical media, that are less relevant. It is also a necessity, since the Red Hat team focusing on Fedora quality assurance (QA) is only half the size it was a year ago.
[$] Rethinking the Linux cloud stack for confidential VMs
There is an inherent limit to the privacy of the public cloud. While Linux can isolate virtual machines (VMs) from each other, nothing in the system's memory is ultimately out of reach for the host cloud provider. To accommodate the most privacy-conscious clients, confidential computing protects the memory of guests, even from hypervisors. But the Linux cloud stack needs to be rethought in order to host confidential VMs, juggling two goals that are often at odds: performance and security.
[$] Graphene OS: a security-enhanced Android build
People tend to put a lot of trust into their phones. Those devices have access to no end of sensitive data about our lives — our movements, finances, communications, and more — so phones belonging to even relatively low-profile people can be high-value targets. Android devices run free software, at least at some levels, so it should be possible to ensure that they are working in their owners' interests. Off-the-shelf Android installations tend to fall short of that goal. The GrapheneOS Android rebuild is an attempt to improve on that situation.
[$] LWN.net Weekly Edition for July 24, 2025
Posted Jul 24, 2025 0:15 UTC (Thu)The LWN.net Weekly Edition for July 24, 2025 is available.
Inside this week's LWN.net Weekly Edition
- Front: Debian's security processes; Tor; Immutability for Python; CPU scheduler; QUIC; Rust abstractions.
- Briefs: Brief news items from throughout the community.
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] Understanding Debian's security processes
Providing security updates for a Linux distribution, such as Debian, involves a lot of work behind the scenes—and requires much more than simply shipping the latest code. On July 15, at DebConf25 in Brest, France, Samuel Henrique walked through the process of providing security updates to users; he discussed how Debian learns about security vulnerabilities, decides on the best response, and the process of sending out updates to keep its users safe. He also provided guidance on how others could get involved.
[$] Deep immutability for Python
Python has recently seen a number of experiments to improve its parallel performance, including exposing subinterpreters as part of the standard library. These allow separate threads within the same Python process to run simultaneously, as long as any data sent between them is copied, rather than shared. PEP 795 ("Deep Immutability in Python") seeks to make efficient sharing of data between subinterpreters possible by allowing Python objects to be "frozen", so that they can be accessed from multiple subinterpreters without copying or synchronization. That task is more difficult than it seems, and the PEP prompted a good deal of skepticism from the Python community.
[$] QUIC for the kernel
The QUIC transport-layer network protocol is not exactly new; it was first covered here in 2013. Despite carrying a significant part of the traffic on the Internet, QUIC has been anything but quick when it comes to getting support into the Linux kernel. The pace might be picking up, though; Xin Long has posted the first set of patches intended to provide mainline support for this protocol.
[$] When free-software communities unite for privacy
At DebConf25 in Brest, France, the talk "When Free Software Communities Unite: Tails, Tor, and the Fight for Privacy" was delivered by a man who introduced himself only as intrigeri. He delivered an overview of the Tor Project, its mission, and the projects under the umbrella. He also spoke about how the organization depends on Debian, and plans for the software it delivers.
[$] How to write Rust in the kernel: part 3
The interfaces between C and Rust in the kernel have grown over time; any non-trivial Rust driver will use a number of these. Tasks like allocating memory, dealing with immovable structures, and interacting with locks are necessary for handling most devices. There are also many subsystem-specific bindings, but the focus this time will be on an overview of the bindings that all kernel Rust code can be expected to use.
Help for OpenPrinting needed
Till Kamppeter, co-founder and lead of the OpenPrinting project, has put out a call for sponsors after being laid off by Canonical:
I want to continue doing OpenPrinting for a living, and need a way to do so. I am currently working with the Linux Foundation to make OpenPrinting an [organization] which can receive sponsor funding. So now I am looking for sponsors.
Even greater would be, if independent of this somebody could hire me to continue OpenPrinting...
Security updates for Monday
Security updates have been issued by Debian (audiofile, libcaca, libetpan, libxml2, php7.4, snapcast, and thunderbird), Fedora (glibc, iputils, mingw-binutils, and thunderbird), Red Hat (kernel, kernel-rt, mod_auth_openidc, and mod_auth_openidc:2.3), SUSE (afterburn, apache2, atop, chromedriver, chromium, cloud-init, deepin-feature-enable, firefox, firefox-esr, grafana, grype-db, gstreamer-plugins-bad, javamail, jupyter-jupyterlab-templates, jupyter-nbdime, konsole, libetebase, libxmp, minio-client-20250721T052808Z, MozillaFirefox, MozillaFirefox-branding-SLE, opera, pdns-recursor, perl-Authen-SASL, polkit, python-Django, python3-pycares, python311-starlette, rpi-imager, ruby3.4-rubygem-thor, spdlog, thunderbird, varnish, viewvc, and xtrabackup), and Ubuntu (openjdk-21-crac).
LWN is back
The good folks at Linode still have not managed to fix whatever broke in their data center, so we are running on an emergency backup server. Things seem to be working, but the occasional glitch is to be expected. Please accept our apologies for the extended downtime!
Update: we're back on the regular production server, and all seems stable now.
The 6.16 kernel is out
Linus has released the 6.16 kernel:
It's Sunday afternoon, and the release cycle has come to an end. Last week was nice and calm, and there were no big show-stopper surprises to keep us from the regular schedule, so I've tagged and pushed out 6.16 as planned.
Headline changes in this release include enabling five-level page tables by default on x86 systems, a number of core-dump changes including the ability to send core dumps to a socket, the ability to create pipes in io_uring, atomic-write support in the XFS filesystem, the elimination of block-layer bounce buffering, a new DMA-mapping API, an option to block file descriptors passed in via Unix-domain sockets, and more.
See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 6.16 page for more information.
Security updates for Friday
Security updates have been issued by AlmaLinux (git, kernel, nginx:1.24, and sudo), Fedora (dpkg, java-21-openjdk, java-25-openjdk, java-latest-openjdk, and valkey), Oracle (apache-commons-vfs, sudo, tigervnc, and xorg-x11-server), Red Hat (kernel, krb5, and openssh), SUSE (gnutls, ImageMagick, iputils, kernel-livepatch-MICRO-6-0-RT_Update_10, kubernetes1.18, libarchive, ovmf, python, and salt), and Ubuntu (iputils, linux-aws-6.14, linux-raspi, openjdk-21, and openjdk-24).
Wayback 0.1 released
Version 0.1 of the Wayback project has been released:
Wayback is an X11 compatibility layer that allows for running full X11-only desktop environments using Wayland. It is essentially an X11 server backed by Wayland, leveraging wlroots and Xwayland. Our goal is for Wayback to eventually be a completely drop-in replacement to the Xorg binary, thus reducing maintenance burden for distro maintainers.
Ever since Wayback was announced on June 28, we have been making lots of progress to get it as stable and functional as possible, and while this is a preview release it is already daily-driveable by users with simple requirements, as long as they don't mind bugs.
The release is considered alpha-quality and is missing a number of features, including multi-monitor support and DPMS, but adventurous users can find the code here.
Four new stable kernels
The 6.15.8, 6.12.40, 6.6.100, and 6.1.147 stable kernels have been released. Each contains important fixes throughout the kernel tree, as usual.
Security updates for Thursday
Security updates have been issued by Debian (chromium, firefox-esr, and mediawiki), Fedora (firefox), Oracle (git, kernel, redis, and sudo), Red Hat (aardvark-dns, firefox, kernel, and thunderbird), Slackware (httpd), SUSE (php7, php8, and salt), and Ubuntu (linux-raspi-realtime and ruby-rack).
Discovering and recovering from PostgreSQL corruption on Matrix.org
Richard van der Hoff, a member of the team that runs the Matrix.org homeserver, has written a detailed blog post about diagnosing and fixing a problem where Matrix rooms would simply stop working:
We know that there are plenty of users out there who will have been affected by the problem, and found themselves unable to communicate as a result. We very much share your frustration, and we'd like to apologise for the disruption to service.
With that said, we're glad that we were able to get to the bottom of most of the problem, and get the lost data restored within a relatively short time. If nothing else, hopefully this blog post will be of use to future generations faced with Postgres index corruption!
An update on Home Assistant's Android app
The Home Assistant project has published an update on improvements in its Android app, and plans for upcoming releases:
In our latest update of the Android app 2025.7.1, we've added a couple of useful features. Including a new basic invite flow, which will be shared between Android and iOS, adding a good layer of consistency between our most-used companion apps. The idea is to make it much more seamless to add new users or set up new devices (no need to type the URL in your Android Automotive device!).
We've also made My Links work better. If you're unfamiliar with My Links, they're those cool links (that anyone can make) that bring you right to an integration, blueprint, add-on, or settings page. They have always worked great on desktop, but up until recently, they were a bit clunky to use on mobile. Now you can get to the link's destination with a single click.
LWN looked at Home Assistant in May.