From pmatilai at redhat.com Wed Apr 13 10:48:46 2022 From: pmatilai at redhat.com (Panu Matilainen) Date: Wed, 13 Apr 2022 13:48:46 +0300 Subject: [Rpm-announce] RPM 4.18.0 alpha released! Message-ID: Year 2021 proved challenging in various ways, but here we go again. By far the biggest challenge in this release was dealing with the symlink CVE pile from last year, which required a big rework of the file handling code, and rewriting --restore to take advantage of the same code. Which is why there's perhaps less new exciting things than in some other recent releases, but there's some good stuff anyway. The obligatory highlights summary: * Big file handling rework to address a class of symlink vulnerabilities during install, restore and erasure * More intuitive conditional builds macro `%bcond` * Weak dependencies accept qualifiers like `meta` and `pre` now * New interactive shell for working with macros (`rpmspec --shell`) and embedded Lua (`rpmlua`) * New `%conf` spec section for build configuration * New `rpmuncompress` cli tool simplifies unpacking multiple sources * Numerous macro improvements and fixes * Numerous OpenPGP parser correctness and security fixes As usual, further details and download information available at: https://rpm.org/wiki/Releases/4.18.0 On behalf of the rpm-team, - Panu - From pmatilai at redhat.com Wed Apr 13 11:55:21 2022 From: pmatilai at redhat.com (Panu Matilainen) Date: Wed, 13 Apr 2022 14:55:21 +0300 Subject: [Rpm-announce] New RPM community venue Message-ID: <9437c6cb-ae92-da62-683c-1bcd032243a0@redhat.com> As of today, we're opening up the GitHub Discussions forum as a new venue for community interaction: https://github.com/rpm-software-management/rpm/discussions Why, you ask, when we have all these mailing lists? The sad fact is that the mailing lists are all but dead, to the point that even us maintainers miss the rare post on them, leading them even more dead because few people like talking to themselves. Yet, clearly there is a need for a place to ask questions and discuss various aspects of rpm and its future, and based on evidence people are more inclined to file a ticket to do this rather than post on a mailing list. That, or remain silent. Neither is a particularly good outcome. We hate the potential vendor lock-in as much as anybody, so these discussions will always be mirrored to rpm-maint mailing list along with the ticket and PR notifications. Other than that, we'll see how it goes. On behalf of rpm-team, - Panu -