A landmark open-weight release from China, an AI tool that stress-tests the foundations of copyleft, and the biggest governance crisis in LibreOffice’s history. Here’s what matters today.
DeepSeek V4 Preview launches with open weights, 1M-token context, and MIT license
Released today, DeepSeek V4 is the most significant open-weight model drop of 2026 so far. The family ships two variants: V4-Pro (1.6T total parameters, 49B active, 865GB on Hugging Face) and V4-Flash (284B total, 13B active, 160GB). Both support a million-token context window as a first-class feature — not a bolt-on — powered by a new Hybrid Attention Architecture combining Compressed Sparse Attention and Heavily Compressed Attention that cuts KV cache to 10% of DeepSeek-V3.2’s footprint. The weights are MIT-licensed and already on Hugging Face. API pricing is aggressive: $0.14/M input tokens for Flash, $1.74/M for Pro. As Simon Willison noted, this is “almost on the frontier, a fraction of the price.” Landing the same day OpenAI shipped the proprietary GPT-5.5 at $5/M input tokens, the contrast couldn’t be sharper — and it further isolates Meta’s decision to keep Muse Spark closed. For anyone building agent infrastructure or long-context applications, V4 is immediately relevant and immediately available.
Malus turns “clean room” AI cloning into a provocative threat to copyleft
A tool called Malus, covered by 404 Media on April 22 and picked up by Slashdot the same day, is generating significant controversy. Born from a FOSDEM 2026 talk by developers Dylan Ayrey and Michael Nolan, Malus implements “Clean Room as a Service” — one LLM reads documentation and public interfaces, a second LLM (which never sees the source code) reimplements the functionality from scratch. The result is a functionally equivalent program that arguably owes nothing to the original license, including copyleft obligations. Malus is simultaneously satirical and profitable — it’s a real LLC charging $0.01 per KB. The legal theory hasn’t been tested in court, and as Plagiarism Today pointed out, AI-generated output may not qualify for copyright protection at all under current US law, making the “liberated” code effectively public domain. But the conceptual threat is real: if AI can launder away copyleft in minutes, what enforcement mechanism remains? Coming on top of the Black Duck report showing license conflicts at all-time highs, Malus forces a conversation the open source licensing community has been deferring.
The Document Foundation ejects ~30 Collabora developers from LibreOffice governance
The biggest governance crisis in LibreOffice’s history has been escalating throughout April and deserves attention. The Document Foundation’s Membership Committee revoked foundation membership from approximately 30 Collabora employees and contractors — people who collectively represent a huge share of LibreOffice’s active development. The trigger: TDF decided to revive LibreOffice Online, which Collabora had forked and commercialized as Collabora Online after the original project went dormant in 2022. TDF cited its new Community Bylaws and two failed financial audits related to ecosystem conflict-of-interest issues. Collabora’s Michael Meeks responded that the company will pivot to a “entirely new, cut-down, differentiated Collabora Office” and reduce upstream investment. LWN’s deep dive generated hundreds of comments. This isn’t a niche governance squabble — Collabora was one of LibreOffice’s most prolific contributors, and their departure from governance (and potentially from active contribution) could materially affect the project’s development velocity and enterprise credibility.
Update: Ubuntu 26.04 LTS “Resolute Raccoon” officially ships
As previewed in our April 22 briefing, Ubuntu 26.04 LTS landed on schedule on April 23. The release is now live with GNOME 50 (Wayland-only session), Rust-based coreutils, Linux 7.0, TPM-backed full disk encryption, and systemd 259 with mandatory cgroup v2. Minimum desktop requirements are a 2 GHz dual-core processor, 6 GB RAM, and 25 GB storage. Support runs through 2031, or 2036 with Ubuntu Pro. For the millions of servers and desktops that will run this for the rest of the decade, the clock starts now.
Update: Fedora 44 Final cleared for April 28 launch
After two delays covered in our April 20 and April 22 briefings, the go/no-go meeting has officially given Fedora 44 the green light. The final build is RC 1.7, which includes Firefox 150 (resolving a pile of security blockers) and a fix for a PackageKit local privilege escalation. Two issues were waived to Fedora 45: Anaconda’s failure to enforce partition sizes in the Cockpit webui flow, and a non-ASCII keyboard layout selection bug. Barring surprises, Fedora 44 ships Monday — five days after Ubuntu 26.04 LTS, making this the most consequential week for Linux distributions in years.
Anthropic’s Project Glasswing finds thousands of vulnerabilities with AI — and exposes a patch gap
Announced in early April but still reverberating, Anthropic’s Project Glasswing deserves attention for its open source implications. The initiative uses Claude Mythos Preview — an unreleased frontier model — to autonomously discover software vulnerabilities, and the results are staggering: thousands of high-severity bugs found across every major operating system and web browser, including a 27-year-old bug in OpenBSD and a 16-year-old FFmpeg vulnerability that automated testing had missed despite running the affected code line five million times. The coalition behind it reads like a who’s-who: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. But here’s the uncomfortable part: fewer than 1% of discovered vulnerabilities have been patched. This directly echoes the OpenSSF’s “AI slop” survey from our April 22 briefing — AI can now find bugs faster than humans can fix them, and the open source maintenance community is caught in the middle.