Evans: A data model for Git (and other docs updates)
On her blog, Julia Evans writes about improving Git documentation, including a new data model man page she wrote with Marie LeBlanc Flanagan, and updates to the pages for several other Git sub-commands (add, checkout, push, and pull). As part of the process, she asked Git users to describe problems they had run into in the documentation, which helped guide the changes that she made.

I'm excited about this because understanding how Git organizes its commit and branch data has really helped me reason about how Git works over the years, and I think it's important to have a short (1600 words!) version of the data model that's accurate.

The "accurate" part turned out to not be that easy: I knew the basics of how Git's data model worked, but during the review process I learned some new details and had to make quite a few changes (for example how merge conflicts are stored in the staging area).

(Comment on this)

[$] READ_ONCE(), WRITE_ONCE(), but not for Rust
The READ_ONCE() and WRITE_ONCE() macros are heavily used
within the kernel; there are nearly 8,000 call sites for
READ_ONCE(). They are key to the implementation of many lockless algorithms and can be necessary for some
types of device-memory access. So one might think that, as the
amount of Rust code in the kernel increases, there would be a place for
Rust versions of these macros as well. The truth of the matter, though, is
that the Rust community seems to want to take a different approach to
concurrent data access.

(Comment on this)

Security updates for Friday
Security updates have been issued by Debian (pdfminer and vlc), Red Hat (kernel, kernel-rt, and microcode_ctl), Slackware (libtasn1), SUSE (apptainer, curl, ImageMagick, libpcap, libvirt, libwget4, php8, podman, python311-cbor2, qemu, and rsync), and Ubuntu (gnupg, gnupg2, gpsd, libsodium, and python-tornado).

(Comment on this)

Gentoo looks back on 2025

Gentoo Linux has published a 2025 project retrospective that looks at how the community has evolved, changes to the distribution, infrastructure, and finances for the Gentoo Foundation.

Gentoo currently consists of 31663 ebuilds for 19174 different packages. For amd64 (x86-64), there are 89 GBytes of binary packages available on the mirrors. Gentoo each week builds 154 distinct installation stages for different processor architectures and system configurations, with an overwhelming part of these fully up-to-date.

The number of commits to the main ::gentoo repository has remained at an overall high level in 2025, with a slight decrease from 123942 to 112927. The number of commits by external contributors was 9396, now across 377 unique external authors.

(Comment on this)

Fedora Linux 43 election results

The Fedora Project has announced the results of the Fedora 43 election cycle. Five seats were open on the Fedora Engineering Steering Committee (FESCo), and the winners are Kevin Fenzi, Zbigniew Jędrzejewski-Szmek, Timothée Ravier, Dave Cantrell, and Máirín Duffy.

(Comment on this)

[$] SFC v. VIZIO: who can enforce the GPL?

The Software Freedom Conservancy (SFC) is suing VIZIO over smart TVs that include software licensed under the GPL and LGPL (including the Linux kernel, FFmpeg, systemd, and others). VIZIO didn't provide the source code along with the device, and on request they only provided some of it. Unlike a typical lawsuit about enforcing the GPL, the SFC isn't suing as a copyright holder; it's suing as a normal owner of the TV in question. This approach opens some important legal questions, and after years of pre-trial maneuvering (most recently resulting in a ruling related to signing keys that is the subject of a separate article), we might finally obtain some answers when the case goes to trial on January 12. As things stand, it seems likely that the judge in the case will rule that that the GPL-enforcement lawsuits can be a matter of contract law, not just copyright law, which would be a major change to how GPL enforcement works.

(Comment on this)

[$] GPLv2 and installation requirements
On December 24 2025, Linus Torvalds posted a strongly
worded message celebrating a ruling in
the ongoing GPL-compliance lawsuit filed
against VIZIO by the Software Freedom Conservancy (SFC). This case and
Torvalds's response have put a spotlight on an old debate over the extent
to which the source-code requirements of the GNU
General Public License (version 2) extend to keys and other data
needed to successfully install modified software on a device. It is worth
looking at whether this requirement exists, the subtleties in
interpretation that cloud the issue, and the extent to which, if any, the
SFC is demanding that information.

(Comment on this)

Two new stable kernels
Greg Kroah-Hartman has released the 6.18.4 and 6.12.64 stable kernels. As always, each contains important fixes throughout the tree. Users are advised to upgrade.</p>

(Comment on this)

European Commission issues call for evidence on open source

The European Commission has opened a "call for evidence" to help shape its European Open Digital Ecosystem Strategy. The commission is looking to reduce its dependence on software from non-EU countries:

The EU faces a significant problem of dependence on non-EU countries in the digital sphere. This reduces users' choice, hampers EU companies' competitiveness and can raise supply chain security issues as it makes it difficult to control our digital infrastructure (both physical and software components), potentially creating vulnerabilities including in critical sectors. In the last few years, it has been widely acknowledged that open source – which is a public good to be freely used, modified, and redistributed – has the strong potential to underpin a diverse portfolio of high-quality and secure digital solutions that are valid alternatives to proprietary ones. By doing so, it increases user agency, helps regain control and boost the resilience of our digital infrastructure.

The feedback period runs until midnight (Brussels time) February 3, 2026. The commission seeks input from all interested stakeholders, "in particular the European open-source community (including individual contributors, open-source companies and foundations), public administrations, specialised business sectors, the ICT industry, academia and research institutions".

(Comment on this)

[$] LWN.net Weekly Edition for January 8, 2026
Inside this week's LWN.net Weekly Edition:

• Front: What to expect in 2026; LAVD scheduler; libpathrs; Questions for the TAB; Graphite; 2025 timeline.
• Briefs: shadow-utils 4.19.0; Android releases; IPFire 2.29-199; Manjaro 26.0; curl strcpy(); GNU ddrescue 1.30; Ruby 4.0; Partial GPL ruling; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

(Comment on this)

Security updates for Thursday
Security updates have been issued by AlmaLinux (gcc-toolset-14-binutils, gcc-toolset-15-binutils, httpd, kernel, libpng, mariadb, mingw-libpng, poppler, python3.12, and ruby:3.3), Debian (foomuuri and libsodium), Fedora (python-pdfminer and wget2), Oracle (audiofile, bind, gcc-toolset-15-binutils, libpng, mariadb, mariadb10.11, mariadb:10.11, mariadb:10.5, mingw-libpng, poppler, and python3.12), Red Hat (git-lfs, kernel, libpng, libpq, mariadb:10.3, osbuild-composer, postgresql, postgresql:13, and postgresql:15), Slackware (curl), SUSE (c-ares-devel, capstone, curl, gpsd, ImageMagick, libpcap, log4j, python311-filelock, and python314), and Ubuntu (libcaca, libxslt, and net-snmp).

(Comment on this)

[$] Lessons from creating a gaming-oriented scheduler
At the 2025 Linux Plumbers
Conference (LPC), held in Tokyo in mid-December, Changwoo Min led a session on what
he has learned while developing the
"latency-criticality
aware virtual deadline" (LAVD) scheduler, which is aimed at gaming
workloads. The session was part of the Gaming
on Linux microconference, which is a new entrant into LPC; organizers
hope to see it return next year in
Prague and, presumably, beyond. LAVD uses the extensible scheduler class (sched_ext) and has
the primary goal of minimizing stuttering
in games;
it is implemented in a combination of BPF and Rust.

(Comment on this)

IPFire 2.29 Core Update 199 released

The IPFire project, an open-source firewall Linux distribution, has released version 2.29 - Core Update 199. Notable changes in this release include an update to Linux 6.12.58, support for WiFi 6 and 7 features on wireless access points, as well as native support for link-local discovery protocol (LLDP) and Cisco discovery protocol (CDP).

(Comment on this)

[$] 2025 Linux and free software timeline

Last year we revived the tradition of publishing a timeline of notable events from the previous year. Since that seemed to go over well, we decided we should continue the practice and look back on some of the most noteworthy events and releases of 2025.

(Comment on this)

Security updates for Wednesday
Security updates have been issued by AlmaLinux (resource-agents, ruby:3.3, thunderbird, and xorg-x11-server), Fedora (libpcap), Red Hat (brotli), Slackware (libsodium), SUSE (dcmtk, govulncheck-vulndb, libpcap, mozjs60, qemu, rsync, and usbmuxd), and Ubuntu (glib2.0 and linux-raspi, linux-raspi-5.4).

(Comment on this)

Google will now only release Android source code twice a year (Android Authority)
Android Authority reports that Google will be reducing the frequency of releases of code to the Android Open Source Project to only twice per year.

A spokesperson for Google offered some additional context on this decision, stating that it helps simplify development, eliminates the complexity of managing multiple code branches, and allows them to deliver more stable and secure code to Android platform developers. The spokesperson also reiterated that Google's commitment to AOSP is unchanged and that this new release schedule helps the company build a more robust and secure foundation for the Android ecosystem.

The release schedule for security patches is unchanged.

(Comment on this)

[$] Questions for the Technical Advisory Board

The nature and role of the Linux Foundation's Technical Advisory Board (TAB) is not well-understood, though a recent LWN article shed some light on its role and history. At the 2025 Linux Plumbers Conference (LPC), the TAB held a question and answer session to address whatever it was the community wanted to know (video). Those questions ended up covering the role of large language models in kernel development, what it is like to be on the TAB, how the TAB can help grease the wheels of corporate bureaucracy, and more.

(Comment on this)

[$] The difficulty of safe path traversal

Aleksa Sarai, as the maintainer of the runc container runtime, faces a constant battle against security problems. Recently, runc has seen another instance of a security vulnerability that can be traced back to the difficulty of handling file paths on Linux. Sarai spoke at the 2025 Linux Plumbers Conference (slides; video) about some of the problems runc has had with path-traversal vulnerabilities, and to ask people to please use libpathrs, the library that he has been developing for safe path traversal.

(Comment on this)

[$] LWN.net Weekly Edition for September 30, 2021
The LWN.net Weekly Edition for September 30, 2021 is available.

(Comment on this)

[$] Taming the BPF superpowers
Work toward the signing of BPF programs has
been finding its way into recent mainline kernel releases; it is intended
to improve security by limiting the BPF programs that can be successfully
loaded into the kernel. As John Fastabend described in his "Watching
the super powers" session at the 2021 Linux Plumbers Conference,
this new feature has the potential to completely break his tools. But
rather than just complain, he decided to investigate solutions; the result
is an outline for an auditing mechanism that brings greater flexibility to
the problem of controlling which programs can be run.

(Comment on this)