Linux Community News

Inside this week’s LWN.net Weekly Edition: Front: LLM security reports; OpenWrt One build system; Vim forks; removing read-only THPs; 7.0 statistics; MusicBrainz Picard. Briefs: OpenSSL 4.0.0; Relicensing; Servo; Zig 0.16.0; Quotes; … Announcements: Newsletters, conferences, security updates, patches, and more.

OnlyOffice CEO Lev Bannov has recently claimed that the Euro-Office fork of the OnlyOffice suite violates the GNU Affero General Public License version 3 (AGPLv3). Krzysztof Siewicz of the Free Software Foundation (FSF) has published an article on the FSF’s position on adding terms to the AGPLv3. In short, Siewicz concludes that OnlyOffice has added restrictions to the license that are not compatible with the AGPLv3, and those restrictions can be removed by recipients of the code. We urge OnlyOffice to clarify the situation by making it unambiguous that OnlyOffice is licensed under the AGPLv3, and that users who already received copies of the software are allowed to remove any further restrictions. Additionally, if they intend to continue to use the AGPLv3 for future releases, they should state clearly that the program is licensed under the AGPLv3 and make sure they remove any further restrictions from their program documentation and source code. Confusing users by attaching further restrictions to any of the FSF’s family of GNU General Public Licenses is not in line with free software.

Many people dislike the proliferation of Large Language Models (LLMs) in recent years, and so make an understandable attempt to avoid them. That may not be possible in general, but there are two new forks of Vim that seek to provide an editing environment with no LLM-generated code. EVi focuses on being a modern Vim without LLM-assisted contributions, while Vim Classic focuses on providing a long-term maintenance version of Vim 8. While both are still in their early phases, the projects look to be on track to provide stable alternatives — as long as enough people are interested.

Security updates have been issued by AlmaLinux (capstone, cockpit, firefox, git-lfs, golang-github-openprinting-ipp-usb, kea, kernel, nghttp2, nodejs24, openexr, perl-XML-Parser, rsync, squid, and vim), Debian (imagemagick, systemd, and thunderbird), Slackware (libexif and xorg), SUSE (bind, clamav, firefox, freerdp2, giflib, go1.25, go1.26, helm, ignition, libpng16, libssh, oci-cli, rust1.92, strongswan, sudo, xorg-x11-server, and xwayland), and Ubuntu (rust-tar and rustc, rustc-1.76, rustc-1.77, rustc-1.78, rustc-1.79, rustc-1.80).

The Zig project has announced version 0.16.0 of the Zig programming language. This release features 8 months of work: changes from 244 different contributors, spread among 1183 commits. Perhaps most notably, this release debuts I/O as an Interface, but don’t sleep on the Language Changes or enhancements to the Compiler, Build System, Linker, Fuzzer, and Toolchain which are also included in this release. LWN last covered Zig in December 2025.

Part of the “fun” that comes with curating a self-hosted music library is tagging music so that it has accurate and uniform metadata, such as the band names, album titles, cover images, and so on. This can be a tedious endeavor, but there are quite a few open-source tools to make this process easier. One of the best, or at least my favorite, is MusicBrainz Picard. It is a cross-platform music-tagging application that pulls information from the well-curated, crowdsourced MusicBrainz database project and writes it to almost any audio file format.

Version 4.0.0 of the OpenSSL cryptographic library has been released. This release includes support for a number of new cryptographic algorithms and has a number of incompatible changes as well; see the announcement for the details.

Security updates have been issued by Debian (gdk-pixbuf, gst-plugins-bad1.0, and xdg-dbus-proxy), Fedora (chromium, deepin-image-viewer, dtk6gui, dtkgui, efl, elementary-photos, entangle, flatpak, freeimage, geeqie, gegl04, gthumb, ImageMagick, kf5-kimageformats, kf5-libkdcraw, kf6-kimageformats, kstars, libkdcraw, libpasraw, LibRaw, luminance-hdr, nomacs, OpenImageIO, OpenImageIO2.5, photoqt, python-cryptography, rawtherapee, shotwell, siril, swayimg, vips, and webkitgtk), Red Hat (firefox and podman), Slackware (libarchive), SUSE (expat, glibc, GraphicsMagick, libcap-devel, libpng16, libtpms, nodejs24, openssl-1_0_0, openssl-1_1, openssl-3, openvswitch, polkit, python-requests, python311-biopython, python312, python39, and tigervnc), and Ubuntu (corosync, kvmtool, libxml-parser-perl, linux-azure, linux-azure, linux-azure-6.17, linux-azure, linux-azure-6.8, policykit-1, redis, lua5.1, lua-cjson, lua-bitop, rustc, vim, and xdg-dbus-proxy).

Linus Torvalds released the 7.0 kernel as expected on April 12, ending a relatively busy development cycle. The 7.0 release brings a large number of interesting changes; see the LWN merge-window summaries (part 1, part 2) for all the details. Here, instead, comes our traditional look at where those changes came from and who supported that work.

The OpenWrt One is a router powered by the open-source firmware from the OpenWrt project; it was also the subject of a keynote at SCALE in 2025 given by Denver Gingerich of the Software Freedom Conservancy (SFC), which played a big role in developing the router. Gingerich returned to the conference in 2026 to talk about the build system used by the OpenWrt One, which is focused on creating the needed binaries, naturally, but doing so in a way that makes it easy to comply with the licenses of the underlying code. That makes good sense for a project of this sort—and for a talk given by the director of compliance at SFC.

The Servo project has announced the first release of servo as a crate for use as a library. As you can see from the version number, this release is not a 1.0 release. In fact, we still haven’t finished discussing what 1.0 means for Servo. Nevertheless, the increased version number reflects our growing confidence in Servo’s embedding API and its ability to meet some users’ needs. In the meantime we also decided to offer a long-term support (LTS) version of Servo, since breaking changes in the regular monthly releases are expected and some embedders might prefer doing major upgrades on a scheduled half-yearly basis while still receiving security updates and (hopefully!) some migration guides. For more details on the LTS release, see the respective section in the Servo book.

Security updates have been issued by AlmaLinux (fontforge, freerdp, libtiff, nginx, nodejs22, and openssh), Debian (bind9, chromium, firefox-esr, flatpak, gdk-pixbuf, inetutils, mediawiki, and webkit2gtk), Fedora (corosync, libcap, libmicrohttpd, libpng, mingw-exiv2, mupdf, pdns-recursor, polkit, trafficserver, trivy, vim, and yarnpkg), Mageia (libpng12, openssl, python-django, python-tornado, squid, and tomcat), Red Hat (rhc), Slackware (openssl), SUSE (chromedriver, chromium, cockpit, cockpit-machines, cockpit-podman, cockpit-tukit, crun, firefox, fontforge-20251009, glibc, go1, helm3, libopenssl-3-devel, libpng16, libradcli10, libtasn1, nghttp2, openssl-1_0_0, openssl-1_1, ovmf, perl-XML-Parser, python-cryptography, python-Flask-HTTPAuth, python311-Django4, python313-Django6, python315, sudo, systemd, tar, tekton-cli, tigervnc, util-linux, and zlib), and Ubuntu (mongodb, qemu, and retroarch).

Linus has released the 7.0 kernel after a busy nine-week development cycle. The last week of the release continued the same “lots of small fixes” trend, but it all really does seem pretty benign, so I’ve tagged the final 7.0 and pushed it out. I suspect it’s a lot of AI tool use that will keep finding corner cases for us for a while, so this may be the “new normal” at least for a while. Only time will tell. Significant changes in this release include the removal of the “experimental” status for Rust code, a new filtering mechanism for io_uring operations, a switch to lazy preemption by default in the CPU scheduler, support for time-slice extension, the nullfs filesystem, self-healing support for the XFS filesystem, a number of improvements to the swap subsystem (described in this article and this one), general support for AccECN congestion notification, and more. See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 7.0 page for more details.

The 6.19.12, 6.18.22, 6.12.81, 6.6.134, and 6.1.168 stable kernel updates have been released; each contains another set of important fixes.

Things do not always go the way kernel developers think they will. When the kernel gained support for the creation of read-only transparent huge pages for the page cache in 2019, the developer of that feature, Song Liu, added a Kconfig file entry promising that support for writable huge pages would arrive “in the next few release cycles”. Over six years later, that promise is still present, but it will never be fulfilled. Instead, the read-only option will soon be removed, reflecting how the core of the memory-subsystem has changed underneath this particular feature.