Rob Savoury

A bug with latest PipeWire 1.6.5 (https://t.co/o2VOhOozRA) that was causing broken audio for at least some users with certain software now seems to be fixed with latest builds. Thanks to Santiago who reported the issue and his help finding the relevant issue and fix on Gitlab.

These revised percentages still clearly show a huge increase in uploads for CVE fixes from late 2022. Using 2020/2021 as a baseline my PPA work in 2026 has so far included a five-fold increase of uploads for CVE fixes!! Unfortunately a common trend in the computer software field.

More accurate percentages of uploads with CVEs come from also looking at the second changelog entry (by Debian/Ubuntu) for my _repeat_ backports of the _same_ source: 1.3% in 2019; 3.2% in 2020; 3.5% in 2021; 5.8% in 2022; 7.8% in 2023; 9.6% in 2024; 10.7% in 2025; 17.9% in 2026.

Percentages of uploads with CVE fixes quoted yesterday only looked at the most recent changelog entry (by me) for any of the 43,000+ package uploads I have done since August 2019. This gave a quick estimate of uploads specifically for CVE fixes. But there is more to the story.

Some CVE statistics from my almost seven years of PPA work (percent of uploads with CVE per year): 0.2% in 2019; 0.5% in 2020; 0.5% in 2021; 1.6% in 2022; 3.1% in 2023; 4.9% in 2024; 5.0% in 2025, 6.6% in 2026 (so far!). Note the huge increase from "A.I." era (late 2022) onwards.

Frequent fixes for CVE security issues are taking more and more time for software packagers such as myself. The many automated agentic algorithms constantly searching so fast for holes are adding much extra work. Over 100 of my 1,700-ish package uploads in 2026 include CVE fixes.