Ars Technica reports
on the impact that the "Heartbleed" bug in OpenSSL has had for the Tor
anonymizing network. "The Tor Project team has been moving to
provide patches for all of the components, and most of the core
network was quickly secured. However, a significant percentage of the relay servers, many of which serve countries with heavy Internet censorship, have remained unpatched. These systems are operated by volunteers and may run unattended."
The Debian project has announced that the security support period for the
6.0 ("squeeze") release has been extended by nearly two years; it now runs
out in February 2016. At the end, squeeze will have received a full five
years of security support. "squeeze-lts is only going to support i386 and amd64. If you're
running a different architecture you need to upgrade to Debian 7
(wheezy). Also there are going to be a few packages which will not
be supported in squeeze-lts (e.g. a few web-based applications
which cannot be supported for five years).
Internet Systems Consortium, the non-profit behind the BIND DNS server, has released version 1.2 of BIND 10, which is the last release it will make of the "applications framework for Internet infrastructure, such as DNS". That completes ISC's development effort on BIND 10, so it has renamed the project to Bundy and turned it over to the community for updates and maintenance.
Ubuntu has announced the release of its latest long-term support
distribution: Ubuntu 14.04 LTS (aka "Trusty Tahr"). The release notes
have all the details.
NPR has a look at the cross-pollination of open source software and agriculture, resulting in the release of the first "Open Source Seeds".
Debian has announced that
regular security updates for Debian 6.0 ("squeeze") will cease on May 31.
But there will be long-term support for most of the packages in squeeze on
just the i386
and amd64 architectures until February 2016.
The LWN.net Weekly Edition for April 17, 2014 is available.