Latest Linux and open source news from around the web

Linux Bible Sponsored · View on Amazon → Practical Vim Sponsored · View on Amazon →
LWN.net

Woodruff: You shouldn't trust trusted publishing

William Woodruff, better known online as "yossarian", has published a blog post to make the case that users should not place their trust in trusted publishing: Trusted Publishing is a mechanism for establishing trust between an external machine identity (like a CI/CD workflow) and one or more projects on a package index/registry. The "trust" in "Trusted Publishing" refers to that trust relationship, and not to anything else. It is not, and cannot be, a signal for package trust or quality. You cannot use it to determine whether a package is safe or "good," and PyPI consciously stymies attempts to misuse it for that purpose by not rendering it as a "green checkmark" or anything else of the sort. Or as another framing: Trusted Publishing is just a form of authentication. It doesn't tell you anything other than that an upload was authenticated, which all uploads to PyPI are. LWN covered trusted publishing in June.

LWN.net

[$] Faster RCUs and lockless memory allocation

Puranjay Mohan shared some of the work he's been doing recently on improving the performance of read-copy-update (RCU) at the 2026 Linux Storage, Filesystem, Memory-Management, and BPF Summit; his talk would have been nice context to have earlier in the day when Harry Yoo and Alexei Starovoitov led a session about the new kmalloc_nolock() function that allows for lockless allocation from any kernel context, and which interacts with the RCU subsystem to allow that. This article therefore covers the two sessions together and in the reverse order, to provide that missing context.

LWN.net

Security updates for Tuesday

Security updates have been issued by AlmaLinux (nodejs22 and nodejs24), Fedora (clamav, hplip, kernel, kernel-headers, librabbitmq, mingw-expat, mir, perl-Imager, podman-tui, prometheus-podman-exporter, python-rpds-py, rust-ashpd, rust-busd, rust-gtk4-macros, rust-inferno, rust-quick-xml, rust-reqsign-aws-v4, rust-wayland-scanner, and sandogasa), Oracle (container-tools:rhel8, kernel, mariadb:10.11, mariadb:11.8, nginx, perl:5.32, php, php:7.4, rrdtool, ruby:2.5, ruby:3.3, ruby:4.0, and uek-kernel), Red Hat (kernel, opentelemetry-collector, and python-urllib3), Slackware (c and openssh), SUSE (bind, chromedriver, cryptsetup, s390-tools, dnsmasq, jackson-annotations, jackson-core, jackson-databind, lcms2, pacemaker, perl-Cpanel-JSON-XS, perl-Crypt-SaltedHash, postfix, and python-mistune), and Ubuntu (gnutls28, gzip, openssh, php7.0, python-parsl, python3.10, python3.12, python3.14, request-tracker5, socat, sogo, and tar).

LPI

LPI at the UN: Enabling FOSS Ecosystems Globally

The UN Tech Over Hackathon, the opening event of UN Open Source Week 2026, concluded on June 22 at United Nations Headquarters in New York. Linux Professional Institute (LPI) participated as one of the co-organizers and sponsors of the hackathon, ... Read more The post LPI at the UN: Enabling FOSS Ecosystems Globally appeared first on Linux Professional Institute (LPI).

Phoronix

Razer Certifying Their First Laptop For Linux: Razer Blade 18 RZ09-0582

Razer is a brand synonymous with gaming and finally in 2026 they are in the process of certifying their first laptop for Ubuntu Linux. This laptop going through Ubuntu Linux certification is the Razer Blade 18 RZ09-0582 and it offers incredible performance with the Core Ultra 9 290HX Plus processor and GeForce RTX 5090 graphics but with that also comes a very high price tag.