Notices by mjw (mjw@mastodon.nl)

@richardfontana for me too. They have been under DDoS attack for some days now and trying to deploy (maybe too aggressive) counter measures. Hopefully @fsfstatus will have updates soon.

Isn't that a little backwards @pchestek ? @richardfontana and @bkuhn were very open and public they ran on a platform to modernize the board agreement and that they believed OSI directors should be allowed to use FOSS for Board activities. Then when the vote is over and they do exactly as promised they get excluded for that? @kevin @jwildeboer

The @osi refused to publish the results of the board vote and excluded the reform candidates from the tally on a technicality (again).

Thanks for running @bkuhn and @richardfontana I think we all learned a lot. Sorry we will never know whether you got enough votes.

@sergiodj Sorry we missed each other. #Fosdem too many people, stands, rooms, talks... Hope you had a fun time and weren't in a too crowded place... 😆

Back from #fosdem which was super fun. But now tested positive for #COVID-19 which is less fun. Not feeling sick. But will quarantine. Be careful out there.

Debuginfod project update 2024 by Aaron Merey

https://developers.redhat.com/articles/2025/01/14/debuginfod-project-update-2024

- Metrics and scale of debuginfod servers #prometheus
- New tools and features in debuginfod #elfutils
- IMA verification support
- Addressing kernel VDSO extraction bottlenecks @osandov
- Lazy debug info downloading in #Valgrind and #GDB

A thousand bugs. That is how many open #Valgrind bugs there are at the moment. Wondering what the best method is to deal with this.

https://sourceforge.net/p/valgrind/mailman/message/51809032/

The #valgrind project closed 110 bugs these last 6 months, but there were also 85 new bugs opened. So the good news is that we are closing bugs faster than they are filed now and we dropped under 1000 open bugs. The bad news is that there are still 975 open bugs. Which is still a slightly intimidating number of bugs.

https://sourceforge.net/p/valgrind/mailman/message/58787822/

@sergiodj Looking forward to meeting you again at #fosdem !

Supporting Software Freedom Conservancy in 2025

https://gnu.wildebeest.org/blog/mjw/2025/01/01/supporting-software-freedom-conservancy-in-2025/

The @conservancy Fundraiser runs for another 2 weeks. Please become a Sustainer, renew your existing membership or donate before January 15th to maximize your contribution to furthering the goals of software freedom!

https://sfconservancy.org/sustainer/

They have been a great partner to @sourceware putting users, developers and community first.

There is this 5 year old CVE against bzip2 which turned out to be bogus. The long story: https://gnu.wildebeest.org/blog/mjw/2019/08/02/bzip2-and-the-cve-that-wasnt/

But probably because NVD gave this a 9.8 critical score (!) some enterprise distros are "fixing" this CVE now by "backporting" a broken fix to bzip2 1.0.6 instead of upgrading to a release with a proper fix (bzip2 1.0.8)...

https://gitlab.com/redhat/centos-stream/rpms/bzip2/-/commit/f9ed8e44ad56a1dd655d33dff7ad2344c71e91cf

So now at least rhel-8, alma-8 and ol8 are shipping with a broken bzip2. Sigh.

#valgrind 3.24.0 released!

https://valgrind.org/docs/manual/dist.news.html

Sourceware download: https://valgrind.org/downloads/current.html#current