Freexian’s fifth report about Debian Long Term Support

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In December 46 work hours have been equally split among 4 paid contributors (note that Thorsten and Raphaël have actually spent more hours because they took over some hours that Holger did not do over the former months). Their reports are available:

Evolution of the situation

Compared to last month, the number of paid work hours has almost not increased (we are at 48 hours per month). We still have a couple of new sponsors in the pipe but with the new year they did not complete the process yet. Hopefully next month will see a noticeable increase.

As usual, we are looking for more sponsors to reach our our minimal goal of funding the equivalent of a half-time position. Those of you who are struggling to spend money in the last quarter due to budget overrun, now is a good time to see if you want to include Debian LTS support in your 2015 budget!

In terms of security updates waiting to be handled, the situation looks similar to last month: the dla-needed.txt file lists 30 packages awaiting an update (3 more than last month), the list of open vulnerabilities in Squeeze shows about 56 affected packages in total. We do not manage to clear the backlog but it’s not getting significantly worse either.

Thanks to our sponsors

My Free Software Activities for December 2014

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 20 hours on Debian LTS. I did the following tasks:

  • CVE triage: I pushed 47 commits to the security tracker this month. Due to this, I submitted two wishlist bugs against the security tracker: #772927 and #772961.
  • I released DLA-106-1 which had been prepared by Osamu Aoki.
  • I released DLA-111-1 fixing one CVE on cpio.
  • I released DLA-113-1 and DLA-114-1 on bsd-mailx/heirloom-mailx fixing one CVE for the former and two CVE for the latter.
  • I released DLA-120-1 on xorg-server. This update alone took more than 6h to backport all the patches, fixing a massive set of 12 CVE.

Not in the paid hours, but still related to Debian LTS, I kindly asked Linux Weekly News to cover Debian LTS in their security page and this is now live. You will see DLA on the usual security page and there’s also a dedicated page tracking this:

I modified the LTS wiki page to have a dedicated Funding sub-page. This avoids having a direct link to Freexian’s offer on the main LTS page (which surprised a few persons) and allows to give some more background information and makes it possible for other persons/companies to also get listed in the same way (since there’s no exclusive relationship between Debian and Freexian here!).

And I also answered some questions of Nguyen Cong (a new LTS contributor, employed by Toshiba with explicit permission to contribute to LTS during work hours! \o/), on IRC, on (again) and on the mailing list! It’s great to see the LTS project expanding beyond current members of the Debian project.

Distro Tracker

I want to give again some more priority to Distro Tracker at least to complete the transition from the old PTS to this new service… last month has been a bit better than November but not by much.

I reviewed a patch in #771604 (about displaying long descriptions), I merged another patch in #757443 (fixing bad markup which rendered the page unusable with Konqueror), I fixed #760382 where package gone through NEW would never lose their version in NEW.

Kali related contributions

I’m not covering my Kali work here but only some things which got contributed upstream (or to Debian).

First I ensured that we could build the Kali ISO with live-build 4.x in jessie. This resulted in multiple patches merged to the Debian live project (1 2 3 4). I also submitted a patch for a regression in the handling of conditionals in package lists, it got dropped and has been fixed differently instead. I also filed #772651 to report a problem in how live-build decided of the variant of the live-config package to install.

Kali has forked the sysvinit package to be able to disable the services by default and I was investigating how to port this feature in the new systemd world. It turns out systemd has such a feature natively: it’s called Preset files. Unfortunately it’s not usable in Debian because Debian does not call systemctl preset during package installation. I filed bug #772555 to get this fixed (in Stretch, it’s too late for Jessie :-().


I’m using salt to automate some administration task in Kali, at home and at work. I discovered recently that the project tries to collect “Salt Formulas”: those are ready to use instructions for as many services as possibles.

I started using this for some simple services and quickly felt the need to extend “salt-formula”, the set of states used to configure salt with salt. I submitted 5 pull requests (#73 and #74 to configure salt in standalone mode, #75 to enable the upstream package repositories, #76 to automatically download and enable the desired salt formulas, #77 for some bugfixes) and they have all been merged in less than 24 hours (that’s the kind of thing that motivates you to contribute again in the future!).

I also submitted a bug fix for samba-formula and a bug report in salt itself (#19180).

BTW I have some salt states to setup schroot and sbuild. I will try to package those as proper salt formulas in the future…

Misc stuff

Mailing list governance. In Debian, we often complain about meta-discussion on mailing lists (i.e. discussions about how we discuss together) and at the same time we need to have that kind of discussions from time to time. So I suggested to host those discussions in a new mailing list and to get this new list setup, our rules require to have other people interested in having this list. The idea had some support when we discussed it on debian-private, so I relaunched it on debian-project while filing the official request in the BTS: #772645. Unfortunately, I only got one second. So if you’re interested in pursuing this idea, speak up now…

Sponsorship. I sponsored another Galette plugin this month: galette-plugin-fullcard. Thanks to François-Régis Vuillemin for his work.

Publican. Following one of my bug report against Publican and with the help of the upstream author, we identified the problem and I submitted a patch.


See you next month for a new summary of my activities.

Freexian’s fourth report about Debian Long Term Support

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In November 42.5 work hours have been equally split among 3 paid contributors. Their reports are available: Thorsten Alteholz did his share as usual. Raphaël Hertzog worked 18 hours (catching up the remaining 4 hours of October). […]

[Continue reading…]

My Free Software Activities in November 2014

This month the systemd-related general resolution came to a conclusion, but the unproductive discussions did not stop yet. Despite those distractions, I still contributed to many things.

[Continue reading…]

Freexian’s third report about Debian Long Term Support

Get Freexian’s latest hindsights about Debian LTS.

[Continue reading…]

My Free Software Activities in October 2014

The last month before Jessie freeze naturally saw quite some packaging work… but not only. LTS and Distro-Tracker are still among my top priority projects.

[Continue reading…]

My Debian LTS report for October 2014

During October, I spent 10 hours on paid LTS work. I should have worked 4 hours more, but for various reasons this did not happen. Instead I’ll spend 4 more hours in November. During this time, I did the following: CVE triage: this month I pushed 23 commits to the security tracker SVN repository, and […]

[Continue reading…]

Freexian’s second report about Debian Long Term Support

Get Freexian’s latest hindsights about Debian LTS.

[Continue reading…]

My Free Software Activities in September 2014

A bit of Django 1.7, a bit of Distro Tracker, a bit of Long Term Support, a bit of packaging, September has seen lots of variety in my contributions.

[Continue reading…]

My Debian LTS report for September

Discover what it means to contribute to Debian LTS in more concrete terms through one month of my work on this project.

[Continue reading…]