This week the European Commission published the draft for a guidance document for the Cyber Resilience Act (CRA). It is 70 pages, but contains some helpful examples and flowcharts, like this one, making it accessible even to Open Source folks with limited time.

Here: Quick guidance for the question if your FOSS component is in scope for the CRA, and if so, wether you're deemed a steward or manufacturer in regards of the component.

#opensource #cra

After talking with a bunch of different companies / groups, we've now bumped the length of a few of the longterm kernels we are supporting:
https://git.kernel.org/pub/scm/docs/kernel/website.git/commit/?id=d04587da86a3464881e0c97aabddd2c271105698

As always, the dates can be found at:https://www.kernel.org/category/releases.html

Gemini, please convert this response into a politely worded email:

Hi:

Your vulnerability report is stupid. You have no idea what you're talking about, or you're hoping that nobody actually checks your findings. Unfortunately for me, I did check your findings and I will never get these 20 minutes of my life back. Everyone is dumber as a result of your report. Please do not contact us again.

It was one of those Mondays...

https://lwn.net/Articles/1059031/

Another post in my series about the kernel CVE process, all about how we classify fixes to be assigned a CVE and other related things:

http://www.kroah.com/log/blog/2026/02/16/linux-cve-assignment-process/

If you use AI-generated code, you currently cannot claim copyright on it in the US. If you fail to disclose/disclaim exactly which parts were not written by a human, you forfeit your copyright claim on *the entire codebase*.

This means copyright notices and even licenses folks are putting on their vibe-coded GitHub repos are unenforceable. The AI-generated code, and possibly the whole project, becomes public domain.

Source: https://www.congress.gov/crs_external_products/LSB/PDF/LSB10922/LSB10922.8.pdf

The #Rust support in the #Linux #kernel is now officially a first class citizen and not considered experimental any more:

https://git.kernel.org/torvalds/c/9fa7153c31a3e5fe578b83d23bc9f185fde115da; for more details, see also: https://lwn.net/Articles/1050174/

This is one of the highlights from the main #RustLang for #LinuxKernel 7.0 that was merged a few hours ago ; for others, see https://git.kernel.org/torvalds/c/a9aabb3b839aba094ed80861054993785c61462c

The 2nd Annual #EuropeanOpenSourceAwards have come to a close, but you can still revisit the best moments of the Awards Ceremony.

👇Watch the recording available here :
https://awards.europeanopensource.academy/awards/2026-recording-event

The European Open Source Awards ceremony from January 29th, in one loooong recording with yours truly showing up several times.

Most blabbing at 1h24 and onward when @gregkh was up.

https://youtu.be/KXS5KQjWjns?si=bN35SofySbhbtys_&t=150

I am losing it at how many of my peers have forgotten what software engineering is. It is not typing in lines of code.

Since we’re not superstitious, the 13th edition of KR will take place September 21–23, 2026 (black cats strictly forbidden during this edition — even on a leash… 😄). We hope to see loads of you there!

And because we want to keep offering the best possible conditions for three days of good vibes and community for everyone, feel free to support this edition by becoming a sponsor. All the info is here!

https://kernel-recipes.org/en/2026/sponsor/

reading vibecoders talk about how great vibecoding is for engineering real things is like reading bitcoiners talk about how they think money works

Being on Team Words Mean Things is difficult these days, particularly when multibillion-dollar companies put out breathless press releases saying "By using our massive language model, whose training data includes every version of GCC ever released, and having it autocorrect its own output by testing it against GCC, we managed to make a C compiler that mostly works for only $20,000 in a week and gosh I have so many feelings."

I mean, what the fuck are we even doing here.

https://www.anthropic.com/engineering/building-c-compiler

I think it's interesting how software engineers are (among?) the most eager working class group to replace themselves with LLMs.

It's interesting because LLMs do a worse job than us, we lose ability/skill to do our job the more we use it, lose our jobs, produce worse software, are less satisfied with our work, etc.

Yet so many of my peers seem to be super excited about and advocate for it, while other working class groups at least detest LLMs if not even consider organising themselves to protect their trade/jobs from LLMs.

Are we becoming the cops (read as: class traitors) of this techno-fascist dystopia?

Looks like the AI companies have finally run out of money as they are asking various open source projects to test their closed source products for them for free. What could go wrong with giving access to an unknown tool to private code repos?

If I didn't know better, I would think this is an elaborate phishing scam, or they have run out of data to scrape and need more training material.

Gotta admire their brazenness...

As it came up in a few conversations during "FOSDEM week", here's a link to the OpenSSF blog post about why the idea of "attestation for open source projects" is, in my opinion, and others, a bad idea:

https://openssf.org/blog/2026/01/21/preserving-open-source-sustainability-while-advancing-cybersecurity-compliance/

Yes, FOSS foundations and projects need ways of getting funding, that is very important, but thinking that "attestation is how we will get that money!" might not be such a good idea given the risks involved, and the past experience for those that have attempted it.

so I like to make plaintext outlines of presentations I do. Today is a banger.

I may regret this at some point, but I felt the need to put down in writing how I feel about this moment in the tech industry.

It is not kind. You may well be insulted by it. If you are... then you really should question yourself.

https://www.garfieldtech.com/blog/selfish-ai

#AI #LLM #Programming

There is no Claude, just other people's code

Michiel Leenaars for @nlnet at @fosdem

Everything you’re hearing about AI is completely true and not at all made up by sycophants

The only thing that is real is your FOMO

Also ducks. Ducks are real