Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] Questions for the Technical Advisory Board
The nature and role of the Linux Foundation's Technical Advisory Board (TAB) is not well-understood, though a recent LWN article shed some light on its role and history. At the 2025 Linux Plumbers Conference (LPC), the TAB held a question and answer session to address whatever it was the community wanted to know (video). Those questions ended up covering the role of large language models in kernel development, what it is like to be on the TAB, how the TAB can help grease the wheels of corporate bureaucracy, and more.
[$] The difficulty of safe path traversal
Aleksa Sarai, as the maintainer of the runc container runtime, faces a constant battle against security problems. Recently, runc has seen another instance of a security vulnerability that can be traced back to the difficulty of handling file paths on Linux. Sarai spoke at the 2025 Linux Plumbers Conference (slides; video) about some of the problems runc has had with path-traversal vulnerabilities, and to ask people to please use libpathrs, the library that he has been developing for safe path traversal.
[$] Predictions for the new year
The calendar has flipped over to 2026; a new year has begun. That means the moment we all dread has arrived: it is time for LWN to put out a set of lame predictions for what may happen in the coming year. Needless to say, we do not know any more than anybody else, but that doesn't stop us from making authoritative-sounding pronouncements anyway.
[$] An early look at the Graphite 2D graphics editor
Graphite is an effort to unify
illustration, raster editing, desktop publishing, and animation in one
browser-based application. The project has been in development since
2021 and announced its first alpha release in 2022. According to creator Keavon Chambers, the project's mission is to become
"the 2D counterpart to Blender
", by bringing a node-based,
non-destructive workflow to 2D graphics. The project, currently still in
alpha, is a long way from complete; but it is worth testing for anyone
involved with open-source-graphics production. Current
builds, from September 2025, include vector-illustration tools, a
node-based compositor, and early brush tooling, with broader pixel-based-
and photo-editing work still in progress.
[$] LWN.net Weekly Edition for December 25, 2025
Posted Dec 25, 2025 0:53 UTC (Thu)The LWN.net Weekly Edition for December 25, 2025 is available.
Inside this week's LWN.net Weekly Edition
- Front: 2025 retrospective; Dirk and Linus talk; successful open-source documentation projects; verifier-state pruning in BPF; Linux 32-bit timeline; BPF state visualizer; systemd v259.
- Briefs: linux-next maintainer; 2025 TAB; Git in Debian; Elementary OS 8.1; Qubes OS 4.3.0; GDB 17.1; Incus 6.20; systemd v259; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] A 2025 retrospective
Another year has reached its conclusion. That can only mean one thing: the time has come to take a look back at the predictions we made in January and evaluate just how badly they turned out. Much to our surprise, not all of our predictions were entirely accurate. It has been a wild year in the Linux community and beyond, to say the least.
[$] What's new in systemd v259
The systemd v259 release was announced on December 17, just three months after v258. It is a more modest release but still includes a number of important changes such as a new option for the run0 command (an alternative to sudo), ability to mount user home directories from the host in virtual machines, as well as under-the-hood changes with dlopen() for library linking, the ability to compile systemd with musl libc, and more.
[$] A high-memory elimination timeline for the kernel
Arnd Bergmann began his 2025 Linux Plumbers Conference session on the future of 32-bit support in the Linux kernel by saying that it was to be a followup to his September talk on the same topic. The focus this time, though, was on the kernel's "high memory" abstraction, and when it could be removed. It seems that the kernel community will need to support 32-bit systems for some time yet, even if it might be possible to remove some functionality, including support for large amounts of memory on those systems, more quickly.
[$] Verifier-state pruning in BPF
The BPF verifier works, on a theoretical level, by considering every possible path that a BPF program could take. As a practical matter, however, it needs to do that in a reasonable amount of time. At the 2025 Linux Plumbers Conference, Mahé Tardy and Paul Chaignon gave a detailed explanation (slides; video) of the main mechanism that it uses to accomplish that: state pruning. They focused on two optimizations that help reduce the number of paths the verifier needs to check, and discussed some of the complications the optimizations introduced to the verifier's code.
[$] Tools for successful documentation projects
At Open Source Summit Japan 2025, Erin McKean talked about the challenges to producing good project documentation, along with some tooling that can help guide the process toward success. It is a problem that many projects struggle with and one that her employer, Google, gained a lot of experience with from its now-concluded Season of Docs initiative. Through that program, more than 200 case studies of documentation projects were gathered that were mined for common problems and solutions, which led to the tools and techniques that McKean described.
Manjaro 26.0 released
Version 26.0 ("Anh-Linh") of the Arch-based Manjaro Linux distribution has been released. Manjaro 26.0 includes Linux 6.18, GNOME 49, KDE Plasma 6.5, Xfce 4.20, and more.
Security updates for Tuesday
Security updates have been issued by AlmaLinux (kernel, ruby, and thunderbird), Debian (libsodium and ruby-rmagick), Fedora (gnupg2 and proxychains-ng), Oracle (gcc-toolset-14-binutils, rsync, tar, and thunderbird), Red Hat (buildah, mariadb, mariadb10.11, podman, and tar), SUSE (alloy, apache2, buildah, erlang26, glib2, ImageMagick, kernel, libsoup, pgadmin4, python-tornado6, python3, python312, python313, qemu, webkit2gtk3, and xen), and Ubuntu (webkit2gtk).
GNU ddrescue 1.30 released
Version 1.30 of the GNU ddrescue data recovery tool has been released. Notable changes in this release include improvements to automatic recovery of a drive with a dead head, addition of a --no-sweep option to disable reading of skipped areas, and more.
Security updates for Monday
Security updates have been issued by AlmaLinux (tar), Debian (curl and gimp), Fedora (doctl, gitleaks, gnupg2, grpcurl, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, and usd), Mageia (cups), Red Hat (container-tools:rhel8, go-toolset:rhel8, grafana, and skopeo), and SUSE (dirmngr, fluidsynth, gnu-recutils, libmatio-devel, python311-marshmallow, python312-Django6, rsync, and thunderbird).
Kernel prepatch 6.19-rc4
The 6.19-rc4 kernel prepatch is out for testing.
So this rc is still a bit smaller than usual, but it's not _much_ smaller, and I think next week is likely going to be more or less back to normal.Which is all exactly as expected, and nothing here looks particularly odd. I'll make an rc8 this release just because of the time lost to the holidays, not because it looks like we'd have any particular issues pending (knock wood).
Kroah-Hartman: Linux kernel security work
Greg Kroah-Hartman has written an overview of how the kernel's security team works.
The members of the security team contain a handful of core kernel developers that have experience dealing with security bugs, and represent different major subsystems of the kernel. They do this work as individuals, and specifically can NOT tell their employer, or anyone else, anything that is discussed on the security alias before it is resolved. This arrangement has allowed the kernel security team to remain independent and continue to operate across the different governments that the members operate in, and it looks to become the normal way project security teams work with the advent of the European Union's new CRA law coming into effect.
6.18.3 stable kernel released
Greg Kroah-Hartman has announced the release of the 6.18.3 stable kernel. As always, this update contains important fixes; users of this kernel are advised to upgrade.
Security updates for Friday
Security updates have been issued by Debian (smb4k), Fedora (direwolf, gh, usd, and webkitgtk), Slackware (libpcap and seamonkey), and SUSE (kepler).
Security updates for Thursday
Security updates have been issued by Debian (imagemagick and net-snmp), Fedora (delve, golang-github-google-wire, and golang-github-googlecloudplatform-cloudsql-proxy), and SUSE (podman, python3, and python36).
Shadow-utils 4.19.0 released
Version 4.19.0 of the shadow-utils project has been released. Notable changes in this release include disallowing some usernames that were previously accepted with the --badname option, and removing support for escaped newlines in configuration files. Possibly more interesting is the announcement that the project is deprecating a number of programs, hashing algorithms, and the ability to periodically expire passwords:
Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible (paper link).
Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. [...]
To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See #1432.
The release announcement notes that the features will remain
functional "for a significant period
" to minimize
disruption.