Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 9 perc 29 másodperc
Ian Jackson has announced his immediate resignation from the Debian technical committee. "While it is important that the views of the 30-40% of the project who agree with me should continue to be represented on the TC, I myself am clearly too controversial a figure at this point to do so. I should step aside to try to reduce the extent to which conversations about the project's governance are personalised. And, speaking personally, I am exhausted." (Thanks to Mattias Mattsson).
The preliminary results have been announced for the Debian general resolution on init system coupling. The winning option was #4, the one saying that no general resolution is required in this situation. So there will be no change in Debian policy resulting from this vote.
The Electronic Frontier Foundation (EFF) is helping to launch a new non-profit organization that will offer free server certificates beginning in summer 2015. "Let's Encrypt is a new free certificate authority, which will begin issuing server certificates in 2015. Server certificates are the anchor for any website that wants to offer HTTPS and encrypted traffic, proving that the server you are talking to is the server you intended to talk to. But these certificates have historically been expensive, as well as tricky to install and bothersome to update. The Let's Encrypt authority will offer server certificates at zero cost, supported by sophisticated new security protocols. The certificates will have automatic enrollment and renewal, and there will be publicly available records of all certificate issuance and revocation." Let's Encrypt will be overseen by the Internet Security Research Group (ISRG), a California public benefit corporation.
Red Hat has updated bash Shift_JIS (RHEL5.9: multiple vulnerabilities).
Scientific Linux has updated mariadb (SL7: multiple vulnerabilities).
SUSE has updated flash-player (SLED11 SP3: multiple vulnerabilities).
Ubuntu has updated mountall (14.10: privilege escalation).
SUSE has announced that it is now using kGraft to make live kernel patches available for its enterprise distribution. "Unlike some other Linux kernel live patching technologies, SUSE Linux Enterprise Live Patching doesn't require stopping the whole system while it performs the patching. And because it is a fully open source solution, it allows for easy code review of the patch sources. SUSE is engaging with the upstream community to help ensure a sustainable future for kernel live patching on Linux in general and SUSE Linux Enterprise specifically."
Opensource.com covers the founding of the Open Source Seed Initiative (OSSI) and its continuing efforts to apply the concepts of open-source to plant breeding, in an increasingly patent encumbered space. "OSSI’s de facto leader is Jack Kloppenburg, a social scientist at the University of Wisconsin who has been involved with issues concerning plant genetic resources since the 1980s. He has published widely about the concept behind OSSI, and his words are now echoed (even copied verbatim) by public plant-breeding advocates in Germany, France, and India. As he explains it, for most of human history, seeds have naturally been part of the commons—those natural resources that are inherently public, like air or sunshine. But with the advent of plant-related intellectual property and the ownership it enables, this particular part of the commons has become a resource to be mined for private gain. Thus the need for a protected commons—open source seed. Inspired by open source software, OSSI’s idea is to use “the master’s tools” of intellectual property, but in ways the master never intended: to create and enforce an ethic of sharing."
Colin Watson announced his resignation from the Debian Technical Committee before Russ. "I appreciate that the timing is such that this looks like a response to Joey's mails, or perhaps to some other recent discussions. That isn't the case. I've been doing a good deal of refactoring of my life recently as a result of realising that I was burning out, and right now it's important that I make an effort to spend my Debian time on things I find relaxing rather than things I've been finding stressful." (Thanks to Jeff Schroeder)
Debian has updated libgcrypt11 (side-channel attack).
Gentoo has updated wget (symlink attack).
Mageia has updated dbus (denial of service), gnutls (code execution), kernel (MG4; MG3: multiple vulnerabilities), kernel-linus (MG4; MG3: multiple vulnerabilities), kernel-tmb (MG4; MG3: multiple vulnerabilities), and kernel-vserver (MG4: multiple vulnerabilities).
Scientific Linux has updated mysql55-mysql (SL5: multiple vulnerabilities).
Slackware has updated mozilla (multiple vulnerabilities).
Another resignation in the Debian camp: Russ Allbery has become the second member of the project's technical committee to leave that committee. "I think project governance is a hard problem, and a worthwhile problem, and I hope that someone with good ideas will step forward and work on that problem. Debian is one of the largest free software projects, and one that faces a large number of hard decisions. If we can do that work well, it would be a valuable contribution to the broader community. But, right now, I don't feel like I'm helping that process, and at times am making it worse."
Here are Tollef Fog Heen's comments following his resignation as one of the systemd maintainers in Debian. "I've been a DD for almost 14 years, I should be able to weather any storm, shouldn't I? It turns out that no, the mountain does get worn down by the rain. It's not a single hurtful comment here and there. There's a constant drum about this all being some sort of conspiracy and there are sometimes flares where people wish people involved in systemd would be run over by a bus or just accusations of incompetence."
Linus has released the 3.18-rc5 prepatch. "So we still have a few pending issues, but things look fairly normal. We've still got a few weeks to go before final, and the more you can test, the better off we'll be."
CyanogenMod has announced a new milestone release of the 11.0 "KitKat" branch. The announcement also looks forward to the 12.0 "Lollipop" branch. "No doubt the big news at the beginning of November was the release of the Android 5.0 Lollipop source code. AOSP began seeing the code on the 3rd, and completed the majority of the push on the 4th, with some remaining stragglers seeing code uploaded midday on the 12th. Work on CM12 began in earnest at the end of last week, and you can now successfully sync and build the work in progress against a handful of devices."
Greg Kroah-Hartman has released three stable kernels; 3.17.3, 3.14.24, and 3.10.60. All of them contain lots of important fixes throughout the tree.
Mageia has updated claws-mail (M4: SSL certificate verification botch), curl (information leak), flash-player-plugin (many vulnerabilities), getmail (three vulnerabilities), kdebase4-workspace (M3: privilege escalation), libreoffice (M4; M3: two vulnerabilities), and ruby (denial of service).
openSUSE has updated openssl (13.2: multiple vulnerabilities).
Three security-oriented Linux distributions are compared and contrasted over at Lifehacker. The three (Tails, Kali Linux, and Qubes OS) have distinct use cases that are surveyed in the article. "The crux of Tails is anonymity. While it has cryptographic tools in place, its main purpose is to anonymize everything you're during online. This is great for most people, but it doesn't give you the freedom to do stupid things. If you log into your Facebook account under your real name, it's still going to be obvious who you are and remaining anonymous on an online community is a lot harder than it seems."
Over on the Mageia Blog, Rémi Verschelde explains why the Mageia 5 Beta 1 took a month and a half longer than planned—but is now available. Upgrading to RPM 4.12 during the release process caused some problems, but there were other troubles along the way. "Still, while fixing our core tools during this first mass rebuild, some important changes were made to our RPM setup. As a consequence, half of the rebuilt packages (the ones built before our RPM setup changes) were lacking some important metadata. We then decided to do a second mass rebuild in October, which went quite fine apart from some issues with the Java stack. It was already late October when the first Beta 1 ISOs could be spun and delivered to the QA team for pre-release testing." Beta 2 has been pushed back to December 16, with a final release of Mageia 5 expected on January 31.
Debian has updated iceweasel (multiple vulnerabilities).
Red Hat has updated flash-plugin (RHEL5&6: many vulnerabilities).
Ubuntu has updated qemu, qemu-kvm (multiple vulnerabilities).
The LWN.net Weekly Edition for November 13, 2014 is available.
Fedora has updated deluge (F20: deluge-web is vulnerable to POODLE), mokutil (F20; F19: multiple vulnerabilities), Pound (F20: multiple vulnerabilities), shim-signed (F20; F19: multiple vulnerabilities), and tnftp (F20: command execution).
openSUSE has updated ImageMagick (13.2, 13.1, 12.3: multiple vulnerabilities), konversation (13.2: information disclosure), libserf (13.2, 13.1, 12.3: man-in-the-middle attack), pidgin (13.2: multiple vulnerabilities), and sssd (13.2: restriction bypass).
SUSE has updated spacewalk-branding (SUSE Manager1.7: clarify CVE audit).
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Háztartásomban ... darab TV készülék található.
Csak az eredmény érdekel.
Összes szavazat: 815