泰晓资讯 07月 / 第 二期 / 2019 —— 资讯收集

[unicornx]

LWN.net Weekly Edition for June 27, 2019

• An openSUSE foundation proposal: plans for an independent openSUSE foundation start to come into focus.
• CVE-less vulnerabilities: what is to be done when there are far more vulnerabilities found by automatic tools than can be dealt with by humans?
• C, Fortran, and single-character strings: an ancient misunderstanding of the Fortran ABI bites C callers of Fortran functions.
• Statistics from the 5.2 kernel — and before: where the changes in 5.2 came from.
• Lockdown as a security module: the 34th attempt to get the lockdown patches into the kernel looks like it's getting close.
• FreeBSD turns 26: the present and future of the FreeBSD project.

Brief items: Brief news items from throughout the community.

[unicornx]

FreeBSD turns 26: the present and future of the FreeBSD project.

The FreeBSD operating system is continuing to make progress, 26 years after it got its name. Among the areas where work is being done is on improved support for RISC-V, FUSE filesystem updates, C runtime changes, and security improvements. FreeBSD Day is celebrated on June 19, in recognition of the date in 1993 when the name FreeBSD was coined for a fork of the 386BSD project. The first official release of FreeBSD did not occur until November 1, 1993, however.

自创建迄今 FreeBSD 已经活跃了 26 年。目前比较活跃的领域包括对 RISC-V 处理器支持，FUSE 文件系统的更新，C 运行时库的改动，以及安全改进等方面。在 6 月 19 日刚举行了 FreeBSD 的庆祝活动，纪念1993 年的这一天 FreeBSD 从 386BSD 项目上分支出来。FreeBSD 的第一个正式发行版直到 1993 年 11 月1 日才发布。在 FreeBSD Day 庆祝活动之前，刚刚发布了 2019 年第一季度的季报，列出目前活跃开发的功能。

[unicornx]

Lockdown as a security module: the 34th attempt to get the lockdown patches into the kernel looks like it's getting close.

Technologies like UEFI secure boot are intended to guarantee that a locked-down system is running the software intended by its owner (for a definition of "owner" as "whoever holds the signing key recognized by the firmware"). That guarantee is hard to uphold, though, if a program run on the system in question is able to modify the running kernel somehow. Thus, proponents of secure-boot technologies have been trying for years to provide the ability to lock down many types of kernel functionality on secure systems. The latest attempt posted by Matthew Garrett, at an eyebrow-raising version 34, tries to address previous concerns by putting lockdown under the control of a Linux security module (LSM).

像 UEFI secure boot（安全引导）这一类的技术，目的都是利用数字签名来确认系统运行的软件版本是否是受信任的。不过，假如运行的系统软件能够修改运行中的内核，则以上保证将很难做到。因此 secure-boot 技术的拥护者一直在尝试对一个安全系统的内核在功能上进行锁定（lock down）。最近，Matthew Garrett 的相关补丁升级到第 34 版（这个补丁从 2012 年就开始开发了，一直没有完全合入内核，所以补丁的版本号一直在升级），在最新的补丁版本中，Matthew Garrett 希望能采用 Linux Security Module (LSM) 来实现呢对系统功能的锁定（lock down）功能。

[unicornx]

UK ISP group names Mozilla 'Internet Villain' for supporting 'DNS-over-HTTPS'

The trade association for internet service providers in the UK has nominated Mozilla for this year's award of "Internet Villain" because of the browser maker's plans to support the DNS-over-HTTPS (DoH) protocol in its Firefox browser. In a statement published this week, the Internet Services Providers Association (ISPAUK) claimed that Mozilla plans to support DNS-over-HTTPS "in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK."

英国 ISP 联盟（Internet Services Providers Association 或缩写 ISPAUK）将 Mozilla 列入 2019 年 "Internet Villain（互联网恶棍）"名单，与其并列恶棍名单的还包括 "欧盟版权指令第 13 条"，以及美国总统特朗普。ISPAUK 给出的解释是 Mozilla 在 Firefox 中引入的 DNS-over-HTTPS 功能会让用户绕过 ISP 的过滤和父母控制，破坏英国的互联网安全标准。

[unicornx]

Introducing people.kernel.org

Konstantin Ryabitsev has announced a new public blogging platform for kernel developers. "Ever since the demise of Google+, many developers have expressed a desire to have a service that would provide a way to create and manage content in a format that would be more rich and easier to access than email messages sent to LKML. Today, we would like to introduce people.kernel.org, which is an ActivityPub-enabled federated platform powered by WriteFreely and hosted by very nice and accommodating folks at write.as."

people.kernel.org 是一个新创建的类似 “Kernel Planet” 的网站，用于收集内核开发人员发表的 blog 文章，和 Kernel Planet 的区别在于在 people.kernel.org 上发表的文章必须是和内核开发相关的技术文章。目前 people.kernel.org 希望投稿的作者最好是具体参与内核开发的人员，简单地说，作者的名字应该至少出现在内核的 MAINTAINERS 文件 上。当然如果您真的很想给 people,kernel.org 写文章但又不符合以上条件，可以通过让名单列表上的人内部举荐的方式加入。

[unicornx]

Canonical backtracks on i386 packages

Canonical has let it be known that minds have been changed about removing all 32-bit x86 support from the Ubuntu distribution. "Thanks to the huge amount of feedback this weekend from gamers, Ubuntu Studio, and the WINE community, we will change our plan and build selected 32-bit i386 packages for Ubuntu 19.10 and 20.04 LTS. We will put in place a community process to determine which 32-bit packages are needed to support legacy software, and can add to that list post-release if we miss something that is needed."

自上周 Canonical 宣布将不再支持 i386 平台后，由于遭到太多用户的反对，所以 Canonical 宣布将改变原先发布的策略，对于 19.10 和 20.04 LTS 发布包将继续有选择地支持一些 32 位的 i386 软件包，同时将建立一套有效的机制和社区一起讨论并确定哪些发布包将被列在支持列表中。

[unicornx]

Changes at the Apache Software Foundation

Here's a statement from the Apache Software Foundation regarding changes in its leadership: "It is with a mix of sadness and appreciation that the ASF Board accepted the resignations of Board Member Jim Jagielski, Chairman Phil Steitz, and Executive Vice President Ross Gardler last month." There is no indication of why all these people decided to leave at the same time.

日前，Apache 软件基金会（ASF）官方博客公布了一则重磅消息：Apache 软件基金会创始人 Jim Jagielski、主席 Phil Steitz、执行副总裁 Ross Gardler 均递交了辞呈，并为 ASF 董事会通过。目前还没有明确的消息表明为何他们三人同时选择退出。 从左至右依次为 Jim、Phil、Ross

[unicornx]

Huang: Open Source Could Be a Casualty of the Trade War

Bunnie Huang writes about the escalating trade wars and how they could be harmful to the open-source community. "Because the administrative action so far against Huawei relies only upon export license restrictions, the Linux Foundation has been able to find shelter under a license exemption for open source software. However, should Huawei be designated as a 'foreign adversary' under EO13873, it greatly expands the scope of the ban because it prohibits transactions with entities under the direction or influence of foreign adversaries. The executive order also broadly includes any information technology including hardware and software with no exemption for open source."

知名业界评论员 Bunnie Huang 日前撰文指出 “由于迄今为止针对华为的政府行为仅依赖于出口许可限制，因此 Linux 基金会仍然能够根据开源软件的许可证豁免获得庇护。但是，如果华为被指定为 EO13873 条款下的 ”外国竞争对手“，那么根据该法律要求将会大大扩大禁令的范围。该条款命令还广泛包括任何信息技术，包括硬件和软件，以及开源技术。

[unicornx]

After 25 months of development the Debian project is proud to present its new stable version 10 (code name buster), which will be supported for the next 5 years thanks to the combined work of the Debian Security team and of the Debian Long Term Support team.

经过 25 个月的开发，Debian 项目很自豪地推出了新的稳定版本 10（代号名称 "buster"），Debian 安全团队（Debian Security team）和 Debian 长期支持团队（Debian Long Term Support team）将共同努力，在未来为该版本提供 5 年的支持。