Fedora is a Trademark of Red Hat, Inc, an operating system built by volunteers around the world. This page is provided so that independent volunteers can showcase our contributions to Fedora and Free Software in general. Official Fedora Download page.

RSS Atom

We Make Fedora

February 26, 2026

• Richard W.M. Jones Veritasium

  I was interviewed on Veritasium about the rise of Linux and the XZ hack.

February 25, 2026

• Daniel Pocock Australian Signals Directorate ex-employee sold back doors to Russia

  There is fresh news today about Peter Williams, alias John Taylor, who admitted selling trade secrets to Russia in exchange for cryptocurrency. He was prosecuted, he entered a guilty plea in 2025 and he was sentenced to jail this week.

  If the seized cryptocurrency is Bitcoin then it may now enter into the US Government's strategic Bitcoin reserve. If Bitcoin itself is a scam created by the intelligence agencies then it is foolish to see them drinking their own cool-aid in this manner.

  News reports refer to trade secrets. What they are really talking about are back doors and other security vulnerabilities. Technically, in the US law, the name of the crime concerns trade secrets.

  News reports tell us he has betrayed America. This is an understatement. He has betrayed all the countries who use American technology. Android and iPhone devices are used throughout the world today.

  Peter Williams was apparently employed at the Australian Signals Directorate (ASD), equivalent to the NSA or GCHQ, in an earlier stage of his career. Technology changes quickly and it is not clear if any back doors he discovered at ASD would be relevant today.

  Nonetheless, it does raise questions about both the ethical standards and competence of people employed in spy agencies.

  At the time of the offences, he was allegedly affiliated with L3Harris Trenchant. Their web site tells us they sell "Vulnerability and exploit research" and "Device and access capabilities" for "end-point intelligence solutions", in other words, getting into other peoples' phones and desktop computers.

  Spare a moment to think about the victims of the Debian suicide cluster. To what extent did the group behaviour get into their heads such that Frans Pop wrote a suicide note the night before Debian Day?

  Earlier in 2025, before Williams entered a guilty plea, another former employee of Trenchant felt his phone was hacked by his own employer. This is not so creepy: remember the Blackberry? Many companies issued Blackberries to their staff because they could all be linked together and monitored by the IT department. While the details of Trenchant's activities are classified, the concept is hardly new.

  Earlier this week, British authorities arrested former US ambassador Lord Mandelson. Mandelson said the police were tricked to arrest him based on rumours he was about to flee the country.

  If the police were tricked, we can't blame them for over-reacting. The notorious Kim Philby of the Cambridge Five fled to Russia when he felt the net was closing on him. Philby had served as first secretary to the British Embassy in Washington. He used that post to obtain secrets for the Russians. It was a huge embarassment for the British. In the case of Lord Mandelson, we can hope the British will be more thorough and transparent.

  While ASD is the equivalent of the NSA, the Australian Security and Intelligence Organisation (ASIO), which uses the British spelling of Organisation, is the equivalent of the CIA.

  

   

  Those who believe cryptocurrency is anonymous have been fooled. If the spies themselves are unable to use Bitcoin securely then it is unlikely anybody else can use it successfully for truly anonymous drug deals, bribes and ransom payments. It might be time to get a real job.

  In other blogs, I looked at how Pauline / Maria / Alice Climent-Pommeret claims to be doing offensive malware development under a different name and one of the Debianists spreading rumours about my family was employed by French cyber intelligence ANSSI.

  You don't need to be an intelligence agency employee to notice a pattern here: the time and energy these people exert enriching themselves and attacking their allies far exceeds the effort exerted against the real enemy.

  Continue reading the inconvenient truth about cryptocurrency.

  The author holds an MIT MicroMasters in Data, Economics and Development Policy. He does not hold any crypto "assets". Swiss financial regulator FINMA will neither confirm nor deny an investigation on this blog precipitated the resignation of their deputy CEO .

February 24, 2026

• Daniel Pocock Balmoral rape cult & Debian suicide cluster indifference, community

  A recent report from the Australian Institute of Criminology tells us 9,101 people were prosecuted for abuse in the year from 1 July 2022 up to 30 June 2023.

  The ABC, our national broadcaster, decided to do a deep-dive into two of those nine thousand rapists and publish it the same day ex-Prince Andrew was arrested. It was an uncanny coincidence these two men are from the village of Balmoral, Victoria while one of the British royal family's most notable estates is Balmoral in Scotland.

  The report is rather long but what really startled me was the similarity to the Debian harassment and abuse culture.

  The rape, like the Debian suicide cluster, is an undeniable fact. While some rapes are only reported to police many weeks or months after the crime, this one had been reported immediately. The victim went to hospital, she surrendered all her clothing and submitted herself to a humiliating physical examination only two hours after the humiliation of the gang rape. There is no way anybody could deny something happened between the two men and the victim. A suicide cluster is much the same, when you have written notes and dead bodies, you can't deny that people are dead and dying. While some rapes and some deaths are ambiguous, there is no ambiguity in either Balmoral or Debian.

  The similarity doesn't stop there. What is really fascinating about the story is the way the community closes ranks, circles the wagons and lives in total denial of the rapes, or in the case of Debian, the suicide cluster.

  The 20-year-old student was raped at the 21st birthday of her female friend. Imagine having a memory like that on your 21st birthday. Imagine having a suicide on your wedding day. There is a detailed report about how Adrian von Bidder-Senn died on our wedding day. For some time, I personally didn't prefer to mention these deaths in public. I wanted to have some separation between memories of our wedding and experiences of Debian group behaviour problems.

  The birthday girl had been in the same bed with the victim but she put it out of her mind and posted photos of smiling people on her social control media profile.

  

   

  Incidentally, the notorious Balmoral party/gang rape occurred on 2 April 2016, which is somebody else's birthday too.

  Here is a photo from our wedding day. In the lingo used by Debianists, we would say the horse is violating the Code of Conduct. It was 17 April 2011, the same day Adrian von Bidder-Senn died in Switzerland. On the left, we can see the shoulder of one of the groomsmen, one of my cousins, a former member of the choir everybody was talking about under the late Cardinal Pell. Debianists refuse to admit having a suicide cluster but days after Cardinal Pell was convicted in 2018, Debianists were running amok attacking my family with rumours about abuse.

  

   

  Likewise, after each death by accident or by suicide, we still have to continue using Debian each day in our homes and in our jobs. The Debian software is the operating system that supports all the other applications many of us are using in both our personal environment and our workplaces. People don't want to think of the Debian suicide cluster each time they log in to their desktop. Here is a Debian login screen with some of the tombstones superimposed over it:

  

   

  

   

  

   

  The two men from Balmoral were convicted by a jury. There was a retrial and they were convicted again by a second jury. Yet the community still refers to them as alleged rapists, not convicted rapists.

  The original prosecution took almost three years to put the men on trial. Consequently, they continued to live a completely normal life in the small town of Balmoral. In a town with one pub and one football club, everybody has to live together. People don't like to think about gang rape when they see the faces of these men, their parents or their siblings coming down the street. So the community collectively puts the gang rape out of their minds.

  As the ABC notes, people who had to live with the facts, like the local police officer, eventually left the village.

  In Debianism, we often see people boasting about being a community and being a family. The word community is put up on a pedestal as if it is some absolute proof of goodness and purity. Yet reading the report from Balmoral from top to bottom, we need to ask ourselves, what does it really mean to be part of a community? Or to put it another way, when does a community become a cult? Balmoral is a remote location and the population is only a little bit bigger than the population of cults like Heaven's Gate or the Branch Davidians.

  What if a rape victim or suicide cluster victim was your sister or brother? Staying part of the so-called community doesn't come cheap.

  Pretending the rape didn't happen is like pretending the suicide cluster didn't happen. Yet people have to conform to the local Code of Conduct gaslighting and put it out of their minds.

  In Balmoral, people resent the idea of two fit and healthy young men being taken away, put in jail and sent back to the community potentially unemployable and unmarriable. As the population is so small, the convictions on these men become a conviction on the name of Balmoral itself.

  Likewise, just as people resent the idea that the lives of these men could be wasted by the prosecution, Debianists resent the idea that all the work we put into the Debian software is wasted if people move away from Debian because of the contempt for human life.

  The most remarkable thing in the very long ABC report is the story of the local bush nurse Lisa Hutchins (also LinkedIn). Nurse Hutchins is the manager of the Balmoral Bush Nursing Centre.

  Nurse Hutchins is only referred to by her first name, Lisa, in the ABC report but as it is such a small village, anybody can find her name on the web site of the nursing centre. Nurse Hutchins was the first person to provide assistance to the victim immediately after the assault, so her testimony is crucial. In the first trial, Nurse Hutchins gave testimony in support of the victim. The two men were convicted and sent to prison.

  After they were sent to prison, Nurse Hutchins had regrets. The nurse had fresh memories about the night of the rape and she asked to make a new statement in support of the rapists. In the new statement, she told the court that she had asked the victim if she consented. From the ABC report:

  “When sitting in my kitchen I questioned Elise about what had occurred,” Lisa writes in the statement.

  “I asked her ‘did you consent to this?’ … she folded her arms across herself, put her head down and in a low voice said ‘Luke maybe, but not Shaun.’”

  It is a good moment to go back and listen to the testimony of my last female intern from the Google Summer of Code. Listen to the woman explaining how Debianists used peer pressure to try and turn her against me. We can imagine the bush nurse Lisa Hutchins faced similar pressure. If she didn't agree to support the rapists she would have to find a new job, sell her home and move her whole family out of the village.

  In other words, if Lisa Hutchins wants to live in a small town like Balmoral, there is a Code of Conduct that she has to follow.

  Older men in the same village may have committed similar crimes in the era before mobile phones. In the case at hand, the victim had moved away for university and she had only returned to the village for the party. She had a wide network of friends and having a mobile phone, she alerted them immediately. Yet for women living in such a "community" before the rise of mobile phones, they had no immediate way to seek help. Instead, the only faces they would see in the days after a crime would be those of the perpetrators, blackmailing, bullying or gaslighting them to stay silent.

  Some women may have had children after rapes like this. Their own children and grandchildren inherit the village and its famous name. They choose to put these things out of their minds.

  Consequently, knowing that other men have done the same thing and got away with it over the years, members of the "community" may feel the two young men who got caught at Balmoral have been unlucky.

  Likewise, in any small town, the further you get from the city, the more people resent the idea of the government meddling in their bedrooms.

  Consequently, communities of this size, whether they are villages or online groups like the Debianists, start to exhibit cult-like behaviour without even realising it.

  Here is a photo of Nurse Lisa Hutchins with Tony Walker, head of the state ambulance service, Ambulance Victoria.

  

   

  

   

  

   

  Please see more about the Debian pregnancy cluster.

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

• Remi Collet 📝 Install PHP 8.5 on Fedora, RHEL, CentOS Stream, Alma, Rocky or other clone

  Here is a quick howto upgrade default PHP version provided on Fedora, RHEL, CentOS, AlmaLinux, Rocky Linux or other clones with latest version 8.5.

  You can also follow the Wizard instructions.

   

  Architectures:

   

  The repository is available for x86_64 (Intel/AMD) and aarch64 (ARM).

   

  Repositories configuration:

   

  On Fedora, standards repositories are enough, on Enterprise Linux (RHEL, CentOS) the Extra Packages for Enterprise Linux (EPEL) and Code Ready Builder (CRB) repositories must be configured.

  Fedora 44

  dnf install https://rpms.remirepo.net/fedora/remi-release-44.rpm
  

  Fedora 43

  dnf install https://rpms.remirepo.net/fedora/remi-release-43.rpm
  

  Fedora 42

  dnf install https://rpms.remirepo.net/fedora/remi-release-42.rpm
  

  RHEL version 10.1

  dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm
  dnf install https://rpms.remirepo.net/enterprise/remi-release-10.rpm
  subscription-manager repos --enable codeready-builder-for-rhel-10-x86_64-rpms
  

  RHEL version 9.7

  dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
  dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm
  subscription-manager repos --enable codeready-builder-for-rhel-9-x86_64-rpms
  

  RHEL version 8.10

  dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
  dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
  subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
  

  Alma, CentOS Stream, Rocky version 10

  dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm
  dnf install https://rpms.remirepo.net/enterprise/remi-release-10.rpm
  crb install
  

  Alma, CentOS Stream, Rocky version 9

  dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
  dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm
  crb install
  

  Alma, Rocky version 8

  dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
  dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
  crb install
  

   

  PHP module usage

   

  With Fedora and EL, you can simply use the remi-8.4 stream of the php module

  With Fedora (dnf5 has partial module support)

  dnf module reset php
  dnf module enable php:remi-8.5
  dnf install php-cli php-fpm php-mbstring php-xml

  Other distributions (dnf4)

  dnf module switch-to php:remi-8.5/common

   

  PHP upgrade

   

  By choice, the packages have the same name as in the distribution, so a simple update is enough:

  dnf update

  That's all :)

  $ php -v
  PHP 8.5.3 (cli) (built: Feb 10 2026 18:25:51) (NTS gcc x86_64)
  Copyright (c) The PHP Group
  Built by Remi's RPM repository  #StandWithUkraine
  Zend Engine v4.5.3, Copyright (c) Zend Technologies
      with Zend OPcache v8.5.3, Copyright (c), by Zend Technologies
  

   

  Known issues

  The upgrade can fail (by design) when some installed extensions are not yet compatible with  PHP 8.5.

  See the compatibility tracking list: PECL extensions RPM status

  If these extensions are not mandatory, you can remove them before the upgrade; otherwise, you must be patient.

  Warning: some extensions are still under development, but it seems useful to provide them to upgrade more people and allow users to give feedback to the authors.

   

  More information

  If you prefer to install PHP 8.5 beside the default PHP version, this can be achieved using the php85 prefixed packages, see the PHP 8.5 as Software Collection post.

  You can also try the configuration wizard.

  This is also documented as the community way to install PHP 8.5 on the official PHP web site.

  The packages available in the repository were used as sources for Fedora 44.

  By providing a full feature PHP stack, with about 150 available extensions, 11 PHP versions, as base and SCL packages, for Fedora and Enterprise Linux, and with 300 000 downloads per day, the remi repository became in the last 21 years a reference for PHP users on RPM based distributions, maintained by an active contributor to the projects (Fedora, PHP, PECL...).

  See also:

  • Posts RSS feed (version announcements)
  • Comments RSS feed
  • Repository RSS feed (example for EL-10, php 8.5)
  • Install PHP 8.4 on Fedora RHEL CentOS Alma Rocky or other clone
  • Install PHP 8.3 on Fedora RHEL CentOS Alma Rocky or other clone
  • Install PHP 8.2 on Fedora RHEL CentOS Alma Rocky or other clone

• Daniel Pocock Bitcoin: Code of Conduct stifled open source concerns

  If BitCoin is just another ponzi scheme, how did it grow over fifteen years to achieve $4 trillion valuation in broad daylight?

  One of the tactics used has been the affiliation with the open source or free software methodologies and communities.

  Some contributors embraced it early on. Others were openly sceptical but had to bite their tongues because of the Code of Conduct gaslighting.

  

   

  As more and more communities were tricked into adopting the Code of Conduct gaslighting, there were fewer and fewer ways insiders could raise concerns that BitCoin might be nothing more than a ponzi scheme based on cryptography.

  Here is a comment that Paul Boddie made to the FSFE misfits in 2011 ( source):

  Chris Woolfrey: What about BitCoin?

  Boddie: I think there are huge trust and credibility issues with BitCoin, sadly. But there are apparently alternative payment services out there that are as easy to adopt as PayPal, so it’s just a matter of using them. And again, it’s easy to get hung up on matters like this, but one effective means of taking registration payments is bank transfers. If you are only dealing with people from countries whose banks don’t regard you as being insane when you ask to make a transfer to someone else’s account, especially in another country, then just accepting bank transfers is a viable option.

  From the debian-private (leaked) gossip network, I found a message where Phil Hands suggests third parties could be given licenses to use the Debian trademark in exchange for BitCoin.

  Subject: Re: Webian?
  Resent-Date: Thu,  9 Jun 2011 19:58:19 +0000 (UTC)
  Resent-From: debian-private@lists.debian.org
  Date: Thu, 09 Jun 2011 20:07:31 +0100
  From: Philip Hands <phil@hands.com>
  To: Faidon Liambotis <paravoid@debian.org>, debian-private@lists.debian.org, leader@debian.org
  
  On Thu, 9 Jun 2011 18:53:22 +0300, Faidon Liambotis <paravoid@debian.org> wrote:
  > Hi,
  >
  > On this week's LWN there is an article about Webian, a project aiming to
  > create an operating system based on Mozilla and web technologies a la
  > ChromeOS (as I understand it).
  >
  > Apparently, there is no relation to Debian at all, besides both having
  > the goal of producing an operating system.
  >
  > Personally, I find the use of the name "Webian" and the similarity to
  > our name  a bit unfortunate and perhaps as a trademark infringement (but
  > IANAL).
  
  *sigh*
  
  Likewise IANAL, but as I understand it, if one does not defend a
  trademark, one risks losing it.
  
  I suppose if we were to decide that we didn't mind too much, rather than
  telling them to change the name, we could sell them a license to use it
  (for some bitcoins perhaps?), just so that we can demonstrate that we're
  defending the mark when someone we really don't like comes along.
  
  It would be better if they changed it though.
  
  Oh, and if we're telling people off about that, perhaps there's another
  candidate here:
  
    https://launchpad.net/webian
  
  although that does look like a dead project, but it might be worth
  submitting a Cease&Desist as a bug report, asking them to leave the
  notice at that URL as something for Google to find, so the next person
  to think they're being original can find out that they're not.
  
  Actually, we (well, sort-of we) have apparently been using the name
  since 2006, not that this seems to have come to anything:
  
    http://wiki.debian.org/JoseParrella#Webian
  
  bit it does rather nicely demonstrate that they should have expected
  trouble.
  
  Also, this is _Mozilla_ violating our trademark, right?  *raise eyebrow*
  
  Cheers, Phil.
  -- 
  |)|  Philip Hands [+44 (0)20 8530 9560]    http://www.hands.com/
  |-|  HANDS.COM Ltd.                    http://www.uk.debian.org/
  |(|  10 Onslow Gardens, South Woodford, London  E18 1NE  ENGLAND
  

  In 2012, Stéphane Glondu traveled from France to London for the Bitcoin conference:

  Subject: [VAC] 12-16 September, London
  Resent-Date: Mon, 10 Sep 2012 09:17:24 +0000 (UTC)
  Resent-From: debian-private@lists.debian.org
  Date: Mon, 10 Sep 2012 11:17:02 +0200
  From: Stéphane Glondu <glondu@debian.org>
  To: debian-private@lists.debian.org
  
  Hi,
  
  I'll be in London from the 12th to the 16th, attending the Bitcoin
  conference[1] during the week-end.
  
  Other than that, I would be happy to share some keys and sign some beer.
  My (French) cell number is known to LDAP.
  
  
  Cheers,
  
  -- 
  Stéphane
  
  ¹: http://bitcoin2012.com/
  

  Martin Krafft told us One day, Bitcoin will rule. As the saying goes, every dog has its day. Maybe that day has been and gone when it peaked in October 2025.

  Subject: Re: Want to buy Bitcoin? Have a US credit card?
  Date: Wed, 6 Aug 2014 20:19:27 +0200
  From: martin f krafft <madduck@debian.org>
  Organization: The Debian project
  To: debian private list <debian-private@lists.debian.org>
  
  Thank you for all your kind responses and offers. I found exactly my
  model on Ebay, one week old (post-exhibition sale, almost 50% off,
  so I went for that and shelled out to Paypal. One day, Bitcoin will
  rule…).
  
  Here's a bit of info coming back. People suggested other sites, but
  none of them had the model I sought. Notably, overstock.com came
  close and does accept Bitcoin.
  
  So I am all set now, but obviously, … if someone from the US still
  wanted Bitcoin, we could set up a deal and avoid exchange
  commissions on both sides (as I will be needing USD for DC14)…
  
  -- 
   .''`.   martin f. krafft <madduck@d.o> @martinkrafft
  : :'  :  proud Debian developer
  `. `'`   http://people.debian.org/~madduck
    `-  Debian - when you have better things to do than fixing systems
   "the only difference between the saint and the sinner
   is that every saint has a past and every sinner has a future."
                                                          -- oscar wilde
  

  Continue reading the inconvenient truth about cryptocurrency.

  The author holds an MIT MicroMasters in Data, Economics and Development Policy. He does not hold any crypto "assets". Swiss financial regulator FINMA will neither confirm nor deny an investigation on this blog precipitated the resignation of their deputy CEO .

February 22, 2026

• Nazi.Compare First speech of Chanellor Hitler, Andreas Tille & Debian denounce Branden Robinson

  Hitler became Chancellor of Germany in January 1933.

  On 10 February 1933, Hitler gave his first official speech as Chancellor.

  He used the occasion to attack his predecessors for everything that had transpired against German interests since the end of World War One.

  Many copies of the speech are available online:

  That’s what Germany looks like today! Under the rule of these parties who have ruined our Volk for fourteen years. The only question is, for how much longer?

  ...

  And this brings us thus to our sixth item, clearly the goal of our struggle: the preservation of this Volk and this soil, the preservation of this Volk for the future, in the realization that this alone can constitute our reason for being.

  The word Volk, which means People or Population, appears forty two times in the speech.

  On 10 February 2026, the Debianist leader Andreas Tille reprimanded one of his predecessors G. Branden Robinson, just as Adolf Hitler had reprimanded the predecessors who ruled Germany in the fourteen years before the Nazis took power.

  While Hitler claimed to represent the Volk / People, Andreas Tille claims to represent the user, whoever that is, in this spiteful reply:

  ... directly harms our ability to serve our users

  ...

  the project owes first and foremost to its users.

  ...

  Andreas Tille was, on two successive occasions, elected on Hitler's birthday. Go figure.

  Read more about Nazi comparisons.

February 21, 2026

• Kevin Fenzi misc fedora bits 3nd week of feb 2026

  

  Well, another saturday, time for another bit of longer form recapping what has been going on in fedora infrastructure and other areas for me.

  Infrastructure Fedora 44 Beta freeze

  We started the beta freeze in infrastructure. This is to make sure that we don't cause any problems for the release building and distributing pipeline. We require some acks for any changes to things that might impact those things until the day after the Beta is released.

  I think this has served us fine over the years. Every once in a while I wonder if we could just stop doing it as we are usually pretty good about not breaking things day to day, but having the extra eyes on changes and slowing down a bit is a good thing I think.

  Forge migrations

  We have been busy working on migrating things from pagure.io to forge.fedoraproject.org. On tuesday just before the freeze we finally got our ansible repo moved over. I've really been looking forward to this as the review interface in forgejo is a good deal nicer than the pagure one. I've already used it to great effect.

  We do still have a few more things to migrate, but overall it's moving along nicely.

  Last bits of rdu2-cc move

  We finally finished off the last things (at least that I am aware of) for things we moved in last december from rdu2-cc to rdu3.

  There was a very strange and difficut to figure out problem for copr builders on ipv6 that I wasn't able to track down, but luckily Pavel worked with networking and finally did so! It seems to have been a odd caching bug in the switches. Hopefully it's now gone once and for all.

  There was some hardware issues to sort out: some bad network cards that had to be replaced, a machine that didn't actually move when it was supposed to, etc.

  Anyhow I hope all that work is all finally done.

  signing work

  Finally got back to deploying / testing the new signing path for secure boot signing. I got it all deployed, just need to get things tested now and hopefully we can switch over after the freeze.

  This should hopefully allow us to sign aarch64 kernels for secure boot as well as removing reliance on an old smart card for signing.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/116110354434738317

• Guillaume Kulakowski Pourquoi j’ai basculé de Portainer vers Arcane pour gérer les conteneurs sur le NAS

  Si tu me lis un peu, tu sais que j’ai une attitude assez pragmatique vis-à-vis de mes outils. Je n’aime pas changer pour changer, mais je n’hésite pas non plus à bouger quand une solution stagne trop ou prend une direction qui ne me plaît pas. Récemment, j’ai d’ailleurs confirmé mon choix de rester sous […]

  Cet article Pourquoi j’ai basculé de Portainer vers Arcane pour gérer les conteneurs sur le NAS est apparu en premier sur Guillaume Kulakowski's blog.

February 20, 2026

• Fedora Community Blog Community Update – Week 8 2026

  This is a report created by CLE Team, which is a team containing community members working in various Fedora groups for example Infrastructure, Release Engineering, Quality etc. This team is also moving forward some initiatives inside Fedora project.

  Week: 16 Feb – 20 Feb 2026

  Fedora Infrastructure

  This team is taking care of day to day business regarding Fedora Infrastructure.
  It’s responsible for services running in Fedora infrastructure.
  Ticket tracker

  • [GSoC Project Idea 2026] Revamp Fedora Badges project with modern fullstack architecture and dedicated MCP support [Ticket] [Followup]
  • [Infra] Added package and installed size to package metadata [Review] [Lint]
  • [Infra] Improve vagrant setup instructions and add container-based setup [Followup A] [Followup B]
  • Migration of pagure.io repositories to forge.fedoraproject.org continues (9 more repositories migrated)
  • Resolved authentication issues with wordpress instances (thanks to misc)
  • Fixed database connection issues on Dist-Git
  • Dep  updates and CI fixes for our apps in Github
  • Worked on the port of bugzilla2fedmsg to Kafka (since the UMB deprecation), deployed it to staging, asked RHIT for firewall ports.

  CentOS Infra including CentOS CI

  This team is taking care of day to day business regarding CentOS Infrastructure and CentOS Stream Infrastructure.
  It’s responsible for services running in CentOS Infratrusture and CentOS Stream.
  CentOS ticket tracker
  CentOS Stream ticket tracker

  • lack of ipv6 on some sponsored servers
  • New Build Target and Tags for the Kmods SIG (kernel-6.18)
  • Extend maximum build time for CS10 Risc-v
  • Spam on the automotive-sig mailing list
  • Move Hyperscale SIG docs source from pagure to gitlab
  • Request: Add new SSH key for OKD / SCOS bootimage sync to cloud.centos.org
  • mirror request
  • Setup BuildRoot for CS10 risc-v
  • allow rsync for 2 fedoraproject mirrors
  • Need more disk space on Gitlab Runners
  • Ensuring that gen2 images are also deleted/cleaned up from koji (through koji-gc)

  Release Engineering

  This team is taking care of day to day business regarding Fedora releases.
  It’s responsible for releases, retirement process of packages and package builds.
  Ticket tracker

  • Fedora 44 Beta Freeze is now in effect.

  RISC-V

  This is the summary of the work done regarding the RISC-V architecture in Fedora.

  • (Not a lot to report this week, besides the routine on-going work.)
  • Started a discussion with the RISC-V team about RHEL builders for Konflux.  (This is not about general Konflux support, that’s out of scope)
  • Continued to investigate Fedora 44 build failures and all that entails — working with relevant upstream maintainers to get changes reviewed, merged, etc.
  • Sorted out  a build-timeout issue with Copr upstream. (Jason Montleon is currently used to build some board-specific kernels.)

  QE

  This team is taking care of quality of Fedora. Maintaining CI, organizing test days
  and keeping an eye on overall quality of Fedora releases.

  • TestDays App was updated in production.
  • Anubis no longer breaks actions in Forge thanks to our debugging (and Infra fixing it, of course).
  • Blockerbugs meetings and the whole blocker review process has started since this week.
  • Ran test days: Grub OOM fix, GNOME 50

  Forgejo

  This team is working on introduction of https://forge.fedoraproject.org to Fedora
  and migration of repositories from pagure.io.

  • Spike of zabbix installation for ansible-role-forgejo-runner researched
  • Forge image build and versioning fully automated
  • Runners updated to use image version 12
  • More migrations from pagure and troubleshooting
  • Private Issues: Fixed tests, tied up loose ends and consolidated feature branch.
  • Packit team got access to staging distgit deployment
  • Create new organisation and namespace on Fedora Forge for Fedora Join [Followup] [Namespace]

  UX

  This team is working on improving User experience. Providing artwork, user experience,
  usability, and general design services to the Fedora project

  • CLE logo complete! 
  • F45 wallpaper mindmap session took place. Mindmap created can be found here.
  • Continuing Forgejo migration.

  If you have any questions or feedback, please respond to this report or contact us on #admin:fedoraproject.org channel on matrix.

  The post Community Update – Week 8 2026 appeared first on Fedora Community Blog.

• Felipe Borges GNOME is participating in Google Summer of Code 2026!

  Potential GSoC contributors may reach out with questions about our project ideas or GNOME internships in general. Please direct them to gsoc.gnome.org to learn more.

  You can find our proposed project ideas at gsoc.gnome.org/2026.

  Project proposal submissions are open from March 16th to 31st.

February 19, 2026

• Allan Day GNOME Foundation Update, 2026-02-19

  Welcome to another GNOME Foundation update post, covering highlights from the past two weeks (this week and last week). It’s been a busy time, particularly due to conference planning and our upcoming audit – read on to find out more!

  Linux App Summit 2026

  We were thrilled to be able to announce the location and dates of this year’s Linux App Summit this week. The conference will happen in Berlin on the 16th and 17th of May, at Betahaus Berlin. More information is available on the LAS website.

  As usual, we are very pleased to be collaborating with KDE on this year’s LAS. Our partnership on LAS has been a real success that we hope to continue.

  Travel sponsorship for LAS 2026 is available for Foundation members through the Travel Committee, so head over to the travel page if you would like to attend and need financial support.

  February’s Board meeting

  The Board of Directors it’s regular monthly meeting last week, on 9th February. Highlights from the meeting included:

  • We finally caught up on our minutes, approving the minutes from a total of nine meetings. This was a big relief, and hopefully we will be able to stay on top of the minutes now that we’re caught up.
  • The Board was thrilled to formally add Nirbheek Chauhan as a member of the Travel Committee. Many contributors will know Nirbheek as a longstanding GStreamer hacker, and he’s already been doing some great work to help with travel. Thanks Nirbheek!
  • The Board approved a new document retention and destruction policy, which is something that we are encouraged to have by regulators.
  • I gave an update on the operational highlights from the last month, including fundraising, conference planning, and audit preparation.
  • The Board considered a proposal for an exciting new program that we’re hoping to launch very soon. More details to follow soon.

  The next Board meeting is scheduled for March 9th.

  Audit submissions

  As I’ve mentioned in previous updates, the GNOME Foundation is due to be audited very soon. This is a routine occurrence for non-profits like us, but this is our first formal audit, so there’s a good deal of learning and setup to be done.

  Last week was the deadline to submit all the documentation for the audit, which meant that many of us were extremely busy finalising numbers, filling in spreadsheets, and tidying up other documentation ready to send it all to the auditors.

  Our finance team *really* went the extra mile for us to get everything ready on time, so I’d like to give them a huge thank you for helping us out.

  The audit inspection itself will happen in the first week of March, so preparations continue, as we assemble and organise our records, update our policies, and so on.

  GUADEC 2026

  Planning for this summer’s conference has continued over the past two weeks. In case you missed it, the location and dates have been announced, and accommodation bookings are open at a reduced rate. In the background we are gearing up to open the call for papers, and the sponsorship effort is on its way. Now is a good time to start thinking about any talk proposals that you’d like to submit.

  Membership certificates

  A cool community effort is currently underway to provide certificates for GNOME Foundation members. This is a great idea in my opinion, as it will allow contributors to get official recognition which can be used for job applications and so on. More volunteers to help out would definitely be welcome.

  That’s it for this week. Thanks for reading, and feel free to ask questions in the comments.

• Fedora Community Blog Master Podman 5.8: Join Fedora Test Week

  Want to learn the latest container tech? From February 27 to March 6, 2026, you can join the Podman 5.8 Test Day. It is the perfect time to explore new features and see how the future of Fedora is built.

  What is new?

  • Faster Downloads: Try optimized “parallel pulls” to get your images in seconds.
  • Setup: Test the new “automatic database creation” for a smoother start.
  • Expert Skills: Learn how to use latest container environments before they go mainstream.

  Why join?

  Your setup is unique. By running Podman 5.8 on your machine, you make sure the final version works perfectly for everyone. It is a great way to learn by doing and to see how top-tier open-source software is made.

  Start here

  We have prepared easy-to-follow steps for you here: https://fedoraproject.org/wiki/Test_Day:2026-02-27_Podman_5.8

  The post Master Podman 5.8: Join Fedora Test Week appeared first on Fedora Community Blog.

• Daniel Pocock Bitcoin: government engagement contradictions

  In 2025, US President Donald Trump signed an executive order creating the US federal Bitcoin reserve.

  When cryptocurrencies are seized from criminals, they are placed in the reserve. If the reserve did not exist, the authorities could sell seized Bitcoins on a Bitcoin exchange.

  From a market perspective, the government's willingness to hold Bitcoins rather than selling them immediately has various implications.

  If the government was selling them, this would put downward pressure on the prices.

  Instead, holding them gives them more legitimacy and may entice other people to purchase Bitcoins.

  Governments with a strong attitude against climate change would be far less likely to hold Bitcoins due to the associated electricity waste.

  Ultimately, some Bitcoin founders and proponents argued for Bitcoin to exist as a currency out of government control.

  When I hear Bitcoin proponents talking about their enthusiasm for government participation, it raises questions about the philosophy of Bitcoin. Has the philosophy changed over time, is it viable for different participants to have different philosophies or is the question of philosophy irrelevant?

  For those who like the philosophy of having some wealth in an asset outside legal and political control, their needs are already well met by gold and silver bullion. The notion that Bitcoin would be a convenient digital replacement for physical metal ownership is a dangerous fantasy. The very people who could benefit most from buying gold and silver bullion are giving their money to the crypto barons. The crypto barons take that money and buy more gold and silver for themselves.

  A small government holding some Bitcoin is not the same as a government controlling the Bitcoin market.

  Nonetheless, as a large government acquires more and more Bitcoins they will have a bigger incentive to control the technology, for better or worse. Some US government agencies and some of the largest US tech companies may have the resources to outsmart the Bitcoin industry. Maybe they already have done so. Maybe they even created it in the first place.

  In comparison, if the government put the same amount of money into equities, buying shares in small businesses, this funds innovation and new ideas. New companies create jobs and the equities eventually pay dividends to the investors. Bitcoins don't create jobs and they don't pay dividends.

  In fact, I think the real motivation for those people who want the government to hold Bitcoins is the realization that the process of building a reserve takes more Bitcoins out of circulation. This, in turn, pushes up the price. Eventually, the private owners of Bitcoins who promoted that policy, having already acquired their Bitcoins at cheaper prices before the federal government, will be able to sell their personal holdings of Bitcoin for a profit. In other words, over time, the system transfers wealth from the public purse to the private purses of the people who got in first. The public do not appear to gain any benefit from that transaction.

  Continue reading the inconvenient truth about cryptocurrency.

  The author holds an MIT MicroMasters in Data, Economics and Development Policy. He does not hold any crypto "assets". Swiss financial regulator FINMA will neither confirm nor deny an investigation on this blog precipitated the resignation of their deputy CEO .

February 18, 2026

• Kiwi TCMS Community Edition Explained

  This page explains what Kiwi TCMS Community Edition is, how it ships and what risks are associated with it. Please read about the details below.

  What is Kiwi TCMS Community Edition

  This is the official version of the Kiwi TCMS application as produced by our own team with the help of many contributors. It may also be referred to upstream or the community edition version and comes packaged as a container image which is publicly available and can be downloaded via the docker pull pub.kiwitcms.eu/kiwitcms/kiwi command!

  Who is this for

  Community Edition is suitable for developers, teams and organizations which are happy to run Kiwi TCMS without any warranty and safeguards for development, testing and even production purposes!

  What do you get

  You get access the publicly available container image; public documentation and source code but not much else!

  What do all of the individual items mean

  Upstream container image: Kiwi TCMS is packaged as a single container image. See Running Kiwi TCMS as a container to get started!

  Only x86_64 build: the community edition container is built on Linux, suitable for Intel/AMD 64bit processors only.

  No version tags: the community edition container is always the latest version! There are no other versions available!

  GPL-2.0 license: Kiwi TCMS is an open source software, with very long history, with its primary core licensed under the GNU GPL-2.0 license!

  No warranty: the community edition version of Kiwi TCMS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

  EthicalAds: the community edition version of Kiwi TCMS comes with built-in advertisement from EthicalAds rewards from which are paid out to opencollective.com/kiwitcms for transparency.

  You assume all risk: you must understand and accept that open source comes with associated risks. To name just a few: our team disappears and stops development; security issues stay unresolved; code slowly becomes outdated & may incur technical debt in the case of one-off patches! All of these have happened in the past with the predecessor of what is now Kiwi TCMS.

  There is no charge but please understand that software isn't zero cost! You pay for it indirectly with time and effort invested in engineering, operations, maintenance and resolving any issues which may arise from the use of said software, regardless of whether it is open source or not!

  IMPORTANT: open source and Kiwi TCMS by extension, provide you with more options when it comes to mitigating risks and cost compared to proprietary software. However the easiest way to secure the future of Kiwi TCMS is to become a customer and help us sustain development!

  Happy Testing!

  ---

  If you like what we're doing and how Kiwi TCMS please help us!

  • Give â­� on GitHub;
  • Join our newsletter and follow all project news;
  • Become a contributor and an awesome open source hacker;
  • Become a customer and help us sustain development

February 17, 2026

• Kiwi TCMS Private Tenant Extras Subscription Explained

  This page explains what Private Tenant Extras is and how it brings more value to your existing Kiwi TCMS subscription. Please read about the details below.

  What is Private Tenant Extras by Kiwi TCMS

  This is an optional subscription tier which combines our existing Private Tenant SaaS hosting with access to the underlying data in its raw format!

  IMPORTANT: any Private Tenant subscription with unit count > 1 entitles you to this Extras add-on! Please contant support for setup!

  Who is this subscription for

  Private Tenant Extras is suitable for teams using the SaaS version of Kiwi TCMS which require access to their underlying data in machine readable format!

  What do you get

  Everything from lower tier subscription plans plus access to a database and file exports in case you would like to keep your own backup copy or provide in-house integration with other tools.

  What do all of the individual items mean

  Raw SQL database export: you will receive a database export in SQL format, suitable for the Postgres database engine. It includes all tables which constitute your own namespace under the *.tenant.kiwitcms.org domain name. This also includes information about user accounts authorized to access your tenant!

  IMPORTANT: due to technical and security limitations we cannot give you direct access to the underlying database cluster in real-time!

  File uploads included: means exactly that - all attachments uploaded to your private tenant will be included as part of this subscription!

  Encrypted access: all data we export is stored encrypted and may be accessed using the popular open source tool restic. We will provide you with read-only level access and an unique public/private keypair!

  IMPORTANT:

  • Export frequency: 1/day (max 3/day)
  • Exports on disk: last 3 days
  • Retention period: 7 days

  Storage region of your choice: means that we can publish to a geographic region and data center of your choice. Exact locations are subject to availability.

  NOTE: At the time of writing our preferred storage backend is Amazon S3.

  Happy Testing!

  ---

  If you like what we're doing and how Kiwi TCMS please help us!

  • Give â­� on GitHub;
  • Join our newsletter and follow all project news;
  • Become a contributor and an awesome open source hacker;
  • Become a customer and help us sustain development

February 16, 2026

• Pravin Satpute The Performance and Scale Booth at DevConf 2026

  

  
  This initiative was initially proposed by Jaison Raju, who had successfully organized a similar booth at DevConf 2025. As Jaison was unavailable to lead this year, he requested that I take charge of the effort.
  
  Despite an already demanding schedule, my commitment to continuing this valuable presence led me to accept the leadership role.I attended a Booth Organizers meeting with Rajan Shah to establish a clear understanding of the necessary tasks and responsibilities.
  
  From the wide array of projects within Performance and Scale meetup, we decided to feature the Krkn project for the booth, given its recent inclusion in the CNCF organization.
  
  Further information regarding the Krkn project is available here: Link.
  
  Darshan Jain, who recently began working on Krkn, demonstrated exceptional dedication to the booth's success. He took the lead on critical tasks, including planning the presentation slides, recording demonstrations, and onboarding Shashank Kestwal as a member of the booth staff.
  
  

  

  On the day of the event, a parallel talk on the LogAn project was also scheduled: Link. I had initially planned for Darshan and Shashank to manage the booth while I attended the LogAn talk. However, the impressive level of engagement and attendance at the Krkn booth prompted me and Nikhil Jain to join the staff. This provided an opportunity for stimulating discussions covering Krkn, general performance and scale topics, guidance on contributing to open source, and various other subjects.

  

  Booth swag is often an essential component of these events. Unfortunately, a shortage of Performance and Scale stickers necessitated an alternative, and we opted to distribute chocolates as our promotional item, coincidentally aligning with Valentine's Day. This solution proved to be well-received by attendees.
  
  I extend my gratitude to Krishna Magar, Aman Vishwakarma, 

  Rajaditya Chauhan and Nikhil Jain for their presence and support at the booth.

  
  Significant credit is due to Darshan Jain for the meticulous planning and smooth execution of the booth, and to Shashank Kestwal for his excellent support from planning to execution.

February 15, 2026

• Daniel Pocock Iran conflict: Bitcoin could be left behind by traditional gold and silver

  When the price of gold and silver bullion recently shot up, many leaders in the Bitcoin community expressed surprise that Bitcoin prices didn't go up too. In fact, Bitcoin crashed.

  The last time the Straight of Hormuz was closed, the prices of gold and silver bullion doubled. Bitcoin didn't exist back in 1972 so nobody can say what will happen to Bitcoin prices if the same circumstances were repeated.

  The USS Gerald R. Ford was christened on 9 November 2013 and incidentally, President Trump was elected for the first time on 9 November 2016.

  News reports tell us that President Trump has asked the Ford to leave the Caribbean and travel to Iran. Don't be surprised if the USS Gerald R. Ford never reaches the gulf: it may show up next week in Cuba or Greenland instead.

  When President Trump was elected back in 2016, I published a blog about two movies that anticipate the Trump administration. One of them concerns conflict in the Straight of Hormuz and there has never been a better time to watch it.

  If Bitcoin prices do take a big fall so quickly after the last big drop then it may permanently tarnish the reputation of Bitcoin and other cryptocurrencies too. If new users become scared of buying Bitcoins then the existing users will find it harder to convert their coins back to cash when necessary.

  Continue reading the inconvenient truth about cryptocurrency.

  The author holds an MIT MicroMasters in Data, Economics and Development Policy. He does not hold any crypto "assets". Swiss financial regulator FINMA will neither confirm nor deny an investigation on this blog precipitated the resignation of their deputy CEO .

February 14, 2026

• Kevin Fenzi misc fedora bits 2nd week of feb 2026

  

  Another weekly recap of happenings around fedora for me.

  Strange long httpd reload times on proxy11

  I spent a fair bit of time looking at one of our proxies. We have them all to a reload (aka 'graceful restart') every hour when we update a ticketkey on them. For the vast majority of them, thats fine and works as expected. However, proxy11 decided to start taking a while (like 12-15seconds) to reload, causing our monitoring to alert that it was down... then back up.

  In the end, it seemed the problem was somehow related to some old tls certificates that were present, but not used anywhere. All I can think of is that it's doing some kind of parsing of all certs and somehow those old ones cause it undue processing time. I removed those old certs and reload times went way back down again.

  I'm tempted to try and figure out what it's doing exactly here, but I already spent a fair bit of time on it and it's working again now, so I guess I will just shrug and move on.

  Anubis and download servers

  A while back I had to hurredly deploy anubis in front of our download servers. This was due to the scrapers deciding to just download every rpm / iso from every fedora release since the dawn of time at a massive concurrency. This was saturating one of our 10G links completely, and making another somewhat full. So, I deployed anubis and it dropped things back to 'normal' again.

  Fast forward to this last week, and my rush in deploying anubis came back to bite me. We have a cloudfront distribution that uses our download servers as it's 'origin'. Then we point all aws network blocks to use that for any fedora instances in aws. This is a win for us as then everything for them is cached on the aws side saving bandwith, and a win for aws users as that traffic is 'local' to them so faster and doesn't cause them to need to be billed for ingress either.

  Last week, anubis started blocking CloudFront, so uses in aws would get a anubis challenge page instead of the actual content they were expecting. But why did it this just happen now? well, as near as I could determine, someone/scrapers were hitting the CloudFront endpoints and crawling our download server (fine, no problem there), but then they hit a directory that they handled poorly.

  The directory was used/last updated about 11 years ago with a readme file explaining that the content was moved and no longer there. Great. However, also it had previous subdirectories as links to '.' (ie, the current directory). Since scrapers don't use any of the 20 years of crawling code, and instead just brute force things, this resulted in a bunch of requests like:

  GET /foo/ GET /foo/foo/ GET /foo/foo/foo/

  and so on. These are all really small (just a directory listing), so that meant it could make requests really really fast. So, after some point anubis started challenging those CloudFront connections and boom.

  So, the problem with the hurred deployment I had made there was that The policy file I had deployed was not actually being used. I had allowed CloudFront, but it didn't seem to help any, and it took me far too long to figure out that anubis was starting up, printing one error about not being able to read the policy file and just running with the default configuration. ;( It turned out be a podman/selinux interaction and is now fixed.

  I also removed those . links and set that directory tree to just 403 all requests to it.

  Anubis and forge

  Also this week, folks were reporting problems with our new forgejo forge. Anubis was doing challenges when people were trying to submit comments and it was messing them up.

  In the end here, I just needed to adjust the config to allow POSTs through. At least right now scrapers aren't doing any POSTS and just allowing those seems to fix the issues people were having.

  Some more scrapers

  Friday we had them hitting release-monitoring.org. This time it was what I am calling a 'type 0' scraper. It was all coming from one cloud ip and I could just block them.

  This morning a bit ago, we had a group hit/find the 'search' button on koji.fedoraproject.org, taking it offline. I was able to block the endpoint for a few hours and they went away, but no telling if they will be back. These were the 'type 2' kind (botnet using users ip's/browsers from 100's of thousands of different ips).

  I am sad that the end game here sounds like there's not going to be so much of a open internet anymore. ie, for self defense sites will all have to go to requiring registration of some kind before working. I can only hope business models change before it comes to that.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/116070476999694239

February 13, 2026

• Fedora Community Blog Community Update – Week 07 2026

  This is a report created by CLE Team, which is a team containing community members working in various Fedora groups for example Infrastructure, Release Engineering, Quality etc. This team is also moving forward some initiatives inside Fedora project.

  Week: 09 – 13 February 2026

  Fedora Infrastructure

  This team is taking care of day to day business regarding Fedora Infrastructure.
  It’s responsible for services running in Fedora infrastructure.
  Ticket tracker

  • Ported bugzilla2fedmsg to use Red Hat’s Kafka servers, since UMB will be decommissioned. The code with Kafka support is currently in staging but requires firewall ports to be opened (ticket 13133)
  • Resolved outage of stg.pagure.io caused by anubis (ticket 13128)
  • Few more repositories migrated to forge.fedoraproject.org from pagure.io
  • Resolved pushing issues on to src.stg.fedoraproject.org, caused by wrong permissions (ticket 13096)
  • [Tahrir] Add PUT endpoint for updating for USER relation and integrate it with the frontend [Review] [Merged]
  • [Tahrir] List profile invitations when the user has logged in [Pull request]

  CentOS Infra including CentOS CI

  This team is taking care of day to day business regarding CentOS Infrastructure and CentOS Stream Infrastructure.
  It’s responsible for services running in CentOS Infratrusture and CentOS Stream.
  CentOS ticket tracker
  CentOS Stream ticket tracker

  • Update Gitlab Runners to v18
  • Spam on the automotive-sig mailing list

  Release Engineering

  This team is taking care of day to day business regarding Fedora releases.
  It’s responsible for releases, retirement process of packages and package builds.
  Ticket tracker

  • Fedora 44 Mass Branching was successfully completed last week!
  • Beta Freeze is tentatively scheduled to begin next week, Tue 2026-02-17.

  RISC-V

  This is the summary of the work done regarding the RISC-V architecture in Fedora.

  • Fedora RISC-V “unified kernel” work in progress (Jason Montleon): targeted for F44.  Right now they’re being built in Copr.  Will move to Koji once the F44 buildroot is populated.
  • Work by Fabian Arrotin RISC-V builders in CentOS Build System (CBS) now can build from official sources (git+https from CentOS Stream)

  QE

  This team is taking care of quality of Fedora. Maintaining CI, organizing test days
  and keeping an eye on overall quality of Fedora releases.

  • Co-ordinated with releng team on branching as it involves openQA, critical path and the gating policies – things went much smoother this time but still lots of lessons learned and SOP improvements drafted and suggested
  • Work ongoing to port the blockerbugs tool to forgejo , nearly complete but may be delayed as jgroman will be on PTO
  • Multiple enhancements to testdays-web, see merged PRs
  • Updated openQA packages deployed to production
  • Another heavy week of openQA catching bugs, mostly plasma-setup and GNOME 50, details here

  Forgejo

  This team is working on introduction of https://forge.fedoraproject.org to Fedora
  and migration of repositories from pagure.io.

  • Forgejo backup pruning solved
  • Staging runner going offline issue fixed
  • A lot of new organizations created, repo migrations
  • Private Issues: Make tests succeed, ongoing: tidy up commits for PR

  EPEL

  This team is working on keeping Epel running and helping package things.

  • EPEL 11 early planning at CentOS Connect, FOSDEM, and CentOS Docs Day

  UX

  This team is working on improving User experience. Providing artwork, user experience,
  usability, and general design services to the Fedora project

  • Started migrating Fedora Design to Forgejo! 
  • The F45 wallpaper inspiration is officially Alan Turing!

  If you have any questions or feedback, please respond to this report or contact us on #admin:fedoraproject.org channel on matrix.

  The post Community Update – Week 07 2026 appeared first on Fedora Community Blog.

• Dave Airlie drm subsystem AI patch review

  This topic came up at kernel maintainers summit and some other groups have been playing around with it, particularly the BPF folks, and Chris Mason's work on kernel review prompts[1] for regressions. Red Hat have asked engineers to investigate some workflow enhancements with AI tooling, so I decided to let the vibecoding off the leash.

  My main goal:

  - Provide AI led patch review for drm patches

  - Don't pollute the mailing list with them at least initially.

  This led me to wanting to use lei/b4 tools, and public-inbox. If I could push the patches with message-ids and the review reply to a public-inbox I could just publish that and point people at it, and they could consume it using lei into their favorite mbox or browse it on the web.

  I got claude to run with this idea, and it produced a project [2] that I've been refining for a couple of days.

  I started with trying to use Chris' prompts, but screwed that up a bit due to sandboxing, but then I started iterating on using them and diverged.

  The prompts are very directed at regression testing and single patch review, the patches get applied one-by-one to the tree, and the top patch gets the exhaustive regression testing. I realised I probably can't afford this, but it's also not exactly what I want.

  I wanted a review of the overall series, but also a deeper per-patch review. I didn't really want to have to apply them to a tree, as drm patches are often difficult to figure out the base tree for them. I did want to give claude access to a drm-next tree so it could try apply patches, and if it worked it might increase the review, but if not it would fallback to just using the tree as a reference.

  Some holes claude fell into, claude when run in batch mode has limits on turns it can take (opening patch files and opening kernel files for reference etc), giving it a large context can sometimes not leave it enough space to finish reviews on large patch series. It tried to inline patches into the prompt before I pointed out that would be bad, it tried to use the review instructions and open a lot of drm files, which ran out of turns. In the end I asked it to summarise the review prompts with some drm specific bits, and produce a working prompt. I'm sure there is plenty of tuning left to do with it.

  Anyways I'm having my local claude run the poll loop every so often and processing new patches from the list. The results end up in the public-inbox[3], thanks to Benjamin Tissoires for setting up the git to public-inbox webhook.

  I'd like for patch submitters to use this for some initial feedback, but it's also something that you should feel free to ignore, but I think if we find regressions in the reviews and they've been ignored, then I'll started suggesting it stronger. I don't expect reviewers to review it unless they want to. It was also suggested that perhaps I could fold in review replies as they happen into another review, and this might have some value, but I haven't written it yet. If on the initial review of a patch there is replies it will parse them, but won't do it later. 

  [1]  https://github.com/masoncl/review-prompts

  [2] https://gitlab.freedesktop.org/airlied/patch-reviewer

  [3] https://lore.gitlab.freedesktop.org/drm-ai-reviews/

• Remi Collet ⚙️ PHP version 8.4.18 and 8.5.3

  RPMs of PHP version 8.5.3 are available in the remi-modular repository for Fedora ≥ 42 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...).

  RPMs of PHP version 8.4.18 are available in the remi-modular repository for Fedora ≥ 42 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...).

  ℹ� These versions are also available as Software Collections in the remi-safe repository.

  ℹ� The packages are available for x86_64 and aarch64.

  ℹ� There is no security fix this month, so no update for versions 8.2.30 and 8.3.30.

  Version announcements:

  • PHP 8.5.3 Release Annoucement
  • PHP 8.4.18 Release Annoucement

  ℹ� Installation: Use the Configuration Wizard and choose your version and installation mode.

  Replacement of default PHP by version 8.5 installation (simplest):

  On Enterprise Linux (dnf 4)

  dnf module switch-to php:remi-8.5/common
  

  On Fedora (dnf 5)

  dnf module reset php
  dnf module enable php:remi-8.5
  dnf update
  

  Parallel installation of version 8.5 as Software Collection

  yum install php85

  Replacement of default PHP by version 8.4 installation (simplest):

  On Enterprise Linux (dnf 4)

  dnf module switch-to php:remi-8.4/common
  

  On Fedora (dnf 5)

  dnf module reset php
  dnf module enable php:remi-8.4
  dnf update
  

  Parallel installation of version 8.4 as Software Collection

  yum install php84

  And soon in the official updates:

  • Fedora Rawhide now has PHP version 8.5.3
  • Fedora 44 - PHP 8.5.3
  • Fedora 43 - PHP 8.4.18
  • Fedora 42 - PHP 8.4.17

  ⚠� To be noticed :

  • EL-10 RPMs are built using RHEL-10.1
  • EL-9 RPMs are built using RHEL-9.7
  • EL-8 RPMs are built using RHEL-8.10
  • intl extension now uses libicu74 (version 74.2)
  • mbstring extension (EL builds) now uses oniguruma5php (version 6.9.10, instead of the outdated system library)
  • oci8 extension now uses the RPM of Oracle Instant Client version 23.26 on x86_64 and aarch64
  • A lot of extensions are also available; see the PHP extensions RPM status (from PECL and other sources) page

  ℹ� Information:

  • Migrating from PHP 8.2.x to PHP 8.3.x
  • Migrating from PHP 8.3.x to PHP 8.4.x
  • Migrating from PHP 8.4.x to PHP 8.5.x

  Base packages (php)

  

  

  Software Collections (php83 / php84 / php85)

  

  

   

February 11, 2026

• Cockpit Project Cockpit 356

  Cockpit is the modern Linux admin interface. We release regularly.

  Here are the release notes from Cockpit 356:

  Services: Timers created by Cockpit run shell commands and can be edited

  The systemd timer units created by Cockpit now run their command via the shell. Previously, the text you entered into the “Command” field was used directly for the ExecStart value in the systemd service unit for the timer, and was thus subject to systemd specifier expansion and other idiosyncrasies. Now the text you enter is executed directly by /bin/sh.

  Systemd timer units that have been created by this version of Cockpit (or later) can now also be edited in Cockpit.

  Thanks to Miguel Ribeiro for contributing this feature!

  Try it out

  Cockpit 356 is available now:

  • For your Linux system

  • Cockpit Client

  • Cockpit Source Tarball
  • Cockpit Fedora 43
  • Cockpit Fedora 42

February 10, 2026

• Tim Waugh Zettelkasten on a Supernote

  I love the Ratta Supernote e-ink devices. They are a delight to use for writing, planning and all sorts of things. Writing things out by hand helps me connect with them on a deeper level because I need to choose the words more carefully than I would when typing, simply because of the speed difference. The Supernote’s onboard handwriting recognition works really well for my handwriting style.

  At work I also love using Logseq, an open source personal knowledge management tool and outliner. I use it to write down things I learn and ideas I have, then connect things together in interesting ways in order to gain deeper understanding.

  That’s the experience I wanted on the Supernote. Then I discovered Zettelkasten and knew it was what I wanted to use. ZK is a paper-based method and there have been adaptations to all sorts of environments, both physical and virtual. When I started I found it difficult to figure out how to make it feel native on a Supernote.

  I also knew I wanted to be able to export my Supernote Zettelkasten as text in case I wanted to process it on a computer in different ways, or even run an AI assistant on it.

  My first attempt was pretty messy! I’d create a new handwritten notebook file for each idea. Each filename had a timestamp (pre-filled by Supernote when you create a new file) along with a short title.

  I found pysn-digest, a tool which is able to convert Supernote notebooks into Markdown files. So I worked out an elaborate system in which each notebook (each idea) had a level one heading for the title, then level two headings for metadata field names like “type” or “relates to”, then a level one heading again to start the content. The filenames were handwritten (timestamps and all) and I made them links to the idea files. It was really process-heavy and I didn’t stick with it for long before realising I needed to improve it.

  

  Many months later I have evolved this system into a framework I’m really pleased with. It uses only level one headings and all the ideas can be in a single notebook (or split across notebooks if preferred). There are no complicated timestamps or numbering systems, only unique titles.

  Idea notes can link together arbitrarily but also cluster together neatly, as well as nest as deeply as I need them to. I don’t have to keep to the Supernote’s native limit of four heading levels. And thanks to a system of templates and stickers I designed, I can easily see how deep in the tree I am, even from the pages overview. This means it is fast to insert a new idea note into the right place.

  I’ve called it Slipstream. If you have a Supernote and want to skip the trial and error, I’ve packaged the entire framework (PDF user guide, templates, stickers, quick reference and notebooks) into a ready-to-use kit. Download the full Slipstream kit here.

  The post Zettelkasten on a Supernote appeared first on PRINT HEAD.

February 07, 2026

• Kevin Fenzi misc fedora bits 1st week of feb 2026

  

  Welcome to a bit of recap of the first week of February. It will be a shorter one today...

  Fedora 44 Branching

  The big news this week was the Fedora 44 branching off rawhide. This is by far the most complicated part of the release. There's updates that have to happen in a ton of places all in the right order and with the right content.

  Things didn't start when they were supposed to (tuesday morning), because we had some last minute mass rebuilds (golang and ghc). Then, they didn't start wed morning because we were trying to get the gnome 50 update to pass gating. Finally on thursday we just ended up unpushing that update and starting the process.

  This time the releng side was run by Patrik. It's the first time he's done this process, but he did a great job! He asked questions at each step and we were able to clarify and reorder the documetation so I hope things will be even more clear and easy next cycle.

  You can see the current SOP on it (before changes from this cycle): https://docs.fedoraproject.org/en-US/infra/release_guide/sop_mass_branching/ Look at all those steps!

  This was also a bit of a long week because I am in PST and patrik is in CET, so I had to get up early and he had to stay late. Timezones are anoying. :)

  Anyhow, I think things went quite smoothly. We got rawhide and branched composes right away, and only a few minor items to clean up and figure out how to do better.

  Sprint planning meeting again monday

  We had our last sprint planning meeting almost two weeks ago, so on monday it's time for another one. We did manage to run it in matrix, and although we did run over time I think it went not too badly.

  I'll probibly do some prep work on things this weekend for it.

  But if anyone wants to join in/read back it will be in #meeeting-3:fedoraproject.org at 15UTC on matrix.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/116030844840004998

February 06, 2026

• Allan Day GNOME Foundation Update, 2026-02-06

  Welcome to another GNOME Foundation weekly update! FOSDEM happened last week, and we had a lot of activity around the conference in Brussels. We are also extremely busy getting ready for our upcoming audit, so there’s lots to talk about. Let’s get started.

  FOSDEM

  FOSDEM happened in Brussels, Belgium, last weekend, from 31st January to 1st February. There were lots of GNOME community members in attendance, and plenty of activities around the event, including talks and several hackfests. The Foundation was busy with our presence at the conference, plus our own fringe events.

  Board hackfest

  Seven of our nine directors met for an afternoon and a morning prior to FOSDEM proper. Face to face hackfests are something that the Board has done at various times previously, and have always been a very effective way to move forward on big ticket items. This event was no exception, and I was really happy that we were able to make it happen.

  During the event we took the time to review the Foundation’s financials, and to make some detailed plans in a number of key areas. It’s exciting to see some of the initiatives that we’ve been talking about starting to take more shape, and I’m looking forward to sharing more details soon.

  Advisory Board meeting

  The afternoon of Friday 30th January was occupied with a GNOME Foundation Advisory Board meeting. This is a regular occurence on the day before FOSDEM, and is an important opportunity for the GNOME Foundation Board to meet with partner organizations and supporters.

  Turn out for the meeting was excellent, with Canonical, Google, Red Hat, Endless and PostmarketOS all in attendance. I gave a presentation on the how the Foundation is currently performing, which seemed to be well-received. We then had presentations and discussion amongst Advisory Board members.

  I thought that the discussion was useful, and we identified a number of areas of shared interest. One of these was around how partners (companies, projects) can get clear points of contact for technical decision making in GNOME and beyond. Another positive theme was a shared interest in accessibility work, which was great to see.

  We’re hoping to facilitate further conversations on these topics in future, and will be holding our next Advisory Board meeting in the summer prior to GUADEC. If there are any organizations out there would like to join the Advisory Board, we would love to hear from you.

  Conference stand

  GNOME had a stand during both FOSDEM days, which was really busy. I worked the stand on the Saturday and had great conversations with people who came to say hi. We also sold a lot of t-shirts and hats!

  I’d like to give a huge thank you to Maria Majadas who organized and ran our stand this year. It is incredibly exhausting work and we are so lucky to have Maria in our community. Please say thank you to her!

  We also had plenty of other notable volunteers, including Julian Sparber, Ignacy Kuchciński, Sri Ramkrishna. Richard Litteaur, our previous Interim Executive Director even took a shift on the stand.

  Social

  On the Saturday night there was a GNOME social event, hosted at a local restaurant. As always it was fantastic to get together with fellow contributors, and we had a good turnout with 40-50 people there.

  Audit preparation

  Moving on from FOSDEM, there has been plenty of other activity at the Foundation in recent weeks. The first of these is preparation for our upcoming audit. I have written a fair bit about this in these previous updates. The audit is a routine exercise, but this is also our first, so we are learning a lot.

  The deadline for us to provide our documentation submission to the auditors is next Tuesday, so everyone on the finance side of the operation has been really busy getting all that ready. Huge thanks to everyone for their extra effort here.

  GUADEC & LAS planning

  Conference planning has been another theme in the past few weeks. For GUADEC, accommodation options have been announced, artwork has been produced, and local information is going up on the website.

  Linux App Summit, which we co-organise with KDE, has been a bit delayed this year, but we have a venue now and are in the process of finalizing the budget. Announcements about the dates and location will hopefully be made quite soon.

  Google verification

  A relatively small task, but a good one to highlight: this week we facilitated (ie. paid for) the assessment process for GNOME’s integration with Google services. This is an annual process we have to go through in order to keep Evolution Data Server working with Google.

  Infrastructure optimization

  Finally, Bart, along with Andrea, has been doing some work to optimize the resource usage of GNOME infrastructure. If you are using GNOME services you might have noticed some subtle changes as a result of this, like Anubis popping up more frequently.

  That’s it for this week. Thanks for reading; I’ll see you next week!

• Fedora Community Blog Community Update – Week 6

  This is a report created by CLE Team, which is a team containing community members working in various Fedora groups for example Infrastructure, Release Engineering, Quality etc. This team is also moving forward some initiatives inside Fedora project.

  Week: 02 Feb – 05 Feb 2026

  Fedora Infrastructure

  This team is taking care of day to day business regarding Fedora Infrastructure.
  It’s responsible for services running in Fedora infrastructure.
  Ticket tracker

  • [Matrix] Insert 2025 Matrix Dragon Slayers badge artwork [Commit] [Request] [Followup] [Badge]
  • [FOSDEM] Insert Sprouting Strategy badge artwork [Commit] [Issue] [Followup] [Badge]
  • [FOSDEM] Insert FOSDEM 2027 Attendee badge artwork [Commit] [Request] [Followup] [Badge]
  • Fixed permission on staging dist-git [ticket]
  • Fixed failed disk on bvmhost-x86-02 [ticket]
  • Fixed network card issues on copr VM hosts [ticket]
  • Mass updates and reboots [ticket]
  • Continue on pagure.io to forgejo migration [ticket]
  • Continue on registry.fedoraproject.org to quay.io migration [ticket]
  • Look at adapting bugzilla2fedmsg for the migration to Kafka
  • Work with GNOME Damned Lies for their migration to Fedora’s OIDC

  CentOS Infra including CentOS CI

  This team is taking care of day to day business regarding CentOS Infrastructure and CentOS Stream Infrastructure.
  It’s responsible for services running in CentOS Infratrusture and CentOS Stream.
  CentOS ticket tracker
  CentOS Stream ticket tracker

  • [CentOSConnect] Worked on fixing the CentOS Connect 2026 attendee badge [Invitation]
  • CBS s390x builder offline?
  • mirror request
  • Spam on the automotive-sig mailing list

  Release Engineering

  This team is taking care of day to day business regarding Fedora releases.
  It’s responsible for releases, retirement process of packages and package builds.
  Ticket tracker

  • Fedora 44 mass branching preparation [ticket]
  • Mass resigning [ticket]
  • Creating Bugzilla component [ticket]
  • Day to day tickets [ticket]

  RISC-V

  This is the summary of the work done regarding the RISC-V architecture in Fedora.

  • Fedora RISC-V kernel situation: work on a unified kernel is in-progress for F44 that will work across different boards.
    • Copr RISC-V chroots are being used for kernel builds
  • In the RISC-V SIG meeting, agreed to work on a formal “community initiative” for RISC-V
    • Much of the real work has already been going on w/o a “formal” process — Koji server running on Fedora Infra, FAS integration, RISC-V in Copr, etc.
  • State of RISC-V on Fedora talk at FOSDEM was well received.  Slides [PDF] and video are available.
  • F43: the difference between the packages in primary Koji and the RISC-V Koji is very little now (i.e. the gap is being closed).

  QE

  This team is taking care of quality of Fedora. Maintaining CI, organizing test days
  and keeping an eye on overall quality of Fedora releases.

  • KDE Test Days going on now (Feb 2 to Feb 9), please help out! Jgroman publicized this and the GNOME Test Day in Fedora Magazine and Community Blog
  • Finally merged the automated test for openQA for Fedora Media Writer
  • Settling into Forge and discovering some paper cuts – Sprint search, duplicated priority labels
  • Work ongoing to port blockerbugs to Forge
  • Heavy week of openQA catching bugs in Rawhide changes – see ticket for details (more shadow 4.19 stuff and plasma-login-manager feature heavily)

  Forgejo

  This team is working on introduction of https://forge.fedoraproject.org to Fedora
  and migration of repositories from pagure.io.

  • [Forgejo] Create a localization-docs namespace and group mapping for specific requirements [Followup] [Resolved]
  • [Forgejo] Migrate Weblate translations/internationalization tooling from Pagure/GitLab/GitHub to Forgejo [Followup] [Resolved]
  • [Forgejo] Verify if the milestone dates are set correctly in the production deployment of Fedora Forge [Followup] [Resolved]
  • [Forgejo] Create and present Fedora -> Forgejo efforts during FOSDEM 2026 Distributions Devroom [Followup] [Followup] [Resolved]
  • Image build automation pull request
  • Fedora-based runner image built, tested and deployed to staging for further testing (under the playground org), definition
  • Private Issues: Debug failing tests, tidy up accrued changes and cope with nullable public/private issue ID fields

  UX

  This team is working on improving User experience. Providing artwork, user experience,
  usability, and general design services to the Fedora project

  • Artwork for Sprouting Strategy badge.
  • Slideshow template for FOSDEM conference booth complete. Comment with slideshow private due to badge claim link. 
  • FOSDEM swag survey uploaded to LimeSurvey – next step is analysing results.

  If you have any questions or feedback, please respond to this report or contact us on #admin:fedoraproject.org channel on matrix.

  The post Community Update – Week 6 appeared first on Fedora Community Blog.

• Tomas Tomecek Trying Claude Code prompt injections (Feb 2026)

  For quite some time I’ve wanted to test how prone agentic tools are to prompt injection. Let’s go.

  I’ll be using Claude Code 2.1.5, 4.5 Opus in various different sessions.

  

• Remi Collet 💎 PHPUnit 13

  RPMs of PHPUnit version 13 are available in the remi repository for Fedora ≥ 42 and Enterprise Linux (CentOS, RHEL, Alma, Rocky...).

  Documentation :

  • Documentation for PHPUnit
  • Release Announcement for version 13 of PHPUnit
  • Changes in PHPUnit 13.0

  ℹ️ This new major version requires PHP ≥ 8.4 and is not backward compatible with previous versions, so the package is designed to be installed beside versions 8, 9, 10, 11, and 12.

  Installation:

  dnf --enablerepo=remi install phpunit13

  Notice: This tool is an essential component of PHP QA in Fedora. This version should be available soon in the Fedora ≥ 43 official repository (19 new packages).

  

February 04, 2026

• Dave Airlie nouveau: a tale of two bugs

  Just to keep up some blogging content, I'll do where did I spend/waste time last couple of weeks.

  I was working on two nouveau kernel bugs in parallel (in between whatever else I was doing).

  Bug 1: Lyude, 2 or 3 weeks ago identified the RTX6000 Ada GPU wasn't resuming from suspend. I plugged in my one and indeed it wasn't. Turned out since we moved to 570 firmware, this has been broken. We started digging down various holes on what changed, sent NVIDIA debug traces to decode for us. NVIDIA identified that suspend was actually failing but the result wasn't getting propogated up. At least the opengpu driver was working properly.

  I started writing patches for all the various differences between nouveau and opengpu in terms of what we send to the firmware, but none of them were making a difference.

  I took a tangent, and decided to try and drop the latest 570.207 firmware into place instead of 570.144. NVIDIA have made attempts to keep the firmware in one stream more ABI stable. 570.207 failed to suspend, but for a different reason.

  It turns out GSP RPC messages have two levels of sequence numbering, one on the command queue, and one on the RPC. We weren't filling in the RPC one, and somewhere in the later 570's someone found a reason to care. Now it turned out whenever we boot on 570 firmware we get a bunch of async msgs from GSP, with the word ASSERT in them with no additional info. Looks like at least some of those messages were due to our missing sequence numbers and fixing that stopped those.

  And then? still didn't suspend/resume. Dug into memory allocations, framebuffer suspend/resume allocations. Until Milos on discord said you did confirm the INTERNAL_FBSR_INIT packet is the same, and indeed it wasn't. There is a flag bEnteringGCOff, which you set if you are entering into graphics off suspend state, however for normal suspend/resume instead of runtime suspend/resume, we shouldn't tell the firmware we are going to gcoff for some reason. Fixing that fixed suspend/resume.

  While I was head down on fixing this, the bug trickled up into a few other places and I had complaints from a laptop vendor and RH internal QA all lined up when I found the fix. The fix is now in drm-misc-fixes.

  Bug 2: A while ago Mary, a nouveau developer, enabled larger pages support in the kernel/mesa for nouveau/nvk. This enables a number of cool things like compression and gives good speedups for games. However Mel, another nvk developer reported random page faults running Vulkan CTS with large pages enabled. Mary produced a workaround which would have violated some locking rules, but showed that there was some race in the page table reference counting. 

  NVIDIA GPUs post pascal, have a concept of a dual page table. At the 64k level you can have two tables, one with 64K entries, and one with 4K entries, and the addresses of both are put in the page directory. The hardware then uses the state of entries in the 64k pages to decide what to do with the 4k entries. nouveau creates these 4k/64k tables dynamically and reference counts them. However the nouveau code was written pre VMBIND, and fully expected the operation ordering to be reference/map/unmap/unreference, and we would always do a complete cycle on 4k before moving to 64k and vice versa. However VMBIND means we delay unrefs to a safe place, which might be after refs happen. Fun things like  ref 4k, map 4k, unmap 4k, ref 64k, map 64k, unref 4k, unmap 64k, unref 64k can happen, and the code just wasn't ready to handle those. Unref on 4k would sometimes overwrite the entry in the 64k table to invalid, even when it was valid. This took a lot of thought and 5 or 6 iterations on ideas before we stopped seeing fails. In the end the main things were to reference count the 4k/64k ref/unref separately, but also the last thing to do a map operation owned the 64k entry, which should conform to how userspace uses this interface.

  The fixes for this are now in drm-misc-next-fixes.

  Thanks to everyone who helped, Lyude/Milos on the suspend/resume, Mary/Mel on the page tables.

   

• Swiss JuristGate JuristGate is for sale: three billion Swiss francs for a domain name

  When the share price of Credit Suisse, one of Switzerland's two top banks, went into its death spiral, the Swiss authorities had some discussions among themselves and the inevitable result of that discussion was the sale of Credit Suisse to their main rival, UBS.

  The public were told that UBS had offered three billion Swiss francs to compensate the shareholders of Credit Suisse for their shares. Some people were sceptical about the method used to reach this valuation. Nonetheless, it was important for Swiss national pride.

  When writing the reports on the JuristGate web site, I've attempted to operate with the highest level of accuracy and integrity. Nonetheless, everybody has their price. If somebody offered me three billion Swiss francs for the domain then I would probably do like Urban Angehrn and Birgit Rutishauser and take a lengthy garden leave.

  In the meantime, to make up for the wayward support from Swiss legal insurance I've started a crowdfunding campaign to resolve one of the disputes relating to Debian. This is vital because we all do a lot of work for Debian and we are all entitled to equal recognition.

  In a previous blog, I looked at the prompt and efficient manner in which Bernice is undertaking enforcement action to protect the public from rogue health practitioners in the State of Victoria.

  Bernice generated a lot of news stories when she banned a social media influencer, Emily Lal, who promoted herself as The Authentic Birthkeeper. Lal had promoted wild birthing. A number of mothers and babies have died around the world when following the advice of social media influencers.

  I don't know how much Bernice gets paid but I found a job vacancy for her deputy. The salary is in the range up to $290,000 per year. That is approximately CHF 160,000 Swiss francs.

  As Bernice is a nurse and keyworkers never get paid what they are really worth I'm guessing her salary is not too much bigger than that.

  The FINMA annual reports reveal the salaries for the CEO and executive team. Urban Angehrn's salary was CHF 602,000. It looks like FINMA pays their CEO three or four times what the State of Victoria pays Bernice.

  We can compare their performance and see how many banning orders each of them has published:

  FINMA (Swiss financial regulator) banning orders: they published 24 bans between 2018 and 2025. Some bans are not reported publicly.

  Health Complaints Commissioner (Victoria) banning orders: Bernice has personally signed over 100 interim or permanent bans since taking office in July 2022.

  This was Urban Angehrn's payout, CHF 581,000, when he resigned at the same time that FINMA published their anonymous decision about Parreaux, Thiebaud & Partners. Clients/victims were offered nothing.

  

   

  Read more of the JuristGate reports.

• Fedora Community Blog Flock CFP Extended to February 8

  The deadline for the Flock 2026 CFP has been extended to February 8.

  We are returning to the heart of Europe (June 14–16) to define the next era of our operating system. Whether you are a kernel hacker, a community organizer, or an emerging local-first AI enthusiast, Flock is where the roadmap for the next year in Fedora gets written.

  If you haven’t submitted yet, here is why you should.

  Why Submit to the Flock 2026 CFP?

  This year isn’t just about maintenance; it is about architecture. As we look toward Fedora Linux 45 and 46, we are also laying the upstream foundation for Enterprise Linux 11. This includes RHEL 11, CentOS Stream 11, EPEL 11, and the downstream rebuilder ecosystem around the projects. The conversations happening in Prague will play a part in the next decade of modern Linux enterprise computing.

  To guide the schedule, we are looking for submissions across our Four Foundations:

  1. Freedom (The Open Frontier)

  How are we pushing the boundaries of what Open Source can do? We are looking for Flock 2026 CFP submissions covering:

  • Open Source AI: PyTorch, vLLM, and the AI supply chain.
  • RISC-V: Enabling Fedora on the next generation of open silicon.
  • Open Hardware: Drivers, firmware, and board support. GPU enablement?

  2. Friends (Our Fedora Story)

  Code is important, but community is critical. We need sessions that focus on the human element:

  • Mentorship: Case studies on moving contributors from “Lurkerâ€� to “Leader.â€�
  • Inclusion: Strategies for building a more globally-inclusive project.
  • Community Ops: The logistics and operations of running a massive global project.

  3. Features (Engineering Core)

  The “Nitty-Gritty� of the distribution. If you work on the tools that build the OS every six months, we want you on stage:

  • Release Engineering: Improvements to Dist-git, packager tools ecosystem, and the build pipeline. Distribution security. Konflux?
  • Quality Assurance: Automated testing and CI/CD workflows.
  • Packaging: Best practices for RPM, Flatpak, and OCI containers.

  4. First (Blueprint for the Future)

  Fedora is “First.� This track is for the visionaries:

  • Strategy: What does Fedora look like in 2028?
  • Downstream Alignment: How upstream changes flow downstream.
  • New Spins: Atomic Desktops, Cloud Native innovations, and new Editions.

  The post Flock CFP Extended to February 8 appeared first on Fedora Community Blog.

February 03, 2026

• Stephen Smoogen Generations (take N+1)

   

  Putting some rigour to generations

  Recently a coworker posted that children born this year would be in Generation Beta, and I was like “What? That sounds like too soon…” but then thought “Oh its just that thing when you get older and time flies by.” I saw a couple of articles saying it again, so decided to look at what was on the wikipedia article for generations and saw that yes ‘beta’ was starting.. then I started looking at the lengths of the various generations and went “Hold On”.

  

  Let us break this down in a table:

  Generation	Wikipedia	How Long
  T (lost)	1883-1900	17
  U (greatest)	1901-1927	26
  V (silent)	1928-1945	17
  W (boomer)	1946-1964	18
  X	1965-1980	15
  Y (millenial)	1981-1996	15
  Z	1997-2012	15
  alpha	2013-2025	12
  beta	2026-2039	13
  gamma	2040-???	??

  So it is bad enough that Generation X,Millenials, and Z got shortened from 18 years to 15.. but alpha and beta are now down to 12 and 13? I realize that this is because all of this is a made up construct to make some people born in one age group angry/sad/afraid in another by editors who are needing to sell advertising for things which will solve the feelings of anger, sadness, or fear.. but could you at least be consistent.

  I personally like some order to my starting and ending dates for generations so I am going to update some lists I have put out in the past with newer titles and times. We will use the definiton as outlined at https://en.wikipedia.org/wiki/Generation

  A generation is all of the people born and living at about the same time, regarded collectively.[1] It also is “the average period, generally considered to be about 20–30 years, during which children are born and grow up, become adults, and begin to have children.”

  For the purpose of trying to set eras, I think that the original 18 years for baby boomers makes sense, but the continual shrinkflation of generations after that is pathetic. So here is my proposal for generation ending dates outside. Choose which one you like the best when asked what generation you belong to.

  Generation	Wikipedia	18 Years
  T (lost)	1883-1900	1889-1907
  U (greatest)	1901-1927	1908-1926
  V (silent)	1928-1945	1927-1945
  W (boomer)	1946-1964	1946-1964
  X	1965-1980	1965-1983
  Y (millenial)	1981-1996	1984-2002
  Z	1997-2012	2002-2020
  alpha	2013-2025	2021-2039
  beta	2026-2039	2040-2058
  gamma	2040-???	2059-2077

  (*) I say wikipedia here, but they are basically taking dates from various other sources and putting them together.. which should be seen as more on the statement of social commentators who aren’t good at math.

• Fedora fans دانلود و راه‌اندازی Psiphon Conduit؛ ابزار قدرتمند ضد سانسور اینترنت

  

  Psiphon Conduit یک پروژه متن‌باز است که توسط شرکت Psiphon Inc توسعه یافته و بر پایه‌ی هسته‌ی تونلینگ Psiphon (psiphon-tunnel-core) ساخته شده است. این پروژه شامل یک کلاینت موبایل و CLI کراس‌پلتفرم برای ایجاد تونل و پروکسی است که با هدف دور‌ زدن سانسور اینترنت و افزایش دسترسی آزاد به اینترنت طراحی شده است. برخی […]

  The post دانلود و راه‌اندازی Psiphon Conduit؛ ابزار قدرتمند ضد سانسور اینترنت first appeared on طرفداران فدورا.

January 31, 2026

• Kevin Fenzi misc fedora bits for end of jan 2026

  

  Another busy week for me. There's been less new work coming in, so it's been a great chance to catch up on backlog and get things done.

  rdu2cc to rdu3 datacenter move cleanup

  In december, just before the holidays almost all of our hardware from the old rdu2 community cage was moved to our new rdu3 datacenter. We got everything that was end user visible moved and working before the break, but that still left a number of things to clean up and fully bring back up. So, this last week I tried to focus on that.

  • There were 2 copr builder hypervisors that were moved fine, but their 10GB network cards just didn't work. We tried all kinds of things, but in the end just asked for replacement ones. Those quickly arrived this week and were installed. One of them just worked fine, the other one I had to tweak with settings, but finally got it working too, so both of those are back online and reinstalled with RHEL10.

  • We had a bunch of problems getting into the storinator device that was moved, and in the end the reason why was simple: It was not our storinator at all, but a centos one that was decomissioned. They are moving the right one in a few weeks.

  • There were a few firewall rules to get updated and ansible config to get things all green in that new vlan. That should be all in place now.

  • There is still one puzzling ipv6 routing issue for the copr power9's. Still trying to figure that out. https://forge.fedoraproject.org/infra/tickets/issues/13085

  mass update/reboot cycle

  This week we also did a mass update/reboot cycle over all our machines. Due to the holidays and various scheduling stuff we hadn't done one for almost 2 months, so it was overdue.

  There were a number of minor issues, many of which we knew about and a few we didn't:

  • On RHEL10 hosts, you have to update redhat-release first then the rest of the updates, because the post quantium crypto on new packages needs the keys in redhat-release. ;(

  • docker-distribution 3.0.0 is really really slow in our infra, and also switches to using a unpriv user instead of root. We downgraded back for now.

  • anubis didn't start right on our download servers. Fixed that.

  • A few things that got 'stuck' trying to listen to amqp messages when the rabbitmq cluster was rebooting.

  This time also we applied all the pending firmware updates to all the x86 servers at least. That caused reboots to take ~20min or so on those servers as they applied, causing the outage to be longer and more disruptive than we would like, but it's nice to be fully up to date on firmware again.

  Overall it went pretty smoothly. Thanks to James Anthill for planning and running most all the updates.

  Some homeassistant fun

  I'm a bit behind on posting some reviews of new devices added to my home assistant setup and will try and write those up soon, but as a preview:

  • I got a https://shop.hydrificwater.com/pages/buy-droplet installed in our pumphouse. Pretty nice to see exact flow/usage of all our house water. There's some anoyances tho.

  • I got a continous glucose monitor and set it up with juggluco (open source android app), which writes to health connect on my phone, and the android home assistant app reads it and exposes it as a sensor. So, now I have pretty graphs, and also figured out some nice ways to track related things.

  • I've got a solar install coming in the next few months, will share how managing all that looks in home assistant. Should be pretty nice.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/115991151489074594

• Fedora fans آموزش و معرفی Snowflake Tor برای عبور از محدودیت‌های اینترنت

  

  پروژه Snowflake یک فناوری ضدسانسور از پروژه Tor است که به کاربران کمک می‌کند حتی در کشورها یا شبکه‌هایی که Tor مسدود شده، به اینترنت آزاد و شبکه Tor متصل شوند. چند ویژگی‌ مهم Snowflake: یک Pluggable Transport برای Tor است که ترافیک را طوری پنهان می‌کند که شناسایی و فیلتر آن سخت‌تر شود. ارتباطات […]

  The post آموزش و معرفی Snowflake Tor برای عبور از محدودیت‌های اینترنت first appeared on طرفداران فدورا.

January 30, 2026

• Adam Young Stacking Protocols

  I find myself writing a program in C that is supposed to handle multiple protocols. At its entry point, the protocol is Platform Communication Channel (extended memory, type 3 and type 4). Embedded in that is an Management Component Transport Protocol (MCTP) message, and embedded in that is one of many different protocols.
  
  I might want to swap out the PCC layer in the future for….something else. MCTP can come over many different protocols, so there is a good be that the tool will be more useful if it can assume that the protocol outside of the MCTP layer is something other than MCTP.
  
  One problem I have is that the MCTP header does not have a length field. We do not not know how long the payload is; all it has is version, source, destination, and flags. Thus, if we want to pass a buffer of type MCTP header along, and we want the length, we need to pass it in a separate field. This goes both for incoming (how many bytes to read) and outgoing (how many bytes to write).

  My initial thought on writing this layer is to have a request/response pair for each layer of the protocol. For PCC, I could just do this. For all the other internal ones, I would need to pass length in and length out for each handler. Length in will not change, but length out might, so this needs to be passed as pointer. This leads to functions that look like this:

  void handle_mctp_control_message(struct mctp_hdr * mctp_req,  int req_len,  struct mctp_hdr * mctp_resp,  int *resp_len)
  {
  
  }

  I will also need to be converting from outer protocols to inner protocols. So I will need code like this:

  struct mctp_hdr * mctp_req  = (struct mctp_hdr *)pcc_req->buffer_start;
  int mctp_req_len = pcc_req->length - sizeof(MCTP_SIGNATURE);
  struct mctp_hdr * mctp_rsp  = (struct mctp_hdr *)pcc_rsp->buffer_start;

  The outgoing length would be initialized to 0, and grow as each later of the protocol stack adds its own data. However, I am planning on pre-allocating the buffer, and just passing a pointer to the location where the protocol is supposed to write its data. IN order to confirm we don’t want to write past the end of the function, we will have to pass the overall buffer length in, maybe shortened by the amount we need to reserve for the outer headers.

  If each protocol header had a smart pointer, I could pass those around instead. Something like:

  struct pcc_header_p {
      struct pcc_header * header;
      int buffer_length;
  }
  
  struct mctp_header_p {
      struct mctp_header * header;
      int length;
      int buffer_length;
  }

  Then it would be fairly easy to write a function that, given an *pcc_header_p populates a struct mctp_header_p that points to it.

  void pcc_2_mctp(struct pcc_header_p *pcc, struct mctp_header_p *mctp)
  {
     mctp->header = (struct mctp_header *)pcc->header[sizeof struct pcc_header];
     mctp->len =  pcc->header.length - sizeof(MCTP_SIGNATURE);
     mctp->buffer_length = pcc->buffer->length - sizof(struct pcc_header);
       
  }

  This seems like it would benefit from a set of preprocesser Macros. I know that Qemu does something like this. But for a first pass, I think I can just code it up like this.

• Ankur Sinha "FranciscoD" Building an AI assistant for computational modelling with NeuroML

  Brain models are hard to build

  While experiments remain the primary method by which we neuroscientists gather information on the brain, we still rely on theory and models to combine experimental observations into unified theories. Models allow us to modify and record from all components, and they allow us to simulate various conditions---all of which is quite hard to do in experiments.

  Researchers model the brain at multiple levels of detail depending on what it is they are looking to study. Biologically detailed models, where we include all the biological mechanisms that we know of---detailed neuronal morphologies and ionic conductances---are important for us to understand the mechanisms underlying emergent behaviours.

  These detailed models are complex and difficult to work with. NeuroML, a standard and software ecosystem for computational modelling in Neuroscience, aims to help by making models easier to work with. The standard provides ready-to-use model components and models can be validated before they are simulated. NeuroML is also simulator independent, which allows researchers to create a model and run it using a supported simulation engine of choice.

  

  In spite of NeuroML and other community developed tools, a bottleneck remains. In addition to the biology and biophysics, to build and run models, one also needs to know modelling/simulation and related software development practices. This is a lot, presents quite a steep learning curve and makes modelling less accessible to researchers.

  LLM based assistants provide a possible solution

  LLMs allow users to interact with complex systems using natural language by mapping user queries to relevant concepts and context. This makes it possible to use LLMs as an interface layer where researchers can continue to use their own terminology and domain-specific language, rather than first learning a new tool's vocabulary. They can ask general questions, interactively explore concepts through a chat interface, and slowly build up their knowledge.

  We are currently leveraging LLMs in two ways.

  RAG

  The first way we are using LLMs is to make it easier for people to query information about NeuroML.

  As a first implementation, we queried standard LLMs (ChatGPT/Gemini/Claude) for information. While this seemingly worked well and the responses sounded correct, given that LLMs have a tendency to hallucinate, there was no way to ensure that the generated responses were factually correct.

  This is a well known issue with LLMs, and the current industry solution for building knowledge systems using LLMs with correctness in mind is the RAG system. In a RAG system, instead of the LLM answering a user query using its own trained data, the LLM is provided with curated data from an information store and asked to generate a response strictly based on it. This helps to limit the response to known correct data, and greatly improves the quality of the responses. RAGs can still generate errors, though, since their responses are only as good as the underlying sources and prompts used, but they perform better than off-the-shelf LLMs.

  For NeuroML we use the following sources of verified information:

  • the documentation from https://docs.neuroml.org
  • NeuroML publications
  • other sources, such as well validated models from our Open Source Brain platform

  I have spent the past couple of months creating a RAG for NeuroML. The code lives here on GitHub and a test deployment is here on HuggingFace. It works well, so we consider it stable and ready for use.

  Here is a quick demo screen cast:

  We haven't dedicated too many resources to the HuggingFace instance, though, as it's meant to be a demo only. If you do wish to use it extensively, a more robust way is to run it locally on your computer. If you have the hardware, you can use it completely offline by using locally installed models via Ollama (as I do on my Fedora Linux installation). If not, you can also use any of the standard models, either directly, or via other providers like HuggingFace.

  The package can be installed using pip, and more instructions on installation and configuration is included in the package Readme. Please do use it and provide feedback on how we can improve it.

  Implementation notes (for those interested)

  The RAG system is implemented as a Python package using LangChain/LangGraph. The "LangGraph" for the system is shown below. We use the LLM to generate a search query for the retrieval step, and we also include an evaluator node that checks if the generated response is good enough---whether it uses the context, answers the query, and is complete. If not, we iterate to either get more data from the store, to regenerate a better response, or to generate a new query.

  

  The RAG system exposes a REST API (using FastAPI) and can be used via any clients. A couple are provided---a command line interface and a Streamlit based web interface (shown in the demo video).

  The RAG system is designed to be generic. Using configuration files, one can specify what domains the system is to answer questions about, and provide vector stores for each domain. So, you can also use it for your own, non-NeuroML, purposes.

  Model generation and simulation

  The second way in which we are looking to accelerate modelling using LLMs is by using them to help researchers build and simulate models.

  Unfortunately, off-the-shelf LLMs don't do well when generating NeuroML code, even though they are consistently getting better at generating standard programming language code. In my testing, they tended to write "correct Python", but mixed up lots of different libraries with NeuroML APIs. This is likely because there isn't so much NeuroML Python code out there for LLMs to "learn" from during their training.

  One option is for us to fine tune a model with NeuroML examples, but this is quite an undertaking. We currently don't have access to the infrastructure required to do this, and even if we did, we will still need to generate synthetic NeuroML examples for the fine-tuning. Finally, we would need to publish/host/deploy the model for the community to use.

  An alternative, with function/tool calls becoming the norm in LLMs, is to set up a LLM based agentic code generation workflow.

  Unlike a free-flowing general-purpose programming language like Python, NeuroML has a formally defined schema which models can be validated against. Each model component fits in at a particular place, and each parameter is clearly defined in terms of its units and significance. NeuroML provides multiple levels of validation that give the user specific, detailed feedback when a model component is found to be invalid. Further, the NeuroML libraries already include functions to validate models, read and write them, and to simulate them using different simulation engines.

  These features lend themselves nicely to a workflow in which an LLM iteratively generates small NeuroML components, validates them, and refines them based on structured feedback. This is currently a work in progress in a separate package.

  I plan to write a follow up post on this once I have a working prototype.

  ---

  While being mindful of the hype around LLMs/AI, we do believe that these tools can accelerate science by removing/reducing some common accessibility barriers. They're certainly worth experimenting with, and I am hopeful that the modelling/simulation pipeline will help experimentalists that would like to integrate modelling in their work do so, completing the neuroscience research loop.

• Swiss JuristGate MIT DEDP MicroMasters online learner's blog post about cover-up linked to resignation of Swiss financial regulator

  MIT's DEDP MicroMasters is about Data, Economics and Development Policy. It was recently renamed, Data Economics & Design of Policy although the focus remains on developing countries, not rich countries like Switzerland. From time to time, I've seen people asking what a MicroMasters certificate is really worth. Ironically, that would be a great question for an MIT economist to answer.

  In one of the modules, 14.750x Political Economy, Prof Ben Olken begins by asking the online learners to read papers Hit or Miss? The Effect of Assassinations on Institutions and War and Do leaders matter? National leadership and growth since world war II. The above average rate of assassinations for people with this job category is used to give us insights. There is nothing in the paper about leaders kidnapped by President Trump. Trump himself was nearly assassinated before his own return to office. The paper is available online.

  

   

  In earlier blogs, we were able to prove the anonymous document on the FINMA web site relates to Parreaux, Thiébaud & Partners, Switzerland's "Law Firm X". From there, we were able to prove that FINMA, the regulatory authority knew about it for some years and the Geneva bar association also seemed to know for a long time.

  In the world of abuse, it seems that priests knew some of their colleagues were paedophiles but they have a code of conduct, the Crimen Sollicitationis which prevented priests from warning the public about their own colleagues. The Swiss jurists from the bar association and officials from FINMA appeared to be operating from the same playbook. Those who knew about the scandal didn't tell the clients. They put the reputation of their profession and the privacy of rogue colleagues ahead of the interests of public safety and justice.

  We then went the next step, showing that FINMA participated in a cover-up. Reports on this web site meticulously reverse-engineering their cover-up tactics.

  From the moment the illegal legal insurance launched in 2018, Birgit Rutishauser had been head of FINMA's surveillance of the insurance industry.

  Rutishauser is a graduate of ETH Zurich. Many of the attacks on my family revolve around the death of Adrian von Bidder-Senn on our wedding day. He was also an ETH Zurich graduate like Rutishauser. Just as the priests and the jurists have sought to maintain strict silence about the wrongdoing of colleagues, it seems the ETH Zurich alumni are maintaining silence. After all, Adrian von Bidder-Senn's wife obtained a PhD in cybersecurity from the same institution but looking at the last email she sent to the Debianists, we can see that Dr Diana von Bidder-Senn failed to realize the extent to which her husband was a victim of social engineering. Dr von Bidder-Senn is now the mayor of Basel.

  When Rutishauser was appointed in 2018, FINMA published the following comments about her background:

  The 46-year-old mathematician and actuary has managed the Risk Management section of the Insurance division since June 2016. Prior to joining FINMA, Birgit Rutishauser spent many years working in a variety of management roles within the insurance sector, most recently as Chief Underwriting & Risk Management Officer at Nationale Suisse and, as such, a member of the Group Executive Management Board. Birgit Rutishauser is a Swiss citizen.

  Rutishauser had also worked for Zurich insurance, the same company where Urban Angehrn had worked prior to joining FINMA.

  By comparison, I am a holder of the MIT MicroMasters diploma in Data, Economics & Development Policy (DEDP). Well, I also worked for a few banks too. UBS in Zurich provided a reference letter:

  

   

  Competitors and cyberbullies have spent an enormous amount of effort trying to trick people to believe that I'm a mentally ill person who only pretends to be a developer:

  Subject: Re: Open Letter to Debian election candidates about Debian vendettas
  Date: Sun, 20 Mar 2022 21:00:02 +0900
  From: Hideki Yamane <henrich@iijmio-mail.jp>
  To: Daniel Pocock <daniel@pocock.pro>
  CC: debian-devel@lists.debian.org
  
  Hi,
  
   [ ... snip gaslighting ... ]
  
   Before talking, you should get counseling for a while since it seems that
   you have some cognitive troubles now. You'd be better to hear about your
   opinion and current your mind status from professional 3rd parties, not Debian.
   (If they say you're very healthy and good, then that's good. Don't you think so?)
  
   Without that, we cannot make a constructive conversation.
    As I said in my platform, "Be calm, stay cool, stay safe" - Hope you stay "cool"
   a bit with help from professionals, and you would to be able to a "contributor"
   to floss again.
  
  
   Life is short - to waste our time for fighting. Let's make more values for users.
  
  
  -- 
  Hideki Yamane <henrich@iijmio-mail.jp>
  

  The rumours about mental illness were obviously falsified. Nonetheless, it is important to remember they started falsifying these things at a time when I lost two family members. Is it an example of cybertorture or is it simply an example of how rude these people are after spending too much time in social control media?

  Is it possible that a mentally ill fake developer with a MicroMasters was able to write a blog post that brought down the Deputy CEO of the Swiss financial market regulator?

  Rather than finding me to be insane, Switzerland granted me citizenship in the Canton of Vaud in November 2023:

  

   

  Early 2024, I came across a photo of Switzerland's attorney general visiting his peers at the Parquet National Financier in Paris, France to talk about cross-border crime. The illegal legal insurance was an example of cross-border crime because they recruited people from France to work for them and they promoted the insurance to French residents.

  The meeting and photo has since been removed from the PNF web site but it can be found in the Wayback Machine.

  Rencontre avec M. Stefan Blättler, procureur général de la Confédération helvétique

  Le 13 février, les quatre chefs de juridiction du tribunal judiciaire de Paris ont reçu M. Stefan Blättler, procureur général de la Confédération helvétique.

  Ces échanges stratégiques ont permis d’aborder les questions d’entraide pénale internationale et de lutte contre la criminalité organisée, le terrorisme, les crimes contre l'humanité et la délinquance financière.

  Ils ont été l’occasion de rappeler la détermination commune des autorités judiciaires françaises et helvétiques à lutter contre les formes complexes de criminalité et de réaffirmer le caractère essentiel d'un dialogue soutenu et cordial entre pays voisins, partageant une frontière et une relation longue.

  

   

  I wrote to the PNF and sent them some of the documents. This was their reply:

  

   

  The PNF, like me, suspects that a crime was committed under French law but for technical reasons, they require a French citizen to bring a formal complaint to a local prosecutor first. The law in France would see me as a witness to the crime.

  Later in 2024, I acquired the domain name www.michaelmcgrath.ie, that is the former domain name of Michael McGrath, the EU Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection.

  I used the EU Justice Commissioner's former domain name to publish information about the cross-border crime from the Swiss jurists.

  

   

  The blogs published between January and March 2025 continue to build the case that FINMA not only knew about the illegal legal insurance but they also had a role in the cover-up.

  The blog published on 8 March 2025, International Women's Day, considered the case of a French woman who was tricked to quit the job she had for seven years and come to work for the Swiss jurists in Geneva selling illegal legal insurance.

  On 27 March 2025, I was discussing the case with an expert in Paris at the same time the BBC was interviewing former Archbishop of Canterbury Justin Welby about the cover-up of their jurist John Smyth QC. In the meeting in Paris, I was asked if there was a link between the paedophiles and the jurists. The BBC's report only appeared after the meeting and it prompted me to write a new blog post about the culture of cover-ups.

  When famed whistleblower Trevor Kitchen exposed the Forex scandal, he didn't go as far as comparing anybody to a paedophile, nonetheless, they had him arrested in Portugal and tried to have him extradited back to Switzerland for criminal speech.

  Finance chief who exposed currency scandal fights Swiss extradition bid for criminal defamation

  ...

  Mr Kitchen, who worked as a financial controller for companies including Shell, Castrol and Black and Decker, lost his 700,000 franc pension due to the rigged currency fluctuations.

  ...

  “Because I had specialised in finance all my life understanding policies and procedures in companies, I went and reported this to all the regulators,” he said.

  Toby Cadman, head and co-founder of Guernica 37 International Justice Chambers, who is working pro bono for Mr Kitchen, said: “If he was in the UK, this would not even get past the issuing of a warrant, let alone the extradition process.

  ...

  He was arrested by Portuguese police on January 19 and taken for questioning. “It was all maximum security stuff. Six policemen were around me and took me into a small room and told me to take all my clothes off. They threw me in prison for 48 hours all because of the words I used,” he said.

  The Swiss embassy has been contacted for comment.

  Yet Swiss authorities have made no such move against me. Without admitting or denying any of the allegations on this web site, Birgit Rutishauser's resignation was announced on 1 April 2025, barely two days after the strongest blog post about the complicity of the authorities in the cover-up.

  First of all, FINMA published a notice about Rutishauser's resignation.

  The same day, FINMA published a longer notice about their restructuring. The notice included a paragraph emphasizing that Birgit Rutishauser's departure was not part of the restructuring. In other words, there is some other specific reason she has chosen to tender her resignation and they are not going to give us any more detail about it.

  FINMA adapts its organisation to meet future challenges

  ...

  Independently of the introduction of the new organisational structure, Birgit Rutishauser, member of the Executive Board, Deputy CEO and Head of the Insurance division, has decided to leave FINMA. Vera Carspecken will assume the leadership of the Insurance division on an interim basis from 1 May 2025 (see separate press release of 1 April 2025).

  Somebody with so many years of service would normally be entitled to three months of notice period. The abrupt departure of Martin Senn from Zurich insurance was referred to as a factor in his suicide. However, it is also possible that Rutishauser was placed on an extended period of garden leave to prevent her from immediately being able to use confidential information she has acquired in the course of her duties.

  Rutishauser's LinkedIn profile tells us she is now at StenFo, that is the fund for a Swiss nuclear dump.

  All the waste from five decades of Swiss nuclear programs is currently stored in a temporary facility at Zwilag. If they ever try to build a permanent underground storage facility there will be a referendum to stop it. It just sits in the temporary facility for the time being:

  

   

  

   

  President Putin frequently reminds the world about nuclear punishments. What we see here is the power of nuclear teamwork.

  Fifty percent of Swiss nuclear fuel comes from Russia, twenty five percent from Canada and twenty five percent was mined in Australia, where I was born.

  After leaving her post as second in command at FINMA, head of the insurance division, Rutishauser enrolled at IMD, a well known Swiss business school, where she was awarded a certificate in blockchain.

  

   

  While there are some companies doing completely legitimate projects with blockchain, it is ironic that the scammers who had been allowed to operate for years under FINMA have also pursued a new career path promoting cryptocurrency "investment" to victims in France.

  I started the Software Freedom Institute in May 2021 in the middle of the pandemic. Many people were not working at all. I could have chosen not to work and claimed furlough payments from the government. Instead, by working, I was paying tax and contributing money to the social security system to support the rest of society.

  I purchased and paid for various insurance services to protect the business. Invoices for Parreaux, Thiebaud & Partners legal services. When IBM Red Hat attacked my business, the Swiss legal protection did nothing to help. The ADR Forum legal panel eventually gave a ruling against IBM Red Hat, declaring that I was a victim of harassment from a much larger company/competitor.

  Likewise, after the conviction of Cardinal George Pell, rogue Debianists attacked my family with rumours about abuse and they attacked us again after I founded the Software Freedom Institute. The Swiss jurists did nothing to help. I went to Italy by myself to speak to the Carabinieri and after years of inquiries, the Cardinal died four hours after I filed a report about exploitation. Despite Switzerland's reputation for privacy, the Swiss jurists provided no help whatsoever to protect my family and I from these intrusions.

  Justin Welby had to resign as Archbishop of Canterbury due to his failure to take action against the paedophile jurist John Smyth QC. On 30 March 2025, we published the comparison of Church of England, Crimen Sollicitationis and the cover-up at FINMA and barely two days later, Rutishauser's resignation was announced.

  As it is Switzerland, nobody is holding their breath waiting for authorities to confirm the Deputy CEO of FINMA resigned because of the cover-up disclosed in the JuristGate reports. However, we can now try to answer the question we started with, what is the real value of the DEDP MicroMasters from MIT? Priceless.

  

   

  Read more of the JuristGate reports.

• Guillaume Kulakowski Pourquoi je suis resté sur n8n ?

  Ça fait maintenant un bon moment que je me pose la question : est-ce que je dois quitter n8n pour une autre solution d’automatisation ? n8n est un excellent outil, je l’utilise depuis longtemps, mais au fil des versions une tendance devient claire : de plus en plus de fonctionnalités sont réservées aux offres Enterprise […]

  Cet article Pourquoi je suis resté sur n8n ? est apparu en premier sur Guillaume Kulakowski's blog.

• Remi Collet 🎲 PHP version 8.4.18RC1 and 8.5.3RC1

  Release Candidate versions are available in the testing repository for Fedora and Enterprise Linux (RHEL / CentOS / Alma / Rocky and other clones) to allow more people to test them. They are available as Software Collections, for parallel installation, the perfect solution for such tests, and as base packages.

  RPMs of PHP version 8.5.3RC1 are available

  • as base packages in the remi-modular-test for Fedora 41-43 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

  RPMs of PHP version 8.4.18RC1 are available

  • as base packages in the remi-modular-test for Fedora 41-43 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

  ℹ️ The packages are available for x86_64 and aarch64.

  ℹ️ PHP version 8.3 is now in security mode only, so no more RC will be released.

  ℹ️ Installation: follow the wizard instructions.

  ℹ️ Announcements:

  • PHP 8.5.3RC1 available for testing
  • PHP 8.4.18RC1 available for testing

  Parallel installation of version 8.5 as Software Collection:

  yum --enablerepo=remi-test install php85

  Parallel installation of version 8.4 as Software Collection:

  yum --enablerepo=remi-test install php84

  Update of system version 8.5:

  dnf module switch-to php:remi-8.5
  dnf --enablerepo=remi-modular-test update php\*

  Update of system version 8.4:

  dnf module switch-to php:remi-8.4
  dnf --enablerepo=remi-modular-test update php\*

  ℹ️ Notice:

  • EL-10 packages are built using RHEL-10.1 and EPEL-10.1
  • EL-9 packages are built using RHEL-9.7 and EPEL-9
  • EL-8 packages are built using RHEL-8.10 and EPEL-8
  • oci8 extension uses the RPM of the Oracle Instant Client version 23.9 on x86_64 and aarch64
  • intl extension uses libicu 74.2
  • RC version is usually the same as the final version (no change accepted after RC, exception for security fix).
  • versions 8.4.18 and 8.5.3 are planed for February 12th, in 2 weeks.

  Software Collections (php84, php85)

  

  

  Base packages (php)

  

  

January 29, 2026

• David Cantrell rpminspect-2.1 released

  rpminspect 2.1 is now available. The last release was on September 5, 2024. That was 511 days ago, so a bit longer than I really wanted to make it. Similar to the previous release, this release of rpminspect marks the first post on my blog for 2026. My plan for 2026 is to make more frequent releases even if they just contain one or two fixes. Development and maintenance of rpminspect comes in waves, so I think that will work out better while getting fixes out to people.

  Since it has been 511 days since the last release, I will just paste the changes below. I am having a hard time remembering everything that went in to it, but that’s why we have logs!

  Work on 2.1 has begun. Please file issues and feature requests on the GitHub project page: https://github.com/rpminspect/rpminspect. The changes below are in the 2.1 release:

  General release and build process changes:

  • Remove duplicate AND from License tag
  • Drop utils/find-ninja.sh and update GNUmakefile and README.md
  • Remove explicit requires on libtoml
  • Fix FTBFS errors in the spec file for home.
  • Update the Copr srpm target to sub %autorelease correctly
  • Change the Release value used for Copr builds to 1.1….
  • Add ‘Recommends: system-rpm-config’ to the spec file template

  Config file or data/ file changes:

  • Drop ‘id’ from the example license JSON database

  Changes to the GitHub Actions CI scripts and files:

  • On Fedora rawhide, remove duplicate __debug_package in macros
  • Fix broken Debian Testing and Alpine Linux CI jobs
  • On Fedora stable, remove duplicate __debug_package in macros
  • Remove obsolete Fedora CI job files
  • Uninstall openssl-fips-provider-so in the RHEL UBI9 test environment
  • On Fedora systems, make sure /var/lib/clamav is 0755
  • Add clamav-freshclam to reqs.txt for Fedora
  • Do not run freshcleam on Fedora CI jobs
  • Workaround Gentoo bug with circular dependencies
  • Install ‘gawk’ on fedora and fedora-rawhide CI jobs
  • Default Fedora environment lacks awk now, so install it.
  • Fixes for some failing CI jobs
  • Fix how ‘rc’ compiles on Arch Linux
  • On OpenSUSE Leap builds, explicitly install which before git
  • Drop the modification of /usr/bin/xmlrpc-c-config on Debian testing
  • Fix ‘rc’ build and install Mageia Linux job
  • Recognize newer operating systems in determine-os.sh
  • Set /var/lib/clamav ownership on CentOS 10 CI job
  • Remove Oracle Linux jobs
  • Fix Debian GHA failures
  • Fix the Debian GitHub Action jobs
  • Minor fixes for the OpenSUSE and Ubuntu CI jobs on GitHub
  • Ignore changes in the .github/ and osdeps/ subdirectories
  • Do ‘emerge -uDN world’ in the Gentoo CI job before running
  • Try to reduce the amount of stuff built on Gentoo
  • Increase the timeout for Ubuntu GHA jobs
  • Add additional packages to Debian jobs and install annocheck
  • Upgrade Fedora rawhide test environments
  • Install libatomic.i686 on Fedora stable and rawhide jobs
  • Install lib64xxhash-devel on Mageia jobs
  • Build cc with CFLAGS=-std=gnu99 on Alpine Linux
  • Fix up the Gentoo CI jobs so they don’t fail

  rpminspect(1) changes or improvements related to it:

  • Disable the ‘filesmatch’ inspection for now

  Documentation changes:

  • Update examples in the rpminspect(1) man page

  General bug fix in the library or frontend program:

  • Strip UNPACK_BASE directory in unicode inspection
  • Subpackage changes can cause some peer rpmdeps to be empty
  • Support PatchN specifications with URLs to the upstream patch
  • Make sure unapproved licenses are reported as such.
  • Refactor how remedy strings are handled in librpminspect
  • Correctly handle SPDX special keywords: AND, OR, WITH
  • Match 32-bit x86 RPMs when performing inspections
  • Add extra guards for hardlink handling in extract_rpm()
  • Prevent duplicate SRPMs in file lists when comparing tasks
  • Check if archive exists before closing it
  • Properly handle hard links on RPM payload extraction
  • Continued fixes for the new libxml2 API
  • Correct rebase build comparison in some inspections
  • Download failure does not exit with a error code
  • Memory leak fixes in strtrim()
  • Allow %{load} macros to work when calling rpmSpecParse()
  • Define _specdir in read_spec() for spec files that self-reference
  • Memory leak fixes in read_spec()
  • Retain empty lines when using strsplit()
  • Ignore the tokens within a %verify() expression in %files
  • Do not write untokenized %doc and %license lines to filtered spec
  • Skip debuginfo and debugsource packages in filesmatch
  • s/file->rpm_header/peer->after_hdr/g in filesmatch
  • Ignore .build-id subdirectories in the filesmatch inspection
  • Handle %dir and %files modifiers in %doc & %license lines
  • Invoke annocheck correctly so we do not get incorrect reporting
  • Fix some curl_easy_setop() calls that give warnings on FreeBSD
  • Correctly construct entry paths in extract_rpm()
  • Correct some formerly gcc warnings that are now errors

  librpminspect feature or significant change:

  • Disable file and scan size limits in clamav
  • Honor locally defined ignore list for the ‘unicode’ inspection
  • Favor POSIX basename(3) throughout librpminspect
  • Support SPDX 3.0 expression specification
  • Drop FNM_PATHNAME for path matching from rule files
  • When extracting payloads, if archive_read_extract() fails, error out
  • Change ENODATA to EIO in libarchive read loop
  • Expand the remedy strings for the ‘patches’ inspection
  • Handle newer versions of libxml2 and deprecated struct members
  • Minor memory management cleanups in shellsyntax inspection
  • Make free_string_hash() part of the public API
  • Define PATH_SEP and rename joinpath() to joindelim()
  • Add read_spec() function and use librpm for macro expansion
  • Introduce the ‘filesmatch’ inspection
  • Add filtering ability to the read_spec() function
  • Minor cleanups for the filesmatch inspection
  • Refactor how %doc and %license lines are processed in filesmatch
  • Hook up the actual filesmatch inspection
  • Remove the abandoned ‘filesmatch’ inspection.
  • Ignore expected empty RPM payloads in ‘lostpayload’ (#1518)
  • In runcmd.c, return NOT FOUND for not found commands
  • Account for RPM payloads carrying paths not in the RPM metadata
  • Handle additional annocheck profile name matching

  Test suite commits:

  • Work around a limitation on Arch Linux in test_debuginfo
  • Add a testcase for unicode ignored files
  • Adjust test_kmod to account for EXTRA_CFLAGS removal in 6.15
  • Increase test case timeouts to 5000 from 1500
  • Add —skip-implicit-values to annocheck test jobs
  • In test_elf.py add -Wl,-z,notext for TEXTREL and PIC tests
  • When writing to test rpminspect.yaml file, do not wrap lines

  See https://github.com/rpminspect/rpminspect/releases/tag/v2.1 for more information.

  Where to get this new release?

  Fedora (42, 43, and rawhide), EPEL 8, EPEL 9, and EPEL 10 users can get new builds from the testing updates collection. If you install from the testing update, please consider a thumbs up in Bodhi. Without that it takes a minumum of two weeks for it to appear in the stable repo.

  Copr builds continue to be available in my Copr collection. The Copr repos are updated each time a pull request is merged and testing passes, so it contains the latest build of what will become the next stable release. Often times I ask reporters to try a Copr build to ensure a fix is correct. I do not expect all users to rely on the Copr builds, but do be aware of them if you report a bug or feature requests for rpminspect.

  Lastly, I will be moving the upstream location of this project likely to codeberg.org and off of github.com as GitHub continues to march towards AI in everything. I will update the project page on GitHub when that happens and the repo there will likely go read-only before I eventually archive it or delete it entirely.

• Remi Collet 📦 QElectroTech version 0.100

  RPM of QElectroTech version 0.100, an application to design electric diagrams, are available in remi for Fedora and Enterprise Linux  8 and 9.

  The project has just released a new major version of its electric diagrams editor.

  Official website: see  http://qelectrotech.org/, the version announcement, and the ChangeLog.

  ℹ️ Installation:

  dnf --enablerepo=remi install qelectrotech

  RPMs (version 0.100-1) are available for Fedora ≥ 41 and Enterprise Linux ≥ 8 (RHEL, CentOS, AlmaLinux, RockyLinux...)

  ⚠️ Because of missing dependencies in EPEL-10 (related to QT5), it is not available for Enterprise Linux 10. The next version should be available using QT6.

  Updates are also on the road to official repositories:

  • Fedora 43
  • Fedora 42
  • EPEL 9
  • EPEL 8

  

  ℹ️ Notice: a Copr / Qelectrotech repository also exists, which provides "development" versions (0.101-DEV for now).

• Cockpit Project Cockpit 355

  Cockpit is the modern Linux admin interface. We release regularly.

  Here are the release notes from Cockpit 355:

  Add systemd/polkit-based fallback for administrative privileges if sudo is not available

  There are systems like Ubuntu 25.10 which don’t have sudo, or only the incompatible sudo-rs. Cockpit previously failed to gain administrator rights then. Cockpit 355 now both detects and ignores an incompatible sudo, as well as introduces a fallback authentication method: It starts the root bridge through systemd’s StartTransientUnit() API. This is inspired by systemd’s run0, and uses the exact same underlying mechanism. This is guarded by polkit, so you need to authorize with your user password similar to sudo.

  ws: Remove obsolete pam_cockpit_cert module

  Cockpit version 209 (Dec 2019) introduced a pam_cockpit_cert PAM module in /etc/pam.d/cockpit. Cockpit 248 (Jul 2021) made this module unnecessary, and replaced the module with a stub that did not do anything, plus a warning during package upgrade.

  This version finally removes it. So if you have locally modified /etc/pam.d/cockpit and still have that module in your configuration, you need to manually remove it.

  Try it out

  Cockpit 355 is available now:

  • For your Linux system

  • Cockpit Client

  • Cockpit Source Tarball
  • Cockpit Fedora 43
  • Cockpit Fedora 42

January 28, 2026

• Kiwi TCMS Kiwi TCMS 15.3

  Dear testers, we're happy to announce Kiwi TCMS version 15.3!

  IMPORTANT:

  This is a minor version release which includes updates and improvements, database migrations and many new API methods.

  You can explore everything at https://public.tenant.kiwitcms.org!

  ---

  Public container image (x86_64):

  pub.kiwitcms.eu/kiwitcms/kiwi   latest  bad66695a117   732MB
  

  IMPORTANT: version tagged and multi-arch container images are available only to subscribers!

  Changes since Kiwi TCMS 15.2

  Improvements

  • Update Django from 5.2.9 to 5.2.10
  • Update django-simple-captcha from 0.6.2 to 0.6.3
  • Update django-simple-history from 3.10.1 to 3.11.0
  • Update from 3.10 to 3.10.1
  • Update psycopg[binary] from 3.3.1 to 3.3.2
  • Update python-gitlab from 7.0.0 to 8.0.0
  • Update tzdata from 2025.2 to 2025.3
  • Update node_modules/pdfmake from 0.2.20 to 0.3.3
  • Models Classification, Product, Priority, Component and Version can now be translated in Admin pages (@nichicom-yasutake). Fixes Issue #4193
  • Display categories ordered by name. Fixes Issue #4166
  • Stricter checking for attributes in uploaded files
  • Strip newline characters from email subjects to avoid crashes

  Database

  • Add migration management.0012_alter_classification_options_alter_component_options_and_more
  • Add migration testcases.0023_alter_category_ordering

  API

  • Add Bug.create() API method
  • Add Bug.filter_canonical() API method
  • Add Bug.get_comments() API method
  • Add Bug.add_comment() API method
  • Add Bug.add_attachment() API method
  • Add Bug.list_attachments() API method
  • Add Bug.add_execution() API method
  • Add Group.filter() API method
  • Add Group.permissions() API method
  • Add Group.users() API method
  • Add TestExecution.add_attachment() API method
  • Add TestExecution.list_attachments() API method
  • Add TestExecution.create() API method
  • Add TestExecution.add_property() API method
  • Add TestRun.list_attachments() API method
  • Add TestRun.add_property() API method
  • Add TestRun.get_cc() API method
  • Allow TestCase.create() API method to override TestCase.create_date
  • Allow TestPlan.create() API method to override TestPlan.create_date
  • Allow super-user to override comment author/submission date for TestCase.add_comment() API method
  • Allow super-user to override comment author/submission date for TestExecution.add_comment() API method
  • For BugTracker.filter() API method order results by id field
  • For Category.filter() API method order results by id field
  • For Classification.filter() API method order results by id field
  • For Component.filter() API method order results by id field
  • For Group.filter() API method order results by id field
  • For PlanType.filter() API method order results by id field
  • For Priority.filter() API method order results by id field
  • For Tag.filter() API method order results by id field
  • For Template.filter() API method order results by id field
  • For TestCase.filter() API method order results by id field
  • For TestCaseStatus.filter() API method order results by id field
  • For TestExecution.filter() API method order results by id field
  • For TestExecutionStatus.filter() API method order results by id field
  • For TestRun.filter() API method order results by id field
  • For User.filter() API method order results by id field
  • TestCase.comments() API method changes the following fields in its response:
    • site -> site_id
    • user -> user_id

  Refactoring and testing

  • Update actions/upload-artifact from 5 to 6
  • Update black from 25.11.0 to 25.12.0
  • Update locust from 2.42.6 to 2.43.1
  • Update node_modules/brace-expansion from 1.1.11 to 1.1.12
  • Update node_modules/webpack from 5.103.0 to 5.104.1
  • Update URL to website article
  • Remove redundant code snippet in TestRun.create() API method
  • Add more assertions for TestRun.create() API test scenario

  Changes since Kiwi TCMS Enterprise v15.2-mt

  • Based on Kiwi TCMS v15.3
  • Update certbot from 5.2.1 to 5.2.2
  • Update django-ses from 4.4.0 to 4.6.0
  • Update dj-database-url from 3.0.1 to 3.1.0
  • Update kiwitcms-tenants from 4.3.0 to 4.4.1
  • Update sentry-sdk[django] from 2.47.0 to 2.50.0
  • Update social-auth-app-django from 5.6.0 to 5.7.0
  • Update workaround for .map files b/c of newer pdfmake

  Private container images

  hub.kiwitcms.eu/kiwitcms/version          15.3 (aarch64)          3d15693bb229    28 Jan 2026     749MB
  hub.kiwitcms.eu/kiwitcms/version          15.3 (x86_64)           0718496358e5    28 Jan 2026     732MB
  hub.kiwitcms.eu/kiwitcms/enterprise       15.3-mt (aarch64)       235d645ffdfa    28 Jan 2026     1.02GB
  hub.kiwitcms.eu/kiwitcms/enterprise       15.3-mt (x86_64)        b580a3c04ef3    28 Jan 2026     997MB
  

  IMPORTANT: version tagged, multi-arch and Enterprise container images are available only to subscribers!

  How to upgrade

  Follow the Upgrading instructions from our documentation.

  Happy testing!

  ---

  If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!

  • Give â­� on GitHub;
  • Join our newsletter and follow all news;
  • Become a subscriber and help us sustain development

• Copr Fedora RISC-V 64-bit now available in Copr

  We are happy to announce that Fedora RISC-V 64-bit (riscv64) build targets are now available in Copr! The following chroots have been added to mock-core-configs and enabled in Copr:

  • fedora-42-riscv64
  • fedora-43-riscv64

  Important notes

  We currently do not have native RISC-V hardware in our infrastructure. All riscv64 builds are performed using QEMU emulation on x86_64 machines. Because of this:

  • Expect longer build times compared to native architectures
  • Only userspace calls are possible. If your package needs to make a kernelspace call during the build time or the check phase, then your build will fail. Only a few packages are limited by this.

  If you encounter any issues, please let us know!

January 27, 2026

• Radka Janek Installing Windows games on Linux - Arknights: Endfield

  You can easily run any Windows game on Linux nowadays without too much work. Let’s look at an example - Arknights: Endfield - using only Steam + Proton.

  Proton

  I usually run things through GE-Proton, however this is the rare case when that has disappointed me. While the game installed fine for me and the launcher was semi functionaly, it wouldn’t actually start the game.

  So this time around, it’s gonna be dwproton - installing it is pretty simple, grab ProtonPlus from flathub using your software center of convenience. Then simply run it and find dwproton in the list, hit install and you’re done.

  Make sure to restart Steam if you had it running.

  Steam

  1. If you’re on SteamDeck (or other Steam gamemode session) make sure to switch to Desktop first.
  2. Download the windows installer: https://endfield.gryphline.com/en-us - bottom right corner of the page and I recommend you to immediately mute the tab in your browser ;)
  3. Add it to Steam as a non-steam game (Menu -> Games -> Add a non-steam game to my Library)
  4. Right click the added installer and go to its Properties -> Compatibility -> Force the use of dwproton.
  5. Play -> it should now run the installer, follow the steps to install it, all the defaults are fine. If the launcher automatically starts it at the end, close it.

  We’ve now installed the launcher but we can’t exactly execute it directly just yet. Let’s sort that out:

  1. Right click the installer in steam again, this time we’re gonna change the Target field to "/home/deck/.steam/steam/steamapps/compatdata/<ID>/pfx/drive_c/Program Files/GRYPHLINK/Launcher.exe"
     • You may have noticed the <ID> there - this is a generated ID for your non steam game and it’s probably different from mine. To find out what it is, simply navigate to that location and take a look at which folder was modified last. That’s the correct one.
     • If you’re not on Steam Deck the /home/deck is gonna be different - that’s your home folder and it will be your username.
     • And don’t forget the quotes!
  2. You’re actually done now. It will work with gamescope, mangohud, or any other shenanigans that you’re used to. Probably. Use the Launch options same as with any other Steam game.
  3. Use the SteamGridDB Decky Plugin to change the artwork on Steam, or SDGBoop (flatpak) in combination with steamgriddb.com
  4. Cleanup - you can now delete the installer.

  Enjoy!

  Find me in the Fedora Linux Discord if you have any issues or questions.

  

  Endfield on Fedora Linux

January 26, 2026

• Lennart Poettering Introducing Amutable

  Today, we announce Amutable, our ✨ new ✨ company. We – @blixtra@hachyderm.io, @brauner@mastodon.social, @davidstrauss@mastodon.social, @rodrigo_rata@mastodon.social, @michaelvogt@mastodon.social, @pothos@fosstodon.org, @zbyszek@fosstodon.org, @daandemeyer@mastodon.social @cyphar@mastodon.social, @jrocha@floss.social and yours truly – are building the 🚀 next generation of Linux systems, with integrity, determinism, and verification – every step of the way.

  For more information see → https://amutable.com/blog/introducing-amutable

• Kushal Das replyfast a python module for signal

  replyfast is a Python module to receive and send messages on Signal.

  You can install it via

  python3 -m pip install replyfast

  or

  uv pip install replyfast

  I have to add Windows builds to CI though.

  I have a script to help you to register as a device, and then you can send and receive messages.

  I have a demo bot which shows both sending and rreceiving messages, and also how to schedule work following the crontab syntaxt.

      scheduler.register(
          "*/5 * * * *",
          send_disk_usage,
          args=(client,),
          name="disk-usage",
      )
  

  This is all possible due to the presage library written in Rust.

January 24, 2026

• Kevin Fenzi misc fedora bits for third week of jan 2026

  

  Another week another recap here in longer form. I started to get all caught up from the holidays this week, but then got derailed later in the week sadly.

  Infra tickets migrated to new forejo forge

  On tuesday I migrated our https://pagure.io/fedora-infrastructure (pagure) repo over to https://forge.fedoraproject.org/infra/tickets/ (forgejo).

  Things went mostly smoothly, the migration tool is pretty slick and I borrowed a bunch from the checklist that the quality folks put together ( https://forge.fedoraproject.org/quality/tickets/issues/836 ) Thanks Adam and Kamil!

  There are still a few outstanding things I need to do:

  • We need to update our docs everywhere it mentions the old url, I am working on a pull request for that.

  • I cannot seem to get the fedora-messaging hook working right It might well be something I did wrong, but it is just not working

  • Of course no private issues migrated, hopefully someday (soon!) we will be able to just migrate them over once there's support in forgejo.

  • We could likely tweak the templates a bit more.

  Once I sort out the fedora-messaging hook I should be able to look at moving our ansible repo over, which will be nice. forgejo's pull request reviews are much nicer, and we may be able to leverage lots of other fun features there.

  Mass rebuild finished

  Even thought it started late (was supposed to start last wed, but didn't end up starting really until friday morning) it finished over the weekend pretty easily. There was some cleanup and such and then it was tagged in.

  I updated my laptop and everything just kept working. I would like to shout out that openqa caught a mozjs bug landing (again) that would have broken gdm, so that got untagged and sorted and I never hit it here.

  Scrapers redux

  Wed night I noticed that one of our two network links in the datacenter was topping out (10GB). I looked a bit, but marked it down to the mass rebuild landing and causing everyone to sync all of rawhide.

  Thursday morning there were more reports of issues with the master mirrors being very slow. Network was still saturated on that link (the other 10G link was only doing about 2-3GB/sec).

  On investigation, it turned out that scrapers were now scraping our master mirrors. This was bad because all the BW used downloading every package ever over http and was saturating the link. These seemed to mostly be what I am calling "type 1" scrapers.

  "type 1" are scrapers coming from clouds or known network blocks. These are mostly known in anubis'es list and it can just DENY them without too much trouble. These could also manually be blocked, but you would have to maintain the list(s).

  "type 2" are the worse kind. Those are the browser botnets, where the connections are coming from a vast diverse set of consumer ip's and also since they are just using someone elses computer/browser they don't care too much if they have to do a proof of work challenge. These are much harder to deal with, but if they are hitting specific areas, upping the amount of challenge anubis gives those areas helps if only to slow them down.

  First order of business was to setup anubis in front of them. There's no epel9 package for anubis, so I went with the method we used for pagure (el8) and just set it up using a container. There was a bit of tweaking around to get everything set, but I got it in place by mid morning and it definitely cut the load a great deal there.

  Also, at the same time it seems we had some config on download servers for prefork apache. Which, we have not used in a while. So, I cleaned all that up and updated things so their apache setup could handle lots more connections.

  The BW used was still high though, and a bit later I figured out why. The websites had been updated to point downloads of CHECKSUM files to the master mirrors. This was to make sure they were all coming from a known location, etc. However, accidentially _all_ artifact download links were pointing to the master mirrors. Luckly we could handle the load and also luckily there wasn't a release so it was less people downloading. Switching that back to point to mirrors got things happier.

  So, hopefully scrapers handled again... for now.

  Infra Sprint planning meeting

  So, as many folks may know, our Red Hat teams are all trying to use agile and scrum these days. We have various things in case anyone is interested:

  • We have daily standup notes from each team member in matrix. They submit with a bot and it posts to a team room. You can find them all in #cle-standups:fedora.im space on matrix. This daily is just a quick 'what did you do', 'what do you plan to do' any notes or blockers.

  • We have been doing retro/planning meetings, but those have been in video calls. However, there's no reason they need to be there, so I suggested and we are going to try and just meet on matrix for anyone interested. The first of these will be monday in the #meeting-3:fedoraproject.org room at 15UTC. We will talk about the last 2 weeks and plan for what planned things we want to try and get in the next 2.

  The forge projects boards are much nicer than the pagure boards were, and we can use them more effectively. Here's how it will work:

  Right now the current sprint is in: https://forge.fedoraproject.org/infra/tickets/projects/325 and the next one is in: https://forge.fedoraproject.org/infra/tickets/projects/326

  On monday we will review the first, move everything that wasn't completed over to the second, add/tweak the second one then close the first one, rename the 'next' to 'current' and add a new current one. This will allow us to track what was done in which sprint and be able to populate things for the next one.

  Additionally, we are going to label tickets that come in and are just 'day-to-day' requests that we need to do and add those to the current sprint to track. That should help us get an idea of things that we are doing that we cannot plan for.

  Mass update/reboot outage =========================o

  Next week we are also going to be doing a mass update/reboot cycle with outage on thrusday. This is pretty overdue as we haven't done such since before the holidays.

  comments? additions? reactions?

  As always, comment on mastodon: https://fosstodon.org/@nirik/115951447954013009

January 23, 2026

• Nazi.Compare Judgment: French army vanquishes German FSFE on Hitler's birthday, Microsoft contract dispute (1716711)

  (1716711, 1804171) Free Software Foundation Europe e.V. vs. Le ministère des armées, Tribunal Administratif de Melun.

  Hitler's birthday, 20 April, was a special occasion every year under the fascist dictatorship, on par with the King's Birthday in the Commonwealth. Incidentally, the British monarchy are really Germans.

  We previously considered the fact that Debianists elected a German leader on Hitler's birthday and then they did exactly the same thing again the following year.

  In 2017, the German FSFE misfits began a legal case against the French military. FSFE misfits disputed the French military's decision to sign a contract with Microsoft.

  The case was eventually resolved in 2021 with a judgment against the Germans / FSFE misfits. For those who failed to notice at the time, the tribunal handed down the judgment on Hitler's birthday:

  

   

  

   

  While the full name of the FSFE is Free Software Foundation Europe, internal statistics and mailing list traffic levels demonstrate that the majority of these people are Germans and they do not represent Europe at large, they only represent themselves.

  Throughout the legal procedure and trial, an employee of the French government, Dr Amandine Jambert from CNIL was part of the internal mailing lists used for discussions at the FSFE. Was this a conflict of interest when the FSFE was taking legal action against her own employer?

  In the email below, Jambert does not state her full name, she only uses the sockpuppet identity "Cryptie" and she does not have any email signature disclosing her position within an agency of the French state.

  The FSFE misfits claim to be a peak body for Free Software activism in Europe. They claim to comply with Transparency International guidelines. As the saying goes, do as we say, not as we do.

  In 2023, when Jambert resigned from the FSFE misfits, she finally admitted she has a conflict of interest, implicitly admitting that she lied about harassment to avoid facing a basic ethical question.

  Subject: 	Re: Fwd: [April - Atelier] Open Bar : Une action en justice dans les tuyaux et DSI des Armées pro-microsoft
  Date: 	Wed, 30 Aug 2017 13:15:58 +0200
  From: 	Cryptie <cryptie@fsfe.org>
  To: 	team@lists.fsfe.org, Hugo Roy <hugo@hugoroy.eu>, france@lists.fsfe.org
  
  
  
  Hi all,
  
  I think it would be a good idea to tell them what we did/ plan to do as, in France, they are those that could help us if we need.
  
  Best,
  Cryptie
  
  Le 30 août 2017 13:12:00 GMT+02:00, Hugo Roy <hugo@hugoroy.eu> a écrit :
  
  
  
      Hi all,
  
      Important info: the company (Nexedi) will be represented by a lawyer
      that I know well, because he sucks.
  
      I think this makes it paramount that FSFE also sues, to ensure that
      things are done right and limit any damage that this guy may do.
  
      Matze: maybe you remember, I talked about this guy and how he miserably
      failed a lawsuit (on a similar topic against Microsoft) last year.
  
  
      On 2017-08-30 12:43, Hugo Roy wrote:
  
          Hi there,
  
          You will find attached an April internal mailing list relating
          to the
          Microsoft - French Ministry of Defense contract, about which
          FSFE sent
          a request for information (in the potentiality of a lawsuit).
  
          A company (Nexedi) is, apparently, going to sue over this too.
  
          Thinking about replying to April that FSFE is also thinking about a
          lawsuit and to keep April updated (and that we are happy to work
          with
          them, as usual). Thoughts?
  
          Best,
          Hugo
  
      ------------------------------------------------------------------------
  
      Team mailing list
      Team@lists.fsfe.org
      https://lists.fsfe.org/mailman/listinfo/team
  
  
  -- 
  Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
  

  Remember, in May 2018, the FSFE staff had an Extraordinary General Meeting without the developers present and they voted to remove the elections from the constitution of the association. They have not had a full election since 2017.

  In July 2018, a few weeks after removing elections from the constitution, the German FSFE misfits went to RMLL in Strasbourg and they recorded a video of Jambert talking about democracy in French.

  

   

  

   

  Read more about Nazi comparisons.

• Swiss JuristGate Judge Richard Oulevey (Grandcour Choeur, Tribunal Vaud) & Debian shaming abuse victims and witnesses

  In 2021, a court in Poland convicted a paedophile and sent him to prison. The paedophile was described as a regional activist for the Civic Platform (PO) political party. When convicting the paedophile, the court made orders that his identity and conviction could not be published as it would compromise the privacy of the victims. The victims were the children of a politician from the same party as the offender.

  Radio Szczecin is a public broadcaster under control of the right-wing party ruling in Poland. In December 2022, Radio Szczecin made a broadcast alleging that a cover-up had taken place. In the broadcast, they informed the audience that the victims were "the children of a well-known lawmaker", the very fact the judge had sought to protect.

  After that, it wasn't long before people were able to identify the victims.

  A few weeks later, one of the victims committed suicide.

  In 2017, when I discovered evidence that diversity funding from open source software organizations had enabled wrongdoing in Albania, I told some of the women that I was watching these matters carefully. To show some empathy, I mentioned to the women the fact one of my cousins had received the choir scholarship at St Kevin's College, Toorak at the same time the late Cardinal Pell was the Archbishop of Melbourne. The choir scholarships are worth approximately three hundred thousand Australian dollars. Like the Outreachy internships, the scholarship has significant financial value and being a part of the St Kevin's community opens doors for people.

  This is the point where the legal and ethical competance diverged significantly.

  Cardinal Pell was convicted on 11 December 2018 and a few days later, on Christmas Eve, rogue Debianists used the debian-private whisper network to spread rumours about abuse. In fact, I've never even specified whether one of my cousins is the same person who made the complaint. There were hundreds of boys in the choir over the years.

  By creating hysteria, they were following in the footsteps of Radio Szczecin. In the case of Debianism, it is even worse. One of the people spreading rumours about abuse, Joerg Jaspert, was elected as a parent representative for Dalbergschule school council in Fulda, Germany. If he is unable to handle private information about children then he is totally unsuitable for that position in a school.

  The hysteria has identified a number of possible abuse victims in open source software communities and as long as they persist, they are forcing people to point to possible evidence that may identify people. They already forced public attention on the sixteen-year-old victims from Albania. Instead of learning from that mistake, they demanded more public shaming. Here is one of their legal documents where they demand a public humiliation of my family:

  

   

  Yet look at the irony. The judge assigned to manage the case, Richard Oulevey, is also the president of a choir. The Grandcour Men's Choir, based in the Canton of Vaud, celebrated their 125th anniversary recently.

  

   

  

   

  After the Pell prosecution, media reports went to great lengths to conceal the identities of choir members. Photos were published with all the faces obfuscated:

  

   

  In Poland, the judge realized that the prosecution could lead to the identification of abuse victims and he ordered total secrecy about the identity of the offender. Exactly the same rules are used to impose secrecy in cases of incest and cases involving small villages, whether they occur in Poland, in Australia or in Switzerland. A recent example was the prosecution of a bakery owner in South Australia. During the 1980s, the baker/father recruited underage girls to live and work in a cult-like arrangement leading to pregnancies. Three babies were born within a period of seven months.

  The case created enormous media interest but none of the news reports are able to publish the name of the village, the name of the business or the names of the people convicted. In other words, they are hiding the name of the paedophile to protect the identities of his thirteen children.

  We have seen echoes of this behaviour in the open source software communities. The cases in Albania were not the only ones.

  Look at how Debianists and the Outreachy program offer financial incentives to young transgender people, even in a voluntary environment where nobody else is allowed to receive payment.

  Its time to hold a mirror up to the rogue Debianists themselves. Look at the case of Pauline Pommeret, who came from an elite high school to be groomed/indoctrinated in the Debian love nest at ENS Cachan / CRANS.

  Pommeret eventually came and asked for Outreachy money, which is approximately double the amount of money offered to an ordinary male intern of the same age and experience level.

  If judges in other jurisdictions have gone to great lengths to protect the privacy of people in proximity to abuse cases, why do the jurists and judges in Switzerland & Debian want to publicly identify and humiliate people?

  Another one of the protagonists in the case is Axel Beckert from the university ETH Zurich university. How can these people be competant to handle private complaints from students when their first reaction is to take out their mobile phone and make a public statement about everything?

  Debianists spent over $120,000 on legal fees to censor blogs like this but getting a gay judge with a transgender sister would be priceless. Or just more conflicts of interest.

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

  Please see the rest of the JuristGate reports.

• Swiss JuristGate Did judge with transgender sister & Debian conflict of interest help cover-up a death?

  Most of the correspondance concerning the Debianism vendetta in the canton of Vaud was signed by Judge Richard Oulevey of the PLR Liberal Radical Party.

  Did he have a conflict of interest?

  One of the key issues in the Debianism dispute was the attempt to trick me to mentor Nicolas Dandrimont's partner. It appears that the partner of Dandrimont may be a transgender and the sister of Judge Oulevey is also a transgender, Zoé Frédérique Oulevey. By coincidence, Zoé is head of R&I Intellectual Property at Richemont.

  The presence of multiple transgenders is significant. These people don't simply dress up as women. They want to know what it feels like to live like a woman and for some of them, they crave manipulating the protective instincts in other men. Just as they go to great effort with cosmetic surgery, they also spend a lot of effort practicing the victim routine. There are whole associations and web sites dedicated to the victimhood. They focus on how to be believed rather than how to be honest. It is hard and sometimes impossible to tell when these people are reporting a real case of harassment and when they are just role-playing victimhood.

  One of the cyberbullies who started the legal harassment, which is called "abuse of process" if you'll excuse the pun, is Axel Beckert, who is the gay partner of a former colleague. It appears that Judge Richard Oulevey does not have a spouse. For those who know the extent to which LGBT vendettas have hurt healthy people around Debian, it is a disturbing thought but also quite rude to speculate without any other evidence that Debian somehow spent all that money to get a gay judge. The judge has not revealed anything about his love life or the extent to which all these people are mingling bodily fluids on the Swiss LGBT scene.

  

   

  In Australia, Melbourne newspaper The Age published a detailed report about groups like this who work together to humiliate their victims.

  How a Melbourne seminary became the breeding ground for paedophile rings

  Corpus Christi was where sexually repressed men could “act out” with each other, living double lives, then transfer their attentions to the most innocent in their flocks.

  ...

  Fells alleges that he was the victim of a group of priests who formed part of a network of paedophiles coalescing around Corpus Christi in the mid-1970s. His first abuser was St Peter’s Clayton parish priest Ronald Pickering, who Fells claims molested him after a Sunday mass in the parish presbytery. A known paedophile, Pickering fled to England in 1993 after the Melbourne Archdiocese informed him about a victim’s complaint.

  ...

  “Pickering got me first, then Vears, and then Ryan,” alleges Fells, who tried to take his own life after the seminary incident and still suffers from post-traumatic stress.

  “They got me all right.”

  Amnesty International published a report about the Swiss police using violence to "arrest" and sexually abuse Trevor Kitchen for his reports about financial corruption.

  Trevor Kitchen, a 41-year-old British citizen resident in Switzerland, was arrested by police in Chiasso (canton of Ticino) on the morning of 25 December 1992 in connection with offences of defamation and insults against private individuals. In a letter addressed to the Head of the Federal Department of Justice and Police in Berne and to the Tribunal in Bellinzona (Ticino) on 3 June 1993 he alleged that two police officers arrested him in a bar in Chiasso and, after handcuffing him, accompanied him to their car in the street outside. They then bent him over the car and hit him around the head approximately seven times and carried out a body search during which his testicles were squeezed. He claimed he was then punched hard between the shoulder blades several times. He said he offered no resistance during the arrest.

  He was then taken to a police station in Chiasso where he was questioned in Italian (a language he does not understand) and stated that during the questioning "The same policeman that arrested me came into the office to shout at me and hit me once again around the head. Another policeman forced me to remove all of my clothes. I was afraid that they would use physical force again; they continued to shout at me. The one policeman was pulling at my clothes and took my trouser belt off and removed my shoe laces. Now I stood in the middle of an office completely naked (for 10 minutes) with the door wide open and three policemen staring at me, one of the policemen put on a pair of rubber surgical gloves and instructed me to crouch into a position so that he could insert his fingers into my anus, I refused and they all became angry and started shouting and demonstrating to me the position which they wanted me to take, laughing, all were laughing, these police were having a good time. They pointed at my penis, making jokes, hurling abuse and insults at me, whilst I stood completely still and naked. Finally, when they finished laughing, one of the policemen threw my clothes onto the floor in front of me. I got dressed."

  He was transferred to prison some hours later and in his letter claimed that during the night he started to experience severe pains in his chest, back and arms. He asked a prison guard if he could see a doctor but the request was refused and he claimed the guard kicked him. He was released on 30 December 1993. Medical reports indicated that since his release he had been experiencing recurrent pain in the area of his chest and right shoulder and had been receiving physiotherapy for an injury to the upper thoracic spine and his right shoulder girdle.

  Debianist financial disclosures show they spent over $120,000 on legal fees. One overworked and unpaid volunteer, Abraham Raji, died at DebConf23 when they asked him to contribute his own money to the day trip.

  

   

  Yet their Judge Oulevey, who got some money, admits trying to create an invalid judgment and then having to annul it:

  

   

  Dare we say a group of gays, trannies and greens fathered a non-binary judgment? Or they simply fucked up?

  

   

  Fundamentally, while the LGBT community celebrates Pride, the Debianists celebrate shaming people. Look at their demand to publicly denounce my family after my father died:

  

   

  Adolf Hitler did exactly the same thing. He insisted that every Jew had to wear a star on their chest, like a miniature judgment:

  

   

  One of the groundbreaking reports on this web site was the comparison of Debian and Swiss cover-ups to the barrister John Smyth QC in the Church of England. From a BBC report:

  Smyth was confronted about his conduct after the report compiled by Rev Mark Ruston and Rev David Fletcher.

  It found Smyth identified pupils from leading public schools including Winchester College and took them to his home near Winchester in Hampshire, where he carried out lashings with a garden cane in his shed.

  Now look at the invalid document these German and Swiss nazis created together. 10 November is the anniversary of the Kristallnacht:

  

   

  The report about John Smyth QC goes on:

  Smyth is said to have subjected his victims to traumatic physical, sexual, psychological and spiritual attacks, permanently marking their lives.

  If you look at the way the Debianists attacked my family, they inflicted this on us and sustained these attacks ever since the death of my father. That is a level of intrusion that puts some of the rogue Debianists right up there with the paedophiles.

  By chance, Judge Oulevey's father also died, giving us a list of family members. We can see that Judge Oulevey does not have a wife. As well as having the transgender sister Zoé Frédérique Oulevey, he has a brother, Xavier Oulevey who is also a jurist in the canton of Vaud. Clearly, conflicts of interest will arise every time his brother brings a case to the tribunal.

  

   

  On 1 November 2023, I was granted citizenship of Switzerland in the Canton of Vaud. When I look at these dirty men attacking my family after my father died, I see the behaviour of animals, not humans. It makes me question what it means to be a citizen of Switzerland, because I can't lower myself to be an animal like these men.

  

   

  Why do these dirty men go to all this trouble to humiliate my family and I? Adrian von Bidder-Senn died on our wedding day. They don't want my presence to remind them that they may have some responsibility for those deaths. They couldn't care less about pushing more people to suicide if that is the price of covering up the last suicides.

  The Bishop Accountability web site has a page about the experiences of Catholic whistleblowers and it is remarkably similar to what we see in free software "family" cults today:

  Many of the individuals profiled below have experienced retaliation and grief in some form – defamation, job loss, career derailment, ostracization, pressure by superiors to admit to mental illness, and in at least one case, suicide.

  Please see the chronological history of how the Debian harassment and abuse culture evolved.

  Please see the rest of the JuristGate reports.

• Allan Day GNOME Foundation Update, 2026-01-23

  It’s Friday so it’s time for another GNOME Foundation update. Much of this week has been a continuation of items from last week’s update, so I’m going to keep it fairly short and sweet.

  With FOSDEM happening next week (31st January to 1st February), preparation for the conference was the main standout item this week. There’s a lot happening around the conference for GNOME, including:

  • Three hackfests (GNOME OS, GTK, Board)
  • The Advisory Board meeting
  • A GNOME stand with merchandise
  • A social event on the Saturday
  • Plenty of GNOME-related talks on the schedule

  We’ve created a pad to keep track of everything. Feel free to edit it if anything is missing or incorrect.

  Other activities this week included:

  • Last week I reported that our Digital Wellbeing development program has completed its work. Ignacy provided a great writeup this week, with screenshots and a screencast of the new parental controls features. I’d like to take this opportunity to thank Endless for funding this important work which will make GNOME more accessible to young people and their carers.
  • On the infrastructure side, Bart landed a donate.gnome.org rewrite, which will make the site more maintainable. The rewrite also makes it possible to use the site’s core functionality to run other fundraisers, such as for Flathub or GIMP.
  • GUADEC 2026 planning continues, with a focus on securing arrangements for the venue and accommodation, as well as starting the sponsorship drive.
  • Accounting and systems work also continues in the run up to the audit. We are currently working through another application round to unlock features in the new payments processing platform. There’s also some work happening to phase out some financial services that are no longer used, and we are also working on some end of calendar year tax reports.

  That’s it for this update; I hope you found it interesting! Next week I will be busy at FOSDEM so there won’t be a regular weekly update, but hopefully the following week will contain a trip report from Brussels!

• Caolán McNamara Firefox & Linux in 2025

  

  
  Last year brought a wealth of new features and fixes to Firefox on Linux. Besides numerous improvements and bug fixes, I want to highlight some major achievements: HDR video playback support, reworked rendering for fractionally scaled displays, and asynchronous rendering implementation. All this progress was enabled by advances in the Wayland compositor ecosystem, with new features implemented by Mutter and KWin.

  HDR

  The most significant news on the Wayland scene is HDR support, tracked by Bug 1642854. It’s disabled by default but can be enabled in recent Wayland compositors using the gfx.wayland.hdr preference at about:config (or by gfx.wayland.hdr.force-enabled if you don’t have an HDR display).

  HDR mode uses a completely different rendering path, similar to the rendering used on Windows and macOS. It’s called native rendering or composited rendering, and it places specific application layers directly into the Wayland compositor as subsurfaces.

  The first implementation was done by Robert Mader (presented at FOSDEM), and I unified the implementation for HDR and non-HDR rendering paths as new WaylandSurface object.

  The Firefox application window is actually composited from multiple subsurfaces layered together. This design allows HDR content like video frames to be sent directly to the screen while the rest of the application (controls and HTML page) remains in SDR mode. It also enables power-efficient rendering when video frames are decoded on the graphics card and sent directly to the screen (zero-copy playback). In fullscreen mode, this rendering is similar to mpv or mplayer playback and uses minimal power resources.

  I also received valuable feedback from AMD engineers who suggested various improvements to HDR playback. We removed unnecessary texture creation over decoded video frames (they’re now displayed directly as wl_buffers without any GL operations) and implemented wl_buffer recycling as mpv does.

  For HDR itself (since composited rendering is available for any video playback), Firefox on Wayland uses the color-management-v1 protocol to display HDR content on screen, along with BT.2020 video color space and PQ color transfer function. It uses 10-bit color vectors, so you need VP9 version 2 to decode it in hardware. Firefox also implements software decoding and direct upload to dmabuf frames as a fallback.

  The basic HDR rendering implementation is complete, and we’re now in the testing and bug-fixing phase. Layered rendering is quite tricky as it involves rapid wl_surface mapping/unmapping and quick wl_buffer switches, which are difficult to handle properly. HDR rendering of scaled surfaces is still missing—we need fractional-scale-v2 for this (see below), which allows positioning scaled subsurfaces directly in device pixels. We also need to test composited/layered rendering for regular web page rendering to ensure it doesn’t drain your battery. You’re very welcome to test it and report any bugs you find.

  Fractional scale

  

  The next major work was done for fractional scale rendering, which shipped in Firefox 147.0. We updated the rendering pipeline and widget sizing to support fractionally scaled displays (scales like 125%, etc.). This required reworking the widget size code to strictly upscale window/surface sizes and coordinates and never downscale them, as downscaling introduces rounding errors.

  Another step was identifying the correct rounding algorithm for Wayland subsurfaces and implementing it. Wayland doesn’t define rounding for it, only for toplevel windows, so we’re in a gray area here. I was directed to Stable rounding by Michel Daenzer. It’s used by Mutter and Sway so Firefox implements it for those two compositors while using a different implementation for KWin. This may be updated to use the fractional-scale-v2 protocol when it becomes available.

  Fractional scaling is enabled by default, and you should see crisp and clear output regardless of your desktop environment or screen scale.

  Asynchronous rendering

  Historically, Firefox disabled and re-enabled the rendering pipeline for scale changes, window create/destroy events, and hide/show sequences. This stems from Wayland’s architecture, where a Wayland surface is deleted when a window becomes invisible or is submitted to the compositor with mismatched size/scale (e.g., 111 pixels wide at 200% scale).

  Such rendering disruptions cause issues with multi-threaded rendering—they need to be synchronized among threads, and we must ensure surfaces with the wrong scale aren’t sent to the screen, as this leads to application crashes due to protocol errors.

  Firefox 149.0 (recent nightly) has a reworked Wayland painting pipeline (Bug 1739232) for both EGL and software rendering. Scale management was moved from wl_buffer fixed scale to wp_viewport, which doesn’t cause protocol errors when size/scale doesn’t match (producing only blurred output instead of crashes).

  We also use a clever technique: the rendering wl_surface / wl_buffer / EGLWindow is created right after window creation and before it’s shown, allowing us to paint to it offscreen. When a window becomes visible, we only attach the wl_surface as a subsurface (making it visible) and remove the attachment when it’s hidden. This allows us to keep painting and updating the backbuffer regardless of the actual window status, and the synchronized calls can be removed.

  This brings speed improvements when windows are opened and closed, and Linux rendering is now synchronized with the Windows and macOS implementations.

  … and more

  Other improvements include a screen lock update for audio playback, which allows the screen to dim but prevents sleep when audio is playing. We also added asynchronous Wayland object management to ensure we cleanly remove Wayland objects without pending callbacks, along with various stability fixes.

  And there are even more challenges waiting for us Firefox Linux hackers:

  • Wayland session restore (session-restore-v1) to restore Firefox windows to the correct workspace and position.
  • Implement drag and drop for the Firefox main window, and possibly add a custom Wayland drag and drop handler to avoid Gtk3 limitations and race conditions.
  • Utilize the fractional-scale-v2 protocol when it becomes available.
  • Investigate using xdg-positioner directly instead of Gtk3 widget positioning to better handle popups.
  • Vulkan video support via the ffmpeg decoder to enable hardware decoding on NVIDIA hardware.

  And of course, we should plan properly before we even start. Ready, Scrum, Go!

• Adam Young Install a custom Kernel inside a VM

  When debugging Qemu, it might be helpoful to instrument Linux Kernel to see when interrupts get received, or see data on the other side of a transfer. If you have to modify the Kernel on a regular basis, it can be faster to build it in place than to build a customer RPM/DEB and install inside the VM. Here is how I have been going about updating the kernel.

  Table of contents

  • NFS on the Hypervisor
  • NFS Client in the VM
  • Build the Kernel on The Hypervisor
  • Install the Kernel in the VM

  In order for this to work, your VM and your Hypervisor should be running a compatable version of the Toolchain used to build the kernel. I would suggest using a common Fedora/Ubuntu version for both machines.

  NFS on the Hypervisor

  We are going to use the Network File System (NFS) to share files between the Hypervisor and the Virtual machine. There are many steps to setting up NFS, and I did not record all of the permutations I tried to get it to work. I do know I had to: install RPMS, figure out what directories to export, and make sure the NFS daemon was running.

  I can see that I have these two services running:

  nfs-mountd.service
  nfs-server.service

  I aslo see I have these RPM installed

  rpmquery -a | grep nfs
  libnfsidmap-2.8.3-2.rc3.fc42.aarch64
  sssd-nfs-idmap-2.11.1-1.fc42.aarch64
  libnfs-6.0.2-6.fc42.aarch64
  libnfs-devel-6.0.2-6.fc42.aarch64
  nfs-utils-2.8.3-2.rc3.fc42.aarch64
  qemu-block-nfs-9.2.4-2.fc42.aarch64
  
  

  My file /etc/nfs.conf is unchanged from the default install

  In my install, the exports are in /etc/exports.d/adam.exports and look like this:

  /home/ayoung *(rw,sync,insecure,all_squash,anonuid=6352,anongid=65603)
  /home/grose *(rw,sync,insecure,all_squash,anonuid=1000,anongid=1001)

  NFS Client in the VM

  The IP address is that of the Hypervisor. Adapt to your network settings.

  I keep both the Hypervisor and VM directories consistent
  mount -t nfs4 10.76.112.72:/home/ayoung /home/ayoung
  

  Build the Kernel on The Hypervisor

  Run the following commands inside your Linux directory on your hypervisor. I have mine in /home/ayoung/linux.

  make -j $(nproc) && make -j $(nproc)

  Install the Kernel in the VM

  Since the Linux directory above is mounted in the VM at /home/ayoung/linux, I can complete the install process inside the VM.

  make -j $(nproc) modules_install && make -j $(nproc) install

  reboot

January 22, 2026

• Adam Young Viewing the Flattened Device Tree from Qemu

  The Qemu implementation uses a Flattened Device Tree (FTD) to manage the virtual implementation of the physical devices in a machine. I need to create a FTD entry for the MCTP-PCC implementation I am writing in Qemu. Since this is new to me, and I am working (as I most often do) via Ttrial and error, I want to see the FTD entry after I write it. Here is how I am dumping it.

  In my script to run the virtual machine, I modify the machine entry from:

  -machine virt \

  to

  -machine virt,dumpdtb=/tmp/qemu_virt.dtb \

  And run the VM. It does not run for very long, and I get this output instead:

  [2026-01-22T18:40:07Z INFO virtiofsd] Client disconnected, shutting down

  However, I have now created a file at /tmp/qemu_virt.dtb. In order to view the contents of this file, I use the Device Tree Compiler (DTC) like this:

  dtc -I dtb -O dts -o /tmp/qemu_dtb.txt /tmp/qemu_virt.dtb

  The -I option says the input format is device tree binary, the -O says that the output format is human readable domain-specific-language, and the -o option says where to put the output file. The final parameter is the input file, which has no flag.

  If I then look at the txt file I can see the following block:

          mctp_pcc@a008000 {
                  interrupts = <0x00 0x50 0x04 0x00 0x51 0x04>;
                  reg = <0x00 0xa008000 0x00 0x8000>;
                  compatible = "mctp-pcc";
          };
  

January 21, 2026

• Adam Young Debugging Qemu with gdb

  When developing Linux Kernel code, I have found myself wanting to have a test fixture inside the Firmware that lets me inspect the values communicated out of and into the Linux Kernel. I am currently writing one such fixture in Qemu. And I have an interrupt that is not getting handled by the Linux Kernel, I think because it is not getting delivered.

  I have found it quite valuable to run this Qemu process in the Gnu Debugger. Here is how I (with help) got to the bottom of the mystery.

  One prep step is to disable some reporting in GDB. WHen GDB starts, it offers to load in debug info, but I do not need or want that. By default, GDB will break one each signal of SIGUSR1, and there are too many of them. GDB also it prints output each time a thread ends, and I don;t care about that. Add the following line to ~/.gdbinit

  set debuginfod enabled off
  handle SIGUSR1 noprint nostop
  set print thread-events off
  

  (Or you can type these into the gdb command prompt.)

  Here is how I am running the VM. Note that the first line points to a version of Qemu that I have built myself.

  gdb --args ../qemu/build/qemu-system-aarch64 \
          -machine virt \
          -enable-kvm \
          -m 16G \
          -cpu host \
          -smp 16 \
          -nographic \
          -bios /usr/share/edk2/aarch64/QEMU_EFI.fd \
          -drive if=none,file=../virt/my_vm.qcow2,id=hd0 \
          -device virtio-blk-device,drive=hd0,bootindex=0 \
          -drive file=../virt/Fedora_Server_dvd_aarch64_42_1.1.iso,id=cdrom,if=none,media=cdrom \
          -object memory-backend-file,id=mem,size=16G,mem-path=/dev/shm,share=on \
          -numa node,memdev=mem  \
          -chardev socket,id=char0,path=/tmp/virtiofs_socket  \
          -virtfs local,path=/root/adam/linux,mount_tag=mylinux,security_model=passthrough,id=fs0 \
          -device virtio-scsi-device \
          2>&1 | tee /tmp/qemu.log
  

  While there is a -gdb flag that you can include in the qemu command line, I found it did not work for me. Additionally, I may take the gdb –args string into an env var, and use that to switch whether or not to debug.

  The –args flag passes on the command line arguments into gdb to be used when the program is run. Thus, once we are on the gdb command prompt, we can set a break point like this:

  break pcc_timer_callback

  And then simply call run without any parameters.

  Since this VM is launching the Linux Kernel, there will be points in the process where the command prompt returns and you can type. For example, during grub, you can hit return to speed through the timer and launch the selected kernel: or change the selected kernel if you want. For my workflow, I need to log in to console, and then run a test script. It is this test script that triggers the break point I set above.

  One benefit to gdb is that it tells what functions are really assigned to the function pointers. For example, in the raise_irq call chain, there is a call to

  irq->handler(irq->opaque, irq->n, level);

  And stepping through, I can see that it steps into

  kvm_arm_gic_set_irq(s->num_irq, irq, level);

  And thus I can inspect the irq number:

  (gdb) print irq
  $1 = 80

  This IS the number I assigned. However…later on I see this code is executed (hw/intc/arm_gic_kvm.c starting at line 57):

   if (irq < (num_irq - GIC_INTERNAL)) {
          /* External interrupt. The kernel numbers these like the GIC
           * hardware, with external interrupt IDs starting after the
           * internal ones.
           */
          irqtype = KVM_ARM_IRQ_TYPE_SPI;
          cpu = 0;
          irq += GIC_INTERNAL;
      } 
  
  

  At first I didn’t think much of it, but, later on, a coworker and I started looking inside the Linux kernel at /proc/interrupts I see these pair of lines.

  12: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 GICv3 80 Level pcc-mbox
  13: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 GICv3 81 Level pcc-mbox
  14: 37 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 GICv3 33 Level uart-pl011

  So the interrupt handler is registered, but no interrupts have been delivered. THe 80 and 81 are the interrupt numbers. My coworker suggested I look at the next line. The UART has an interrupt of 33, but inside the Qemu code, I see this:

  static const int a15irqmap[] = {
      [VIRT_UART0] = 1,
  

  And looking for that specific UART create code:

  int irq = vms->irqmap[uart];
  ...
      qemu_fdt_setprop_cells(ms->fdt, nodename, "interrupts",
                                 GIC_FDT_IRQ_TYPE_SPI, irq,
                                 GIC_FDT_IRQ_FLAGS_LEVEL_HI);
  
  

  The UART is registered as Interrupt 33 inside the Linux Kernel, but Interrupt 1 inside Qemu. Lets go look at the value for GIC_INTERNAL

  #define GIC_INTERNAL 32

  What happens if we add 32 to the interrupt value in the code that reports the interrupt ID to the Kernel? My test runs. I can’t right now look at the interrupt delivery, as I have an infinite loop, and that is not a surprise as this code is still under development.

January 20, 2026

• Andreas Schneider Some 🌳💞 for RPM Spec

  Two years ago, I started to look into writing a tree-sitter parser as part of the “Day of Learning” at my employer. As I write and edit many RPM Spec files (also at work), I wanted better highlighting in my text editor, which is Neovim.

  I had attempted to start the project the year before but was lost. The next year, the tree-sitter documentation improved, and I finally understood the basics and began developing tree-sitter-rpmspec.

  RPM Spec is challenging (horrible) to parse. RPM spec files are parsed in multiple stages, roughly following these phases:

  Phase 1. Macro expansion pass

  • Macros (%{name}, %{version}, %define, %global, etc.) are expanded
  • This happens before the spec is interpreted as instructions
  • Macros can be nested and are expanded recursively

  Phase 2. Conditional evaluation

  •  %if, %ifarch, %ifos, %endif blocks are evaluated
  •  This determines which sections of the spec are active

  Phase 3. Section parsing and execution

  • The preamble (Name, Version, Release, etc.) is parsed first
  • Then each section (%description, %prep, %build, %install, %files, etc.) is parsed
  • Some sections like %files have their own sub-parsing for file attributes
  • Once parsed it will start executing different scriptlets to build and install the package.

  As soon as BuildArch is involved, the RPM parser needs to be able to re-read the spec file. This is one reason why it can’t read spec files from stdin, see e.g. here.

  Writing a tree-sitter parser for spec files is not straightforward. There are many pitfalls and edge cases. The two most difficult challenges are figuring out when a section ends. There is no marker or indentation. It ends when the next section starts. However right before the next section could be an %if. Does that %if belong to the section before or is it a top-level if like #ifdef in C.

  If you’re interested in the details, there is a DESIGN.md explaining some design decisions. In short, the parser.c was reaching 64MB and -Woverflow was triggered. This led to implementing an external scanner, which reduced the size to ~20MB. I rewrote the scanner.c at least 5 times from scratch. In the last rewrite, I started with the most simplest approach and built on from there, focusing on balanced parenthesis parsing for %{expand: string}.

  Yesterday, I hit the breakthrough. I successfully parsed parametric macros correctly. With this milestone, I was able write injection queries to run tree-sitter-bash on the scriptlets shell code! This means we can highlight the bash parts now!

  

  https://gitlab.com/cryptomilk/tree-sitter-rpmspec

January 19, 2026

• Adam Williamson CI and LLM review on Fedora Forge with Forgejo Actions

  Hi folks! Over the last couple of weeks, we have migrated nearly all the quality team's repositories from Pagure (the old Fedora forge) to the new, Forgejo-based Fedora Forge. As part of this, I've figured out a process for doing CI with Forgejo Actions. I also came up with a way to do automated LLM pull request reviews, for those interested in that.

  For the impatient, you can just look at / copy the two workflows in python-wikitcms, but you'll at least need to read the stuff about runners below.

  Forgejo Actions works very similarly to GitHub Actions, by design. You create a .forgejo/workflows directory in your project and define workflows in it. The syntax is almost entirely compatible with GitHub Actions, but with several missing features.

  Some very commonly-used shared actions, like actions/checkout, are ported to Forgejo so you can use them directly. Other shared and third-party actions can be used by giving a full URL to them - e.g. uses: https://github.com/actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0 - but whether a given action will work or not depends on whether it's written to assume it's running on public GitHub, and whether Forgejo has all the features it needs.

  Probably the most noticeable difference with using GitHub Actions is runner availability and environment. If you have a public GitHub project you can define workflows with something like runs-on: ubuntu-latest; behind the scenes, GitHub maintains a farm of runners with various labels, of which ubuntu-latest is one, and your jobs will run on any available runner with that label. The available environments for public GitHub repos are a handful of Ubuntu, Windows and macOS versions.

  The staging instance of Fedora Forge has a few universal runners you can use like this. Currently each has only one, unique, label, so you can't specify workflows with a label like fedora and have them run on any available runner; you have to just pick one of the labels, and your jobs will always run on that runner. Maybe this will get changed at some point. But the runners are available to all repos in the staging instance, so you can just define a workflow and get it run.

  Currently the production instance has no universal runners like this; runners are limited to specific organizations. The releng and infra organizations have runners, and now I requested one, the quality organization has one too. If you want to run workflows for projects in a different organization, the first thing you'll need to do is file a ticket to request runner(s) for that organization. If you have admin access to an organization, you can see whether it has runners, and what labels they have, by visiting https://forge.fedoraproject.org/org/<organization>/settings/actions/runners.

  Once your org has at least one runner, you can define workflows and they'll run, as long as you set the runs-on value to a label that at least one of the runners has.

  However, you might be surprised by the default environment: it's currently Debian Bookworm. Until that gets fixed, you may be interested in the container directive for workflows, which lets you define any arbitrary container image to be used:

      container:
        image: quay.io/fedora/fedora:latest
  

  There is one little gotcha with this, though. Many GitHub actions, including checkout, are written in Node, but Fedora's stock container images don't have Node installed. So you have to install it before running checkout or anything else that uses Node.

  Put it all together, and here's the workflow I've defined for doing CI on Python projects with Tox:

  name: CI via Tox
  on:
    pull_request:
      types: [opened, synchronize]
  
  jobs:
    tox:
      runs-on: fedora
      container:
        image: quay.io/fedora/fedora:latest
      steps:
        - name: Install required packages
          run: dnf -y install nodejs tox git
        - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
          with:
            fetch-depth: 0
        - name: Install Python interpreters
          run: for py in 3.6 3.9 3.10 3.11 3.12 3.13; do dnf -y install python$py; done
        - name: Test with tox
          run: tox
  

  That runs whenever a pull request is opened or pushed (the on section). It expects a runner with the fedora label (the runs-on setting). It uses the fedora:latest container image from quay.io (the container setting). From that image, we install packages we're going to need - including nodejs (the first step). Then we run actions/checkout to check out the PR (the second step, the uses one). Then we install all the Python interpreters we need, and run tox (the final two steps). Of course, if your project isn't Python or doesn't use Tox, you'll have to tweak this a bit, but hopefully you get the general idea.

  If you're security-minded, you might notice there's no permissions setting in this workflow. That's because Forgejo currently does not support fine-grained permissions in the automatically-generated workflow tokens. In Forgejo, the automatically-generated token always has full read/write privileges unless it's operating on a pull request from a fork, in which case it has only read permissions. Nothing finer-grained is possible at present. If you need something finer-grained, you have to generate a token manually, save it as a repository secret, and adjust your workflow (somehow) to use that and hide the automatically-generated token as far as is practically possible (that's outside the scope of this post).

  So that's CI! What about LLM pull request review? Well, if you dislike or are not interested in that, stop reading now. If you are interested, here's a recipe:

  name: AI Code Review
  on:
    pull_request_target:
      types: [labeled]
  
  jobs:
    ai-review:
      if: forgejo.event.label.name == 'ai-review-please'
      runs-on: fedora
      container:
        image: registry.gitlab.com/redhat/edge/ci-cd/ai-code-review:v2.3.0
      steps:
        - name: Run AI Review
          env:
            AI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
          run: ai-code-review --platform forgejo --pr-number ${{ forgejo.event.pull_request.number }} --post
  
    # this has to be a separate job because ai-code-review container does not have nodejs in it
    # also note this does not work for PRs from forks because of a forgejo bug
    # https://codeberg.org/forgejo/forgejo/issues/10733
    remove-label:
      runs-on: fedora
      steps:
        - uses: https://github.com/actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
          with:
            labels: ai-review-please
  

  That will cause the ai-code-review tool to review the pull request and post its analysis as a comment.

  Just a couple of things to note here. I decided to have the LLM review happen only when a pull request is given a special label. LLM reviews are relatively expensive, and also quite verbose; you don't necessarily want one cluttering up the ticket any time a pull request is created or edited, and you may not want to make it possible for someone to charge some LLM usage to your account as often as they like just by creating or editing a pull request.

  So, to use this recipe you have to create a label called ai-review-please in your repository. You can do this by going to "Issues", then clicking "Labels", then "New label". Give it whatever color and description you like. Any time you add that label to a PR, the review process will be triggered. Before adding the label to a PR you should probably make sure the PR is well-intentioned and not attempting any kind of prompt injection to get ai-code-review to disclose a secret or mess with the repository.

  The other thing is you need an AI provider API key. In this recipe we have a Gemini API key saved as a repository secret called GEMINI_API_KEY. To create repository secrets, go to repository "Settings", then "Actions", then "Secrets", and click "Add secret". In the workflow, we make the repository secret called GEMINI_API_KEY (secrets.GEMINI_API_KEY) available in the container as the environment variable AI_API_KEY; ai-code-review reads it in from there. Gemini is the default LLM provider for ai-code-review. You can also use OpenAI or Anthropic by adding an --ai-provider argument to the ai-code-review call in the workflow (obviously, then, the secret you export as AI_API_KEY must be a valid key for that provider). I'm hoping that in the not-too-distant future, we'll have an LLM model provider in Fedora infra, running open source models, that we can use for this purpose; for now, unfortunately, we have to use the hyperscaler ones.

  Finally, as noted in the comment, the workflow is intended to remove the ai-review-please label when it runs (so you don't have to remove it manually, then add it again, if you want another review later), but this does not currently work for pull requests from forks due to a Forgejo bug (because we're using pull_request_target the workflow token should have write permissions even for a fork PR, but it doesn't). If you use it on a fork PR, you'll have to remove the label manually once the workflow has triggered.

  You can, of course, change the on block to be the same as the CI recipe if you want to have LLM review run automatically whenever a PR is created or edited - but do make sure whoever's paying the bills for the API key is OK with that, and monitor the repo to make sure nobody starts creating hundreds of PRs to try and blow your budget...and hope/pray nobody manages a successful prompt injection attack. On the whole I'd stick with the label (only repository admins can label PRs, so a non-admin attacker can't apply the label themselves to trigger the review).

• Tomas Tomecek Ambient Code followup: PR merged

  This is a followup to my previous post about how I tried Ambient Code.

  TL;DR: I opened a PR (#specfile/508) and had to take over in the end.

  

  Where did we end?

  Claude Code proposed a solid implementation plan to us, Stella (the staff engineer agent) approved it.