System76 is announcing a "fully redesigned" version of its AMD-only Linux-powered "Pangolin" laptop with an upgraded memory, storage, processor, and display.

9to5Linux reports: It features the AMD Ryzen 7 6800U processor with up to 4.7 GHz clock speeds, 8 cores, 16 threads, and AMD Radeon 680M integrated graphics.... a 15.6-inch 144Hz Full HD (1920 x 1080) display [using 12 integrated Radeon graphics cores] with a matte finish, a sleek magnesium alloy chassis, and promises up to 10 hours of battery life with its 70 Wh Li-Ion battery. It also features a single-color backlit US QWERTY Keyboard and a multitouch clickpad. Under the hood, the Linux-powered laptop boasts 32 GB LPDDR5 6400 MHz of RAM and it can be equipped with up to 16TB PCIe 4.0 NVMe M.2 SSD storage. Another cool feature is the hardware camera kill switch for extra privacy....

As with all of System76's Linux-powered laptops, the all-new Pangolin comes pre-installed with System76's in-house built Pop!_OS Linux distribution featuring the GNOME-based COSMIC desktop and full disk-encryption or with Ubuntu 22.04 LTS.

Linux 6.1 was widely anticipated to be a Long-Term Support (LTS) kernel with normally the last major release series for the calendar year normally promoted to LTS status. Greg Kroah-Hartman as the Linux stable maintainer went ahead today and formally recognized Linux 6.1 as the 2022 LTS kernel. From a report: Greg KH was planning on Linux 6.1 being LTS given its December debut. But he was waiting on feedback from kernel stakeholders over their test results with Linux 6.1 and plans around using Linux 6.1 for the long-term. He's finally collected enough positive responses -- along with co-maintainer Sasha Levin -- that there is confidence in maintaining Linux 6.1 as an LTS series.

As of now the plan is on maintaining Linux 6.1 through December 2026, which is just a few months longer than the current Linux 5.15 LTS series that will be maintained through October 2026. We'll see over time if Linux 6.1 ends up potentially being maintained for the longer six-year LTS period that would put it through 2028. However, the number of Linux LTS series being maintained in tandem is growing and will ultimately depend upon how much these kernels are used by major industry players and how much commitment there is for testing of the point release candidates, etc.

Long-time Slashdot reader destinyland writes: Someone made a Chromium fork... for your terminal. The terminal-based browser Carbonyl "adheres to, and is compatible with modern standards," writes MUO, "meaning that pages behave as they should, and you can even watch streaming video, within the Linux terminal!"

But best of all, "Pages connect and render in an instant—seemingly quicker than a desktop GUI browser, and every page we visited was rendered correctly."
From the article: There are a bunch of good reasons to browse the internet from the comfort of your terminal. It could be that eschewing the bloat of X.org and Wayland, a terminal is all you have. Maybe you like SSHing into remote machines and browsing the internet from there.

Perhaps you, like us, just really, really like terminals.

Whatever the reason, your choices of web browsers have, until recently, been limited, and your experience of the world wide web has been a janky, barely-functional one.... We tested Carbonyl in a range of Linux terminals, including the XFCE terminal. GNOME terminal, kitty, and the glorious Cool Retro Terminal. Carbonyl was smooth, fast, and flawless in all of them.

We even connected to our Raspberry Pi via SSH in CRT, and ran Carbonyl remotely, watching Taylor Swift music videos on YouTube. No problem.
And yes, you can use it to play DOOM.

Earlier this week NME reported: With an update to Ubisoft Connect, Ubisoft has broken Steam Deck and Linux compatibility for a number of its biggest games including The Division 2 and Assassin's Creed Valhalla. As reported by GamingOnLinux, the compatibility issues were caused by Ubisoft issuing an update for its Ubisoft Connect launcher. Even if Ubisoft's titles are bought through Steam, they still launch with Ubisoft Connect and require a connection with the third-party launcher to run.
"Thankfully, Steam Deck users have already figured out that updating the device's Proton Experimental version and switching all Ubisoft games to use it resolves the issue," added GameRant.

But Gaming on Linux described the incident as third-party launchers on Steam "once again being a massive nuisance." Why do developers and publishers keep forcing these absolutely useless third-party launchers on us? Never once have I, or anyone I've spoken to, actually wanted them. They only ever cause problems and solve basically nothing that Steam cannot already do directly.
And PC Gamer agrees: This is yet another example of frustrating third-party launchers only making everyone's lives more difficult. I don't even want to know Ubisoft Connect exists, let alone have it flash up in my face and not be able to play my games because it's not working properly. I understand these companies want my data but you're supposed to be sneakier and better at getting it than this by now.

Phoronix reports: A proposed Linux kernel patch would provide a new Kconfig build time option of "CONFIG_DEFAULT_CPU_MITIGATIONS_OFF" to build an insecure kernel if wanting to avoid the growing list of CPU security mitigations within the kernel and their associated performance overhead.

While risking system security, booting the Linux kernel with the "mitigations=off" option has been popular for avoiding the performance costs of Spectre, Meltdown, and the many other CPU security vulnerabilities that have come to light in recent years. Using mitigations=off allows run-time disabling of the various in-kernel security mitigations for these CPU problems.

A patch proposed this week would provide CONFIG_DEFAULT_CPU_MITIGATIONS_OFF as a Kconfig switch that could optionally be enabled to have the same affect as mitigations=off but to be applied at build-time to avoid having to worry about setting the "mitigations=off" flag.

An anonymous reader quotes a report from VentureBeat: Red Hat is perhaps best known as a Linux operating system vendor, but it is the company's OpenShift platform that represents its fastest growing segment. Today, Red Hat announced the general availability of OpenShift 4.12, bringing a series of new capabilities to the company's hybrid cloud application delivery platform. OpenShift is based on the open source Kubernetes container orchestration system, originally developed by Google, that has been run as the flagship project of the Linux Foundation's Cloud Native Computing Foundation (CNCF) since 2014. [...] With the new release, Red Hat is integrating new capabilities to help improve security and compliance for OpenShift, as well as new deployment options on ARM-based architectures. The OpenShift 4.12 release comes as Red Hat continues to expand its footprint, announcing partnerships with Oracle and SAP this week.

The financial importance of OpenShift to Red Hat and its parent company IBM has also been revealed, with IBM reporting in its earnings that OpenShift is a $1 billion business. "Open-source solutions solve major business problems every day, and OpenShift is just another example of how Red Hat brings business and open source together for the benefit of all involved," Mike Barrett, VP of product management at Red Hat, told VentureBeat. "We're very proud of what we have accomplished thus far, but we're not resting at $1B." [...]

OpenShift, like many applications developed in the last several decades, originally was built just for the x86 architecture that runs on CPUs from Intel and AMD. That situation is increasingly changing as OpenShift is gaining more support to run on the ARM processor with the OpenShift 4.12 update. Barrett noted that Red Hat OpenShift announced support for the AWS Graviton ARM architecture in 2022. He added that OpenShift 4.12 expands that offering to Microsoft Azure ARM instances. "We find customers with a significant core consumption rate for a singular computational deliverable are gravitating toward ARM first," Barrett said.

Overall, Red Hat is looking to expand the footprint of where its technologies are able to run, which also new cloud providers. On Jan. 31, Red Hat announced that for the first time, Red Hat Enterprise Linux (RHEL) would be available as a supported platform on Oracle Cloud Infrastructure (OCI). While RHEL is now coming to OCI, OpenShift isn't -- at least not yet. "Right now, it's just RHEL available on OCI," Mike Evans, vice president, technical business development at Red Hat, told VentureBeat. "We're evaluating what other Red Hat technologies, including OpenShift, may come to Oracle Cloud Infrastructure but this will ultimately be driven by what our joint customers want."

Organizations using Microsoft's Defender for Endpoint will now be able to isolate Linux devices from their networks to stop miscreants from remotely connecting to them. The Register reports: The device isolation capability is in public preview and mirrors what the product already does for Windows systems. "Some attack scenarios may require you to isolate a device from the network," Microsoft wrote in a blog post. "This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement. Just like in Windows devices, this device isolation feature." Intruders won't be able to connect to the device or run operations like assuming unauthorized control of the system or stealing sensitive data, Microsoft claims.

According to the vendor, when the device is isolated, it is limited in the processes and web destinations that are allowed. That means if they're behind a full VPN tunnel, they won't be able to reach Microsoft's Defender for Endpoint cloud services. Microsoft recommends that enterprises use a split-tunneling VPN for cloud-based traffic for both Defender for Endpoint and Defender Antivirus. Once the situation that caused the isolation is cleared up, organizations will be able to reconnect the device to the network. Isolating the system is done via APIs. Users can get to the device page of the Linux systems through the Microsoft 365 Defender portal, where they will see an "Isolate Device" tab in the upper right among other response actions. Microsoft has outlined the APIs for both isolating the device and releasing it from lock down.

An anonymous reader quotes a report from ZDNet, written by Jack Wallen: PikaOS is very similar to that of Nobara Linux, which opts for a Fedora base. But what are these two Linux distributions? Simply put, they are Linux for gamers. [...] So, what does PikaOS do that so many other distributions do not? The most obvious thing is that it makes it considerably easier to install the tools needed to play games. Upon first logging in, you're greeted with a Welcome app. In the First Steps tab, you have quick access to tools for updating the system, installing patented codecs and libraries, installing propriety Nvidia drivers, installing apps from the Software Manager, and installing WebApps.

Next comes the Recommended Additions, where you can install the likes of: PikaOS Game Utilities is a meta package that installs Steam, Lutris, GOverlay, MangoHud, Wine, Winetricks, vkBasalt, and other gaming-centric tools; Microsoft TrueType fonts for better Windows font emulation; Blender for creating 3D images; OBS Studio for streaming; Kdenlive for non-linear video editing; Krita for painting; and LibreOffice for productivity. In the Optional Steps tab, you can add AMD proprietary drivers, ROCm drivers, Xone drivers, and Proton GE (for Steam and Wine compatibility). Finally, the Look And Feel tab allows you to customize themes, layouts, and extensions. The layouts section is pretty nifty, as it allows you to configure the GNOME desktop to look and feel like a more traditional desktop, a MacOS-like desktop, a Windows 11 layout, a throwback GNOME 2 desktop, and even a Ubuntu Unity-like desktop.

As far as pre-installed software goes, it's pretty bare bones (until you start adding titles from the Recommended Additions tab in the Welcome App). You'll find Firefox (web browser), Geary (email), Pidgin (messaging), Weather, Calculator, Cheese (web camera software), Rhythmbox, Contacts, a few utilities, and basic games. However, installing new apps is quite simple via the Software Manager app. Of course, the focus of PikaOS is games. When you install the PikaOS Game Utilities, you'll get Steam installed, which makes it easy to play an endless array of games on the Linux desktop. One thing to keep in mind, however, is that when you launch the PikaOS Game Utilities installation, it opens a terminal window to run the installation. Give this plenty of time to complete and, in the end, you can launch Steam, log in to your Steam account, and start playing. Just remember, the first time you launch the Steam app, it will take a moment to update and configure. But once it's up and running... let the games begin.

"From the maintainer of Ubuntu Unity and the Unity desktop environment, here comes blendOS," writes 9to5Linux, "a GNU/Linux distribution that aims to be the last distribution you'll ever use, especially if you distro hop." blendOS is here to offer you "a seamless blend of all Linux distributions," as its creator wants to call it. blendOS is based on Arch Linux and GNOME on Wayland, but it lets you use apps from other popular distributions, such as Fedora Linux or Ubuntu.

This is possible because you can use the native package managers from Arch Linux (pacman — included by default), Fedora Linux (dnf), and Ubuntu (apt), which are included as containers using Distrobox/Podman. However, the DNF and APT package managers aren't included in the live ISO image, nor blendOS's own blend package manager.... It also follows a rolling release model, since it's derived from Arch Linux.

Even if it comes with the GNOME desktop by default on the live ISO image, blendOS will let you deploy a new installation with another popular desktop environment, such as KDE Plasma, MATE, or Xfce, or even window managers like Sway or i3. Apart from the fact that you can install any app from any of the supported Linux distributions, blendOS also comes with out-of-the-box support for sandboxed Flatpak apps, which you can easily install directly from the Flathub Store app, which is a Web App that puts the Flathub website on your desktop.

At the UN's COP27 climate summit in November, "observer status" was granted to representatives from the Linux Foundation's nonprofit Green Software Foundation, and from its Hyperledger Foundation, a not-for-profit umbrella project for open source blockchains and related tools.

So what happened? From the Linux Foundation's blog: At COP27, one thing that was clear to many is that the complexity of the climate crisis and the pace of change needed will require open source approaches to problem-solving and information sharing — only then will we achieve the required global collaboration to collectively reduce carbon emissions and adapt our communities to survive extreme climate events. We believe that the Linux and Hyperledger Foundations have a role to play in this quickly evolving ecosystem....

The Linux Foundation is committed to exploring how open source data models, standards, and technologies can enable a decarbonized economy. The lessons we learned at COP27 clarified that there is a crucial opportunity for us to contribute to this effort by developing open source solutions that provide accurate, curated, up-to-date, accessible, and interoperable emissions data, as well as open source tools that enable asset owners, asset managers, banks, and real economy companies to accelerate Net Zero-aligned resilient investment and finance in the companies and projects that are climate-sustainable; enable real economy companies to accelerate their transition through Paris-aligned R&D, product development, and CapEx; provide regulators the information needed to manage systemic risk across the economy; empower policymakers and civil society to press for change more effectively.

We are excited to be part of this important movement! By taking a leadership role in this space with our projects, standards, and protocols, we hope to support global climate action in meaningful ways.
The blog post also shared an update from the representative from the Green Software Foundation, a non-profit creating "a trusted ecosystem of people, standards, tooling and best practices for green software." [T]the tech sector has a significant carbon footprint comparable to the shipping industry. For digital technologies to be true enablers for emissions reductions, there's a clear need to ensure that when we replace a process with a digitized one, it gets us closer to our climate targets.


To support this end, at COP27, Green Software announced several initiatives to support this goal, from a free, certified Green Software for Practitioners course, as well as the Software Carbon Intensity specification, a standardized protocol to measure the carbon emissions of software to achieve wide industry and academic adoption, a pattern library for engineers to adopt in their own software designs, along with a month-long global hackathon, Carbonhack, demonstrating these techniques and the impact they can have in reducing emissions from information technologies.

An anonymous reader shares this report from OMG! Ubuntu: Developers have just uncorked a brand new release of Wine, the open source compatibility layer that allows Windows apps to run on Linux.

A substantial update, Wine 8.0 is fermented from a year's worth of active development (roughly 8,600 changes in total). From that, a wealth of improvements are provided across every part of the Wine experience, from app compatibility, through to performance, and a nicer looking UI....

Notable highlights in Wine 8.0 include the completion of PE conversion, meaning all modules can be built in PE format. Wine devs say this work is an important milestone towards supporting "copy protection, 32-bit applications on 64-bit hosts, Windows debuggers, x86 applications on ARM", and more.

Phoronix reports: With the next Linux kernel cycle we could see upstream disable their driver support for Microsoft's Remote Network Driver Interface Specification (RNDIS) protocol due to security concerns.

RNDIS is the proprietary protocol used atop USB for virtual Ethernet functionality. The support for RNDIS outside of Microsoft Windows has been mixed. RNDIS isn't widely used today in cross-platform environments and due to security concerns the upstream Linux kernel is looking to move the RNDIS kernel drivers behind the "BROKEN" Kconfig option so they effectively become disabled in future kernel builds.

Ultimately once marked as "BROKEN" for a while, the drivers will likely be eventually removed from the upstream source tree.
Greg Kroah-Hartman wrote in a commit: "The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on any system that uses it with untrusted hosts or devices. Because the protocol is impossible to make secure, just disable all rndis drivers to prevent anyone from using them again."

"If you've been itching to try an Arch Linux distribution and want something outside of the usual GNOME/KDE/Xfce desktop environments, Mabox Linux is an outstanding option...." writes ZDNet's Jack Wallen.

"It reminded me of my early days using Linux, only with a bit of a modern, user-centric twist...." Linux was hard in its infancy. So, when I see a Linux distribution that reminds me of those days but manages to make it easy on users without years of experience under their belts, it reminds me how far the open-source operating system has come. Such is the case with Mabox Linux.... It's not that Mabox doesn't make Arch Linux easy...it does. But when you first log into the desktop, you are greeted with something most hard-core Linux users love to see but can be a real put-off to new users. I'm talking about information...and lots of it.Â

You see, Mabox Linux places four information-centric widgets front and center on the desktop, so you can get an at-a-glance look at how the OS is using your system resources and even two widgets that give you keyboard shortcuts for things like opening various apps, menus, and even window management controls. Also on the OpenBox Window Manager desktop, you'll find a single top panel that gives you quick access to all your installed apps, the Mabox Colorizer... and a system tray with plenty of controls....

Once you have the distribution installed, the big surprise comes by way of performance. Mabox Linux is amazingly fast...like faster than most distributions I've used. A big part of that is due to the OpenBox Window Manager, which is very lightweight. Compared to my regular GNOME-based Linux desktop, Mabox is like driving a Lamborgini instead of a Prius. The difference is that obvious.ÂÂ
The installation process lets you choose between open-source or proprietary video drivers, the article points out. And "you can easily customize the color of your Mabox desktop, including the theme, side panels, Conky (which creates the desktop widgets), wallpaper, Tint2 Panel, and even the terminal theme."

"A new Linux malware downloader created using SHC (Shell Script Compiler) has been spotted in the wild," reports the site Bleeping Computer, "infecting systems with Monero cryptocurrency miners and DDoS IRC bots...

"The analysts say the attacks likely rely on brute-forcing weak administrator account credentials over SSH on Linux servers.... " According to ASEC researchers, who discovered the attack, the SHC loader was uploaded to VirusTotal by Korean users, with attacks generally focused on Linux systems in the same country.... When the SHC malware downloader is executed, it will fetch multiple other malware payloads and install them on the device. One of the payloads is an XMRig miner that is downloaded as a TAR archive from a remote URL and extracted to "/usr/local/games/" and executed....

The second payload retrieved, dropped, and loaded by the SHC malware downloader is a Perl-based DDoS IRC bot. The malware connects to the designated IRC server using configuration data and goes through a username-based verification process. If successful, the malware awaits commands from the IRC server, including DDoS-related actions such as TCP Flood, UDP Flood, and HTTP Flood, port scanning, Nmap scanning, sendmail commands, process killing, log cleaning, and more.

ASEC warns that attacks like these are typically caused by using weak passwords on exposed Linux servers.

OS News cheers the first official release of Vanilla OS, calling it "an immutable desktop Linux distribution that brings some interesting new technologies to the table, such as the Apx package manager."

From the official release announcement: "By default, Apx provides a container based on your Linux distribution (Ubuntu 22.10 for Vanilla OS 22.10) and wraps all commands from the distribution's package manager (apt for Ubuntu). Nevertheless, you can install packages from other package distributions.... Using the --dnf flag with apx will create a new container based on Fedora Linux. Here, apx will manage packages from Fedora's DNF repository, tightly integrating them with the host system.
ZDNet calls Vanilla OS "a new take on Linux that is equal parts heightened security and user-friendly." Among other things, "the developers opted to switch to ABRoot, which allows for fully atomic transactions between 2 root partitions." The official release announcement explains: ABRoot will check which partition is the present root partition (i.e A), then it will mount an overlay on top of it and perform the transaction. If the transaction succeeds, the overlay will be merged with the future root partition (i.e B). On your next boot, the system will automatically switch to the new root partition (B). In case of failure, the overlay will be discarded and the system will boot normally, without any changes to either partition.
But ZDNet explains why this comes in handy: Another really fascinating feature is called Smart Updates, which is enabled in the Vanilla OS Control Center, and ensures the system will not update if it's either under a heavy load or the battery is low. To enable this, open the Vanilla OS Control Center, click on the Updates tab, and then click the ON/OFF slider for SmartUpdate. Once enabled, updates will go through ABRoot transitions and aren't applied until the next reboot. Not only does this allow the updates to happen fully in the background, but it also makes them atomic, so they only proceed when it's guaranteed they will succeed.

The only caveat to this system is that you are limited to either weekly or monthly updates, as there is no daily option for scheduling. However, if you're doing weekly updates, you should be good to go.... Setting aside that which makes Vanilla OS special, the distribution is as stock a GNOME experience as you'll find and does a great job serving as your desktop operating system. It's easy to use, reliable, and performs really well...especially considering this is the first official release.
"Every wallpaper has a light and a dark version," adds the release announcement, "so you can choose the one that best suits your needs."

Long-time Slashdot reader destinyland shares an article listing "the five best Linux distros of 2022" — as chosen by the editor of the blog omg! ubuntu!

"Spoiler: they're not all Ubuntu-based!" the article begins, also noting that it's not a ranking of superiority of importance, but rather "giving a shoutout to some of the year's best Linux releases."

Its top-listed non-Ubuntu distro? Fedora Workstation 37
Fedora Workstation is a flagship desktop Linux distro for good reason: it's robust, it's reliable, it's impeccably produced — it distills what a lot of folks seek most: a "pure" GNOME experience, delivered as devs intend, atop a strong and stable base.

Autumn's offer of Fedora 37 Workstation features GNOME 43 — an update that majorly improves the GNOME Shell user experience with Quick Settings. There's also a more-featured Files rebuilt in GTK4/libadwaita; a revamped Calendar app; a Device Security panel; Raspberry Pi 4 support; GRUB instead of syslinux on BIOS; and more.

Folk often overlook Fedora Workstation because, as Linux distros go, it's rather understated, unassuming, and drama-free. Yet, it is a finessed and functional distro that forgoes fancy flourishes to focus entirely on its performance, its integration, and its cohesion.

If you've never tried Fedora you're missing out, so sort it!
There were two other non-Ubuntu distros on the list:

• Manjaro 22.0 'Sikaris'. "As Arch-based Linux distros go Manjaro is one of the best.... Everything from the shell to the package manager to bespoke touches and apps are cohesive, considered, and choreographed. Manjaro 22.0 isn't just a distro, it's an experience."

• Linux Mint 21. "As well as being easy to use, Linux Mint ships with an interesting selection of pre-installed software that aims to cover most users' needs, including some homegrown apps that are rather special."

Phoronix checks systemd's Git activity in 2022 (and compares it to previous years): If measuring a open-source project's progress by the commity activity per year, while not the most practical indicator, systemd had a very good year. In 2022 there were 6,271 commits which is under 2021's all-time-high of 6,787 commits. But this year's activity count effectively ties 2018 for second place with the most commits in a given calendar year.

This year saw 201k lines of new code added to systemd and 110k lines removed, or just under one hundred thousand lines added in total to systemd in 2022....

Systemd continues to grow and is closing out 2022 at around 1,715,111 lines within its Git repository.
Also interesting: "[W]hen it comes to the most commits overall to systemd over its history, Lennart Poettering easily wins the race and there is no competition. As a reminder, this year Lennart joined Microsoft as one of the surprises for 2022."

The Zero Day Initiative, a zero-day security research firm, announced a new Linux kernel security bug that allows authenticated remote users to disclose sensitive information and run code on vulnerable Linux kernel versions. ZDNet reports: Originally, the Zero Day Initiative ZDI rated it a perfect 10 on the 0 to 10 common Vulnerability Scoring System scale. Now, the hole's "only" a 9.6....

The problem lies in the Linux 5.15 in-kernel Server Message Block (SMB) server, ksmbd. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the kernel context. This new program, which was introduced to the kernel in 2021, was developed by Samsung. Its point was to deliver speedy SMB3 file-serving performance....

Any distro using the Linux kernel 5.15 or above is potentially vulnerable. This includes Ubuntu 22.04, and its descendants; Deepin Linux 20.3; and Slackware 15.

Justin Garrison works at Amazon Web Services on the Kubernetes team (and was senior systems engineer on several animated films).

This week he spotted a new milestone for Linux in the 2022 StackOverflow developer survey: [Among the developers surveyed] Linux as a primary operating system had been steadily climbing for the past 5 years. 2018 through 2021 saw steady growth with 23.2%, 25.6%, 26.6%, 25.3%, and finally in 2022 the usage was 40.23%. Linux usage was more than macOS in 2021, but only by a small margin. 2022 it is now 9% more than macOS.
Their final stats for "professional use" operating system:

• Windows: 48.82%
• Linux-based: 39.89%
• MacOs: 32.97%

But Garrison's blog post notes that that doesn't include the million-plus people all the Linux-based cloud development environments (like GitHub Workspaces) — not to mention the 15% of WSL users on Windows and all the users of Docker (which uses a Linux VM).

"It's safe to say more people use Linux as part of their development workflow than any other operating system."

While "this proposal will only be implemented if approved by the Fedora Engineering Steering Committee," Phoronix reports: Red Hat and Fedora engineers are plotting a path to supporting Unified Kernel Images (UKI) with Fedora Linux and for the Fedora 38 release in the spring they are aiming to get their initial enablement in place.

Unified Kernel Images have been championed by the systemd folks for better securing and trusting Linux distributions. Unified kernel images are a combination of the kernel image, initrd, and UEFI stub program all distributed as one.... The initial phase would focus on shipping a UKI as an optional sub-RPM that users can opt into initially, updating kernel install scripts so unified kernels are installed and properly updated, and bootloader support for unified kernel images. Adding systemd-boot support to the installers, better measurement and remote attestation support, and switching Fedora Cloud images to using unified kernels are among the additional goals but of lower priority.
Fedora's wiki includes a detailed description of the change proposal: The goal is to move away from initrd images being generated on the installed machine. They are generated while building the kernel package instead, then shipped as part of a unified kernel image. A unified kernel image is an all-in-one efi binary containing kernel, initrd, cmdline and signature....

Main motivation for this move is to make the distro more robust and more secure.