MoreRSS

site iconLWNModify

Dev linux Digest
A site dedicated to producing the best coverage from within the Linux and free software development communities.
RSS: https://lwn.net/headlines/rss
Please copy the RSS to your reader, or quickly subscribe to:

Inoreader Feedly Follow Feedbin Local Reader

Rss preview of Blog of LWN

[$] Using LLMs to find Python C-extension bugs

2026-04-21 22:24:53

The open-source world is currently awash in reports of LLM-discovered bugs and vulnerabilities, which makes for a lot more work for maintainers, but many of the current crop are being reported responsibly with an eye toward minimizing that impact. A recent report on an effort to systematically find bugs in Python extensions written in C has followed that approach. Hobbyist Daniel Diniz used Claude Code to find more than 500 bugs of various sorts across nearly a million lines of code in 44 extensions; he has been working with maintainers to get fixes upstream and his methodology serves as a great example of how to keep the human in the loop—and the maintainers out of burnout—when employing LLMs.

Firefox 150 released

2026-04-21 22:22:43

Version 150 of the Firefox web browser has been released. Notable changes include local-network-access restrictions being turned on for all users, the ability to reorder, copy, delete, paste, and export pages from a PDF using Firefox's built-in viewer, as well as improvements in its split view feature, and more. See also the release notes for developers and list of security fixes in this release.

Security updates for Tuesday

2026-04-21 21:06:08

Security updates have been issued by AlmaLinux (freerdp, kernel, and kernel-rt), Debian (mupdf, opam, simpleeval, and xdg-dbus-proxy), Mageia (firefox, thunderbird and libtiff), Red Hat (containernetworking-plugins, gvisor-tap-vsock, nodejs22, nodejs:20, nodejs:22, perl-XML-Parser, python3.11, python3.9, runc, and skopeo), and SUSE (bind, buildah, cockpit-subscriptions, container-suseconnect, containerd, corosync, cosign, docker, dovecot24, flatpak, freeipmi, gegl, GraphicsMagick, helm, ImageMagick, kubernetes, kubernetes-old, libpng15, LibVNCServer, ncurses, nodejs22, opensc, openvswitch, patterns-glibc-hwcaps, podman, python, python310, python312, python315, rekor, rootlesskit, roundcubemail, and runc).

Git 2.54.0 released

2026-04-21 02:20:54

Git maintainer Junio Hamano has announced Git 2.54.0, which includes contributions from 137 people; 66 of those people are first-time contributors to the project. Changes include the addition of Git history rewriting, Git's web interface (gitweb) "has been taught to be mobile friendly", and much more. See the announcement for all improvements, additions, and bug fixes. Hamano is now taking a short break:

I will go offline for a couple of weeks starting this evening, hopefully after updating 'next' and possibly also pushing out the first batch of the new cycle. There is no designated interim maintainer this time, but I trust that the community can self organize during my absense, if the shape of the release and the tree turns out to be super bad ;-).

See this GitHub blog entry for highlights from this release.

Arch Linux now has a reproducible container image

2026-04-21 01:27:37

Robin Candau has announced the availability of a bit-for-bit reproducible container image for Arch Linux:

The bit-for-bit reproducibility of the image is confirmed by digest equality across builds (podman inspect --format '{{.Digest}}' <image>) and by running diffoci to compare builds. We provide documentation on how to reproduce this Docker image (as we did for the WSL image as well).

Building the base rootFS for the Docker image in a deterministic way was the main challenge, but it reuses the same process as for our WSL image (as both share the same rootFS build system).

[...] This represents another meaningful achievement in our "reproducible builds" efforts and we're already looking forward to the next step!

[$] Digging into drama at The Document Foundation

2026-04-21 00:46:50

The Document Foundation (TDF) is the nonprofit entity behind the LibreOffice productivity suite. Most of the time, the software takes the spotlight, but that has changed in the past few weeks, and not for pleasant reasons. TDF has revoked foundation membership status from about 30 people who work for or have contracting status with Collabora. In response, Collabora has announced plans to focus on a "entirely new, cut-down, differentiated Collabora Office" project and reduce its involvement with LibreOffice. TDF's representatives claim that its actions were necessary to maintain the foundation's nonprofit status, while other community members assert that this is part of a power grab. The facts seem to indicate that there are legitimate issues to be addressed, but it is unclear that TDF needed to go so far as to disenfranchise all Collabora-affiliated contributors.