Kernel prepatch 4.18-rc5

The 4.18-rc5 kernel prepatch has been
released. “For some reason this week actually felt very busy, but
the rc5 numbers show otherwise. It’s all small and calm, and things are
progressing nicely.

Source: LWN

[$] Tracking pressure-stall information

All underutilized systems are essentially the same, but each overutilized
system tends to be overloaded in its own way. If one’s goal is to
maximize the use of the available computing resources, overutilization
tends not to be too far away, but when it happens, it can be hard to tell
where the problem is. Sometimes, even the fact that there is a problem at
all is not immediately apparent. The
pressure-stall information patch set
from Johannes Weiner may make life
easier for system
administrators by exposing more information about the real utilization
state of the system.

Source: LWN

Security updates for Friday

Security updates have been issued by Debian (cinnamon), Fedora (docker, firefox, jetty, and knot-resolver), Oracle (gnupg2), Scientific Linux (gnupg2), SUSE (gdk-pixbuf, java-1_8_0-openjdk, libopenmpt, php7, and rsyslog), and Ubuntu (dns-root-data, dnsmasq, and thunderbird).

Source: LWN

Guido van Rossum resigns as Python leader

Python creator and Benevolent Leader for Life Guido van Rossum has decided,
in the wake of the difficult PEP 572 discussion, to step down from his
leadership of the project. “Now that PEP 572 is done, I don’t ever want to have to fight so hard for a
PEP and find that so many people despise my decisions.

I would like to remove myself entirely from the decision process. I’ll
still be there for a while as an ordinary core dev, and I’ll still be
available to mentor people — possibly more available. But I’m basically
giving myself a permanent vacation from being BDFL, and you all will be on
your own.“

Source: LWN

[$] Six (or seven) new system calls for filesystem mounting

Mounting filesystems is a complicated business. The kernel supports a wide
variety of filesystem types, and each has its own,
often extensive set of options. As a result, the mount()
system call
is complex, and the list of mount
options
is a rather long read. But even with all of that complexity,
mount() does not do everything that users would like. For
example, the options for a mount operation must all fit within a single
4096-byte page — the fact that this is a problem for some users is
illustrative in its own right. The
problems with mount() have come up at various meetings, including
at the 2018 Linux Storage, Filesystem, and
Memory-Management Summit
. A set
of patches
implementing a new approach is getting closer to being
ready, but it features some complexity of its own and there are some
remaining concerns about the proposed system-call API.

Source: LWN

Security updates for Thursday

Security updates have been issued by Arch Linux (qutebrowser), CentOS (firefox), Debian (ruby-sprockets), Fedora (botan2, git-annex, kernel, kernel-tools, and visualboyadvance-m), Mageia (chromium-browser-stable, graphviz, mailman, nikto, perl-Archive-Zip, redis, and w3m), openSUSE (nextcloud), Oracle (gnupg2), Red Hat (flash-plugin, gnupg2, and kernel), Slackware (bind and curl), SUSE (java-1_8_0-openjdk, php7, rsyslog, slurm, and ucode-intel), and Ubuntu (cups, libpng, and libpng, libpng1.6).

Source: LWN

[$] Signing and distributing Gentoo

The compromise of the Gentoo’s GitHub
mirror was certainly embarrassing, but its overall impact on Gentoo users
was likely fairly limited. Gentoo and GitHub responded
quickly and forcefully
to the breach, which greatly limited the damage
that could be done; the fact that it was a mirror and not the master copy
of Gentoo’s repositories made it relatively straightforward to recover
from. But the black eye that it gave the project has led some to consider ways
to make it even harder for an attacker to add malicious content to
Gentoo—even if the distribution’s own infrastructure were to be
compromised.

Source: LWN

[$] Emacs & TLS

A recent query about the status of network security (TLS settings in
particular) in
Emacs led to a long thread in the emacs-devel mailing list. That thread
touched on a number of different areas, including using OpenSSL (or other
TLS libraries) rather than
GnuTLS, what kinds of problems should lead to complaints out of the box, what settings should be the default, and when those settings could
change for Emacs so as not to discombobulate users. The latter issue is
one that lots of projects struggle with: what kinds of changes are
appropriate for a bug-fix release versus a feature release. For Emacs, its
lengthy development cycle, coupled with the perceived urgency of
security changes, makes that question even more difficult.

Source: LWN