I wrote about the full TeamPCP attack chain, from poisoned Trivy to LiteLLM to credential theft, and what it means for every AI team building with Python: https://www.canartuc.com/95-million-downloads-poisoned-by-its-own-security-scanner/

20+ stories I did not fit into this thread. Including Canonical funding Rust rewrites, NVIDIA killing a 10-year GPU line, and how one email turned a user into the maintainer of a 4M-download project: https://www.canartuc.com/open-source-linux-weekly-w13_2026/

6/ Three governance fights in one day: Manjaro vs its founder, Mesa still stuck on AI code policy, systemd's age verification field sparking privacy debates. Open source decision-making is under real pressure right now. Which one are you watching closest?

5/ Manjaro's governance crisis hit Phase 3. 19 team members including the CTO declared founder Philip Muller uncooperative after he refused to answer questions about asset transfers. Muller warns of legal consequences. The forum thread passed 200 replies. A fork is on the table.

4/ Linux 7.0-rc5 dropped March 22. Torvalds says the cycle is calming down after three unusually large release candidates. He blames the new major version number for making devs submit more patches early. Mid-April stable release on track for Ubuntu 26.04 LTS and Fedora 44.

3/ Firefox 149 ships today with a free built-in VPN providing 50 GB per month, Split View for side-by-side pages, and granular AI controls users actually asked for. No extra subscription. Available in the US, France, Germany, UK. Mozilla's most aggressive move in years.

2/ Google open-sourced the GKE Cluster Autoscaler, a core provisioning component they kept proprietary for years. Microsoft launched AI Runway, a Kubernetes API for inference workloads. Kubernetes is becoming the default control plane for AI. Both vendors forced into openness.