Hírolvasó

Andrew 'bunnie' Huang has posted a detailed article on why creating trustable hardware is so difficult and describing a project he's working on to do it anyway. "While open hardware has the opportunity to empower users to innovate and embody a more correct and transparent design intent than closed hardware, at the end of the day any hardware of sufficient complexity is not practical to verify, whether open or closed. Even if we published the complete mask set for a modern billion-transistor CPU, this 'source code' is meaningless without a practical method to verify an equivalence between the mask set and the chip in your possession down to a near-atomic level without simultaneously destroying the CPU."

Security updates have been issued by CentOS (firefox, fribidi, nss, nss-softokn, nss-util, openslp, and thunderbird), Debian (opensc), and Mageia (389-ds-base, apache, apache-mod_auth_openidc, kernel, libofx, microcode, php, and ruby).

Security updates have been issued by CentOS (freetype, kernel, nss, nss-softokn, nss-util, and thunderbird), Mageia (ghostpcl, libmirage, and spamassassin), Oracle (fribidi), and SUSE (mariadb-100, shibboleth-sp, and slurm).

Security updates have been issued by Debian (cups, cyrus-sasl2, tightvnc, and x2goclient), Fedora (cacti and cacti-spine), openSUSE (mariadb and samba), Oracle (fribidi, git, and python), Red Hat (fribidi, libyang, and qemu-kvm-rhev), Slackware (openssl and tigervnc), and SUSE (firefox, nspr, nss and kernel).

The third 5.5 kernel prepatch is out; it was a bit bigger than Linus would have liked. "Anyway, I'm hoping rc3 is a one-off. In fact, with the holiday season coming up, I'd be very surprised indeed if it wasn't. So I suspect things will calm down a lot over the next couple of weeks, but please do use the down-time to do some extra testing instead, ok?"

The 5.4.6, 4.19.91, 4.14.160, 4.9.207, and 4.4.207 stable kernel updates have all been released; each contains another set of important fixes.

The Linux control-group mechanism was designed to make it easy to assign processes to groups or move them around; it is a simple matter of writing a process ID to the appropriate cgroup.procs file in the control-group filesystem hierarchy. That only works for processes that actually exist, though. Adding the ability to place a new process into a control group at birth is the subject of this patch set from Christian Brauner.

Michał Górny describes an effort to create something one might have never expected to see: a binary kernel package for the Gentoo distribution. "I have manually configured the kernels for my private systems long time ago. Today, I wouldn’t really have bothered. In fact, I realized that for some time I’m really hesitant to even upgrade them because of the effort needed to update configuration. The worst part is, whenever a new kernel does not boot, I have to ask myself: is it a real bug, or is it my fault for configuring it wrong?"

Security updates have been issued by Debian (cyrus-imapd and gdk-pixbuf), Fedora (cacti, cacti-spine, and fribidi), Red Hat (fribidi, git, and openstack-keystone), Scientific Linux (fribidi), Slackware (wavpack), and SUSE (firefox, kernel, mariadb, spectre-meltdown-checker, and trousers).

Version 3.11 of the lightweight Alpine Linux distribution is available. Changes include the 5.4 kernel, Raspberry Pi 4 support, GNOME and KDE support, and the deprecation of Python 2.