Language Selection

English French German Italian Portuguese Spanish

Pacman 5.2 Release

Filed under

We have a clear winner. Although I’m sure that at least half of those are in responses to bugs he created! He claims it is a much smaller proportion… And a new contributor in third.

What has changed in this release? Nothing super exciting as far as I’m concerned, but check out the detailed list here.

We have completely removed support for delta packages. This was a massively underused feature, usually made updates slower for a slight saving on bandwidth, and had a massive security hole. Essentially, a malicious package database in combination with delta packages could run arbitrary commands on your system. This would be less of an issue if a certain Linux distro signed their package databases… Anyway, on balance I judged it better to remove this feature altogether. We may come back to this in the future with a different implementation, but I would not expect that any time soon. Note a similar vulnerability was found with using XferCommand to download packages, but we plugged that hole instead of removing it!

Read more

Arch Linux's Pacman 5.2 Released

  • Arch Linux's Pacman 5.2 Released - Drops Support For Delta Packages, Adds Zstd Support

    The Pacman 5.2 package manager for Arch Linux systems is now available with a variety of changes over earlier releases.

    Pacman 5.2 notably drops support for delta packages -- the ability to download what has changed between current and new versions of packages. Delta packages/updates are supposed to yield bandwidth savings and time due to only downloading the "diff" between package versions, but ultimately the current implementation didn't work out well. Pacman's delta package handling yielded minimal bandwidth savings and it turned out to be a security hole.

Pacman 5.2 for Arch Linux released

  • Pacman 5.2 for Arch Linux released

    Allen McRae, an Arch Linux project/lead developer, announced the release of Pacman 5.2 on his blog on Monday.

    For those new to Pacman, it’s a package manager and one of the major distinguishing features of Arch Linux, combining a simple binary package format with an easy-to-use build system. Pacman can manage installation, upgrades, removal, and downgrades.

    The new version Pacman 5.2, includes a variety of changes over earlier releases.

    The most significant change is related to delta packages. The dev team has completely removed support for delta packages, claiming not only was the feature was massively underutilized, but it also made updates slower, albeit slightly. The programmers also noted a massive security hole with the delta packages that allowed for malicious package database to run arbitrary commands on the user’s system.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Android Leftovers

pip 20.3 release

On behalf of the Python Packaging Authority, I am pleased to announce that we have just released pip 20.3, a new version of pip. You can install it by running `python -m pip install --upgrade pip`. This is an important and disruptive release -- we explained why in a blog post last year Read more

Western Digital WD_BLACK SN850 NVMe PCIe 4.0 SSD Linux Performance

This month Western Digital introduced the WD_BLACK SN850 as the latest PCI Express 4.0 solid-state drive hitting the market. The WD_BLACK SN850 is a surprisingly strong performer if looking to upgrade to PCIe 4.0 solid-state storage, competing with the fastest of the consumer drives currently available. The WD_BLACK SN850 makes use of Western Digital's G2 controller and 96L TLC NAND flash memory. The 1TB drive being tested today is rated for 7,000 MB/s sequential reads and 5,300 MB/s sequential writes and 1 million IOPS for random reads and 720k IOPS for random writes. Read more

GNU Octave 6.1 Released with Improvements / New Functions

GNU Octave 6.1 was released a few days ago with numerous improvements, bug-fixes, and a list of new functions. Changes in Octave 6.1 include... There’s no PPA repository contains the new release package at the moment of writing. Before the official Snap package and the community maintained Flatpak package publish the new package, you can download & build GNU Octave from the source tarball... Read more