Security updates for Tuesday

Security updates have been issued by Arch Linux (thunderbird), Debian (ruby-rack-protection), Fedora (firefox and soundtouch), Red Hat (kernel), Scientific Linux (gnupg2), SUSE (perl and python-paramiko), and Ubuntu (policykit-1).

Source: LWN

[$] Python post-Guido

The recent announcement by Guido van Rossum
that he was stepping away from
his “benevolent dictator for life” (BDFL) role for Python was met with some
surprise, but not much shock, at least in the core-developer community.
Van Rossum has been telegraphing some kind of change, at some unspecified
point, for several years now, though the proximate cause (the “PEP 572 mess“) is
unfortunate. In the meantime, though, the project needs to figure out
how to govern itself moving forward—Van Rossum did not appoint a successor
and has left the governance question up to the core developers.

Source: LWN

Security updates for Monday

Security updates have been issued by CentOS (firefox, gnupg2, kernel, python, and qemu-kvm), Debian (389-ds-base, cups, imagemagick, kernel, mailman, ruby2.1, sssd, thunderbird, and znc), Fedora (glpi, hadoop, kernel, rubygem-sprockets, singularity, thunderbird, wordpress, xapian-core, and xen), Mageia (cantata and flash-player-plugin), openSUSE (exiv2, libvorbis, nodejs6, nodejs8, openslp, singularity, slurm, and tiff), and SUSE (kernel-azure and openssl).

Source: LWN

Kernel prepatch 4.18-rc5

The 4.18-rc5 kernel prepatch has been
released. “For some reason this week actually felt very busy, but
the rc5 numbers show otherwise. It’s all small and calm, and things are
progressing nicely.

Source: LWN

[$] Tracking pressure-stall information

All underutilized systems are essentially the same, but each overutilized
system tends to be overloaded in its own way. If one’s goal is to
maximize the use of the available computing resources, overutilization
tends not to be too far away, but when it happens, it can be hard to tell
where the problem is. Sometimes, even the fact that there is a problem at
all is not immediately apparent. The
pressure-stall information patch set
from Johannes Weiner may make life
easier for system
administrators by exposing more information about the real utilization
state of the system.

Source: LWN

Security updates for Friday

Security updates have been issued by Debian (cinnamon), Fedora (docker, firefox, jetty, and knot-resolver), Oracle (gnupg2), Scientific Linux (gnupg2), SUSE (gdk-pixbuf, java-1_8_0-openjdk, libopenmpt, php7, and rsyslog), and Ubuntu (dns-root-data, dnsmasq, and thunderbird).

Source: LWN

Guido van Rossum resigns as Python leader

Python creator and Benevolent Leader for Life Guido van Rossum has decided,
in the wake of the difficult PEP 572 discussion, to step down from his
leadership of the project. “Now that PEP 572 is done, I don’t ever want to have to fight so hard for a
PEP and find that so many people despise my decisions.

I would like to remove myself entirely from the decision process. I’ll
still be there for a while as an ordinary core dev, and I’ll still be
available to mentor people — possibly more available. But I’m basically
giving myself a permanent vacation from being BDFL, and you all will be on
your own.“

Source: LWN

[$] Six (or seven) new system calls for filesystem mounting

Mounting filesystems is a complicated business. The kernel supports a wide
variety of filesystem types, and each has its own,
often extensive set of options. As a result, the mount()
system call
is complex, and the list of mount
options
is a rather long read. But even with all of that complexity,
mount() does not do everything that users would like. For
example, the options for a mount operation must all fit within a single
4096-byte page — the fact that this is a problem for some users is
illustrative in its own right. The
problems with mount() have come up at various meetings, including
at the 2018 Linux Storage, Filesystem, and
Memory-Management Summit
. A set
of patches
implementing a new approach is getting closer to being
ready, but it features some complexity of its own and there are some
remaining concerns about the proposed system-call API.

Source: LWN

Security updates for Thursday

Security updates have been issued by Arch Linux (qutebrowser), CentOS (firefox), Debian (ruby-sprockets), Fedora (botan2, git-annex, kernel, kernel-tools, and visualboyadvance-m), Mageia (chromium-browser-stable, graphviz, mailman, nikto, perl-Archive-Zip, redis, and w3m), openSUSE (nextcloud), Oracle (gnupg2), Red Hat (flash-plugin, gnupg2, and kernel), Slackware (bind and curl), SUSE (java-1_8_0-openjdk, php7, rsyslog, slurm, and ucode-intel), and Ubuntu (cups, libpng, and libpng, libpng1.6).

Source: LWN