The WebM Project looks at a draft of a VP8 patent agreement. "Google is in the process of preparing an agreement that will assist companies and developers with the adoption of VP8 technology by making available a royalty-free license to certain patents that are necessary for the implementation of VP8 and which are owned by Google and a number of other major technology companies." (Thanks to Mark Wielaard)

Richard Stallman covers a proposal to specify standards for HTML extensions to implement Digital Restrictions Management (DRM). "Of course, the W3C cannot prevent companies from grafting DRM onto HTML. They do this through nonfree plug-ins such as Flash, and with nonfree Javascript code, thus showing that we need control over the Javascript code we run and over the C code we run. However, where the W3C stands is tremendously important for the battle to eliminate DRM. On a practical level, standardizing DRM would make it more convenient, in a very shallow sense. This could influence people who think only of short-term convenience to think of DRM as acceptable, which could in turn encourage more sites to use DRM." (Thanks to Paul Wise)

The Mozilla blog has some advice for developers trying to draw attention to their projects. "Before we get started, there’s a stumbling block we need to kick away. Terms like ‘marketing’ and ‘advertising’ are dirty words for many developers and it’s not uncommon for developers to be reluctant to do much promotion. ‘Build it and they will come’ used to work when exciting open source projects were few and far between but now everyone seems to be working on something and making a noise about it. Few of the successes you see come through pure luck but because developers are actively promoting their work or, at least, making it discoverable."

Fedora has updated xen (F18; F17: multiple vulnerabilities), python-pip (F18; F17: insecure tempdir usage), curl (F18: cookie information disclosure), gogoc (F18: violation of packaging guidelines), and kernel (F17: multiple vulnerabilities).

Mandriva has updated java-1.7.0-openjdk (multiple vulnerabilities).

Ubuntu has updated clamav (multiple vulnerabilities).

Debian has announced the release of Debian 7.0 ("Wheezy"). "Multiarch support, one of the main release goals for "Wheezy", will allow Debian users to install packages from multiple architectures on the same machine. This means that you can now, for the first time, install both 32- and 64-bit software on the same machine and have all the relevant dependencies correctly resolved, automatically. [...] The installation process has been greatly improved: Debian can now be installed using software speech, above all by visually impaired people who do not use a Braille device. Thanks to the combined efforts of a huge number of translators, the installation system is available in 73 languages, and more than a dozen of them are available for speech synthesis too." More details can be found in the release notes.

At the Yorba blog, Jim Nelson has written up an examination of the recent Geary development fundraising campaign, in particular a response to the theories circulating about why the drive came up short. "First, it’s important to understand that the Geary campaign was a kind of experiment. We wanted to know if crowdfunding was a potential route for sustaining open-source development. We weren’t campaigining to create a new application; Geary exists today and has been under development for two years now. Unlike OpenShot and VLC, we weren’t porting Geary to Windows or the Mac, we wanted to improve the Linux experience. And we had no plans on using the raised money as capital to later sell a product or service, which is the usual route for most crowdfunded projects. Our pitch was simply this: donate money so we can make Geary on Linux even better than it is today." Nelson analyzes several of the publicly debated issues, such as the amount, the competition, and the fundraising platform used.

Open Source Initiative (OSI) president Simon Phipps has posted a brief announcement on the OSI blog describing upcoming changes to the OSI governance process and the makeup of the board. "One of the ways we're turning OSI into a member organisation is to gradually replace the Board with member-selected directors. This process started last year when OSI's Affiliate members -- non-profit organizations themselves -- selected candidates for the Board." Two new vacancies on the board will be filled by election, and the OSI board is meeting in Washington DC next week to discuss further changes. Phipps notes: "If you would like to meet them, please come to OSI's DC Metro Open Source Community Summit on May 10."

Debian has updated stunnel4 (code execution).

Fedora has updated telepathy-idle (F17, F18; certificate validation error).

Mageia has updated apache-mod_security (information disclosure), clamav (multiple vulnerabilities), drupal (denial of service), java-1.7.0-openjdek (multiple vulnerabilities), krb5 (denial of service), phpmyadmin (multiple vulnerabilities), qemu (information disclosure), roundcubemail (information disclosure), subversion (multiple vulnerabilities), util-linux (information disclosure), and webmin (multiple vulnerabilities).

Mandriva has updated phpmyadmin (multiple vulnerabilities).

openSUSE has updated java-1_7_0-openjdk (multiple vulnerabilities) and krb5 (denial of service).

Ubuntu has updated kernel (multiple vulnerabilities).

This year's edition of the Linux Plumbers Conference (LPC) will be held September 18-20 in New Orleans, Louisiana, overlapping the last day of LinuxCon North America. Early registration for LPC ends on May 12 and the deadline for refereed paper proposals is June 17. The program committee has started approving microconference tracks, but it is not too late propose additional microconference topics.

openSUSE has updated icedtea-web (12.1: two vulnerabilities).

Ubuntu has updated kernel (12.04: multiple vulnerabilities), OMAP4 kernel (12.04: multiple vulnerabilities), Quantal HWE kernel (12.04: multiple vulnerabilities), kernel (12.10: multiple vulnerabilities), and OMAP4 kernel (12.10: multiple vulnerabilities).

The Google Open Source Blog announces the contribution of Adobe's Compact Font Format rasterizer to the FreeType project. "CFF fonts are capable of very high quality display but the technology places the burden for this display quality on the text rasterizer instead of on the font as is done in TrueType. The new Adobe CFF engine brings that high quality rasterizer support to FreeType." More information can also be found in Adobe's announcement.

The LWN.net Weekly Edition for May 2, 2013 is available.

OpenBSD 5.3 has been released. The release announcement (click below) contains a lengthy list of new features and improvements.

The Software Freedom Conservancy has announced a campaign to raise money and hire a developer to produce a useful, free-software accounting system aimed at the needs of non-profit organizations. "Indeed, Conservancy reached out into the broader fiscal sponsorship community beyond the FLOSS NPO community and discovered that many larger fiscal sponsors — even those willing to use proprietary components — have cobbled together their own unique systems, idiosyncratically tailored to their specific environments. Thus, good, well-designed, and reusable accounting software for non-profit fiscal sponsorship is not just missing in the software freedom community; it's missing altogether." The goal is to raise $75,000 for the first year's worth of work.

Greg KH has released a new set of stable kernels; 3.8.11, 3.4.43, and 3.0.76. As usual, these releases contain many important fixes.

Since the advent of object-oriented programming languages around the time of Smalltalk in the 1970s, inheritance has been a mainstay of the object-oriented vision. It is therefore a little surprising that both "Go" and "Rust" — two relatively new languages which support object-oriented programming — manage to avoid mentioning it. In this subscriber-only article, Neil Brown looks at how this classic object-oriented concept has evolved in two recent languages.

Fedora has updated pdns-recursor (F18; F17: ghost domain name resolving flaw).

The Mozilla blog reports that Mozilla is using its trademarks to back up a cease-and-desist letter to Gamma International, the maker of the infamous FinFisher surveillance system. "We cannot abide a software company using our name to disguise online surveillance tools that can be – and in several cases actually have been – used by Gamma’s customers to violate citizens’ human rights and online privacy."

As open source becomes more popular and mature, questions of formalizing the governance and corporate structures of projects are becoming of increasing importance, as can been seen by the rising visibility of various FOSS foundations. At the Linux Foundation Collaboration Summit in San Francisco, Tony Sebro shared his insights about the value that fiscal sponsors bring as umbrella organizations for FOSS projects. Sebro is the General Counsel of Software Freedom Conservancy, which is the home of about 30 free and open source projects, including Samba, Git, and BusyBox.

Click below (subscribers only) for the full report by Martin Michlmayr.

Open Build Service (OBS) 2.4 has been released. "With OBS 2.4 it is now possible to build packages in the PKGBUILD format used for instance by the popular Arch Linux distribution. This is the third package format, after RPM and DEB, supported by the OBS which makes it feasible to build and ship software for all the major Linux distributions that use a binary package format. Another popular demand for build servers these days is the support for signing individual files (bootloader, driver etc.) inside packages with a cryptographic key to support standards like UEFI secure boot. In version 2.4 the OBS sign daemon has been extend to handle this security feature. And with the rise of App-Stores as means to distribute software to end users this OBS release brings support for the cross-distribution application metadata standard AppStream."