LWN.net

Inside this week's LWN.net Weekly Edition: Front : Rust in CPython; Python frozendict; Bazzite; IETF post-quantum disagreement; Distrobox; 6.19 merge window; Leaving the TAB. Briefs : Let's Encrypt retrospective; PKI infrastructure; Rust in kernel to stay; CNA series; Alpine 3.23.0; cmocka 2.0; Firefox 146; 2024 Free Software Awards; Quotes; ... Announcements : Newsletters, conferences, security updates, patches, and more.

Let's Encrypt has published a retrospective that covers the decade since it published its first publicly trusted certificate in September 2015: In March 2016, we issued our one millionth certificate. Just two years later, in September 2018, we were issuing a million certificates every day. In 2020 we reached a billion total certificates issued and as of late 2025 we're frequently issuing ten million certificates per day. We're now on track to reach a billion active sites, probably sometime in t…

Greg Kroah-Hartman is writing a series of blog posts about Linux becoming a Certificate Numbering Authority (CNA): It's been almost 2 full years since Linux became a CNA (Certificate Numbering Authority) which meant that we (i.e. the kernel.org community) are now responsible for issuing all CVEs for the Linux kernel. During this time, we've become one of the largest creators of CVEs by quantity, going from nothing to number 3 in 2024 to number 1 in 2025. Naturally, this has caused some question…

Linux containers have made it reasonably easy to develop, distribute, and deploy server applications along with all the distribution dependencies that they need. For example, anyone can deploy and run a Debian-based PostgreSQL container on a Fedora Linux host. Distrobox is a project that is designed to bring the cross-distribution compatibility to the desktop and allow users to mix-and-match Linux distributions without fussing with dual-booting, virtual machines, or multiple computers. It is an…

Security updates have been issued by AlmaLinux (abrt and kernel), Debian (libpng1.6, libsoup2.4, pdns-recursor, webkit2gtk, and wordpress), Fedora (imhex, libwebsockets, lunasvg, python3-docs, and python3.14), Mageia (python3 and webkit2), Red Hat (abrt, firefox, mysql8.4, and postgresql:15), Slackware (mozilla), SUSE (gegl, gnutls, go1.24, go1.25, libpng16-16, openssh, postgresql13, python-Jinja2, and sssd), and Ubuntu (fonttools and netty).

The topic of the Rust experiment was just discussed at the annual Maintainers Summit. The consensus among the assembled developers is that Rust in the kernel is no longer experimental — it is now a core part of the kernel and is here to stay. So the "experimental" tag will be coming off. Congratulations are in order for all of the Rust-for-Linux team. (Stay tuned for details in our Maintainers Summit coverage.)

The Free Software Foundation has announced the recipients of its 2024 (even though 2025 is almost over) Free Software Awards. Andy Wingo won the award for the advancement of free software, Alx Sa is the outstanding new free-software contributor, and Govdirectory takes the award for projects of social benefit.

One of the things that has historically stood between Linux and the fabled "year of the Linux desktop" is its lack of support for video games. Many users who would have happily abandoned Windows have, reluctantly, stayed for the video games or had to deal with dual booting. In the past few years, though, Linux support for games—including those that only have Windows versions—has improved dramatically, if one is willing to put the pieces together. Bazzite , an image-based Fedora derivative, is a…

Version 146.0 of the Firefox web browser has been released. One feature of particular interest to Linux users is that Firefox now natively supports fractional scaled displays on Wayland. Firefox Labs has also been made available to all users even if they opt out of telemetry or participating in studies. " This means more experimental features are now available to more people. " This release also adds support for Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) for WebRTC. ML-KEM is " b…

Security updates have been issued by AlmaLinux (kernel, kernel-rt, and webkit2gtk3), Fedora (abrt and mingw-libpng), Mageia (apache and libpng), Oracle (abrt, go-toolset:rhel8, kernel, sssd, and webkit2gtk3), Red Hat (kernel and kernel-rt), SUSE (gimp, gnutls, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, and postgresql13), and Ubuntu (gnupg2, python-apt, radar…

The Internet Engineering Task Force (IETF) is the standards body responsible for the TLS encryption standard — which your browser is using right now to allow you to read LWN.net. As part of its work to keep TLS secure, the IETF has been entertaining proposals to adopt "post-quantum" cryptography (that is, cryptography that is not known to be easily broken by a quantum computer) for TLS version 1.3. Discussion of the proposal has exposed a large disagreement between participants who worried abou…

Jon Seager, VP of engineering for Canonical, has announced a plan to develop a universal Public Key Infrastructure tool called upki: Earlier this year, LWN featured an excellent article titled " Linux's missing CRL infrastructure ". The article highlighted a number of key issues surrounding traditional Public Key Infrastructure (PKI), but critically noted how even the available measures are effectively ignored by the majority of system-level software on Linux. One of the motivators for the disc…

Security updates have been issued by Debian (ffmpeg, krita, lasso, and libpng1.6), Fedora (abrt, cef, chromium, tinygltf, webkitgtk, and xkbcomp), Oracle (buildah, delve and golang, expat, python-kdcproxy, qt6-qtquick3d, qt6-qtsvg, sssd, thunderbird, and valkey), Red Hat (webkit2gtk3), and SUSE (git-bug, go1, and libpng12-0).

As has been recently announced , nominations are open for the 2025 Linux Foundation Technical Advisory Board (TAB) elections. I am one of the TAB members whose term is coming to an end, but I have decided that, after 18 years on the board, I will not be seeking re-election; instead, I will step aside and make room for a fresh voice. My time on the TAB has been rewarding, and I will be sad to leave; the TAB has an important role to play in the functioning of the kernel community.

Greg Kroah-Hartman has announced the release of the 6.17.11 , 6.12.61 , 6.6.119 , 6.1.159 , 5.15.197 , and 5.10.247 stable kernels. Each contains important fixes throughout the tree; users of these kernels should upgrade.