Freexian’s fourth report about Debian Long Term Support

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In November 42.5 work hours have been equally split among 3 paid contributors. Their reports are available:

  • Thorsten Alteholz did his share as usual.
  • Raphaël Hertzog worked 18 hours (catching up the remaining 4 hours of October).
  • Holger Levsen did his share but did not manage to catch up with the backlog of the previous months. As such, those unused work hours have been redispatched among other contributors for the month of December.

New paid contributors

Last month we mentioned the possibility to recruit more paid contributors to better share the work load and this has already happened: Ben Hutchings and Mike Gabriel join the list of paid contributors.

Ben, as a kernel maintainer, will obviously take care of releasing Linux security updates. We are glad to have him on board because backporting kernel fixes really need some skills that nobody else had within the team of paid contributors.

Evolution of the situation

Compared to last month, the number of paid work hours has almost not increased (we are at 45.7 hours per month) but we are in the process of adding a few more sponsors: Roche Diagnostics International AG, Misal-System, Bitfolk LTD. And we are still in contact with a couple of other companies which have announced their willingness to contribute but which are waiting the new fiscal year.

But even with those new sponsors, we still have some way to go to reach our minimal goal of funding the equivalent of a half-time position. So consider asking your company representative to join this project!

In terms of security updates waiting to be handled, the situation looks better than last month: the dla-needed.txt file lists 27 packages awaiting an update (6 less than last month), the list of open vulnerabilities in Squeeze shows about 58 affected packages in total. Like last month, we’re a bit behind in terms of CVE triaging and there are still many packages using SSLv3 where we have no clear plan (in response to the POODLE issues).

The good side is that even though the kernel update spent a large chunk of time to Holger and Raphaël, we still managed to further reduce the backlog of security issues.

Thanks to our sponsors

My Free Software Activities in November 2014

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 18 hours on Debian LTS (14h allocated by Freexian + 4h I did not spend last month). I did the following tasks:

  • CVE triage: I pushed 19 commits to the security tracker. I also tried to encourage some maintainers to provide security updates for packages that are not in use by the current LTS sponsors and that are thus not in our priority list.
  • DLA 87: dbus update fixing 3 CVE
  • DLA 93: libgcrypt11 update fixing 1 CVE
  • DLA 96: openjdk-6 security update fixing 21 CVE
  • Worked on preparing a security update to linux. It’s not released yet.

Updating the linux source package took a good half of the allocated time. We opted to update the kernel to the upstream version 2.6.32.64. I integrated the upstream patches and identified about 130 patches that we had to disable (because they were already integrated upstream). Then I updated our “openvz flavor” patch to apply on top of the new kernel. This required quite a bit of manual conflict resolution and there are even parts where I was not sure that I took the correct decision. I was not able to find an upstream openvz git tree on this kernel version to to double check.

Instead I asked Ben Hutchings to review my patch. He told me that he did not volunteer to work on LTS, but that he would be open to contribute to it for money. Following this remark, as the coordinator of Freexian’s offer, I offered him to join to the set of paid LTS contributors to take care of the kernel and he accepted.

So hopefully we will be able to wrap this linux upload in the first week of december. We had no uploads of the kernel in Squeeze since July so it’s good to know that we now have someone who will be able to handle it in priority.

Distro Tracker

No new developments this month. Instead I spent some time to import old historic news so that when you lookup removed packages you have some actual content instead of a 404 error. For example you can look at python2.1.

Another thing that I did is to tag some bugs with the newly-announced tag “newcomer”. Those are easy bugs that are ideal targets for new contributors who’d like to get started: here’s the list. It’s up to you now! ;-)

DEP-14: Recommended layout for Git packaging repositories

I have drafted an initial version of a document called Recommended layout for Git packaging repositories and submitted it for discussion on debian-devel.

The discussion has been interesting and constructive (yes this is still possible in Debian!). I have a bunch of improvements in my local copy and needs to process a few more feedback before submitting an updated draft. It’s not a revolution but it’s a good step to try to standardize tags and branches naming conventions.

Systemd, the tech-ctte and our mailing lists

As an old-timer, I care a lot about the governance of Debian and it’s annoying to see how the systemd debate brought back some of our old daemons in terms of hostile atmosphere on our mailing lists.

We can disagree on a lot of things, but we must respect each other and we are here to work together on solutions for everybody. As such I wrote to the persons who cross the line to invite them to behave better. And I’m glad that our listmasters are backing up our calls with bans when appropriate. I believe we must go further in that direction and I shared an idea (on a debian-private thread that should have never existed, much like most of the traffic on that list) that I shall formalize and share on debian-project@l.d.o at some point.

At the same time, we also had another governance-related discussion with the idea to impose some turnover in the technical committee. I’m glad to see that we will soon vote on this topic. This is a good thing in general even though we just had 3 tech-ctte members who retired.

Misc stuff

I sponsored an upload of galette and of 3 of its plugins. I reviewed jitsi-videobridge and jitsi-meet on mentors.debian.net.

I filed a few bugs:

  • #768256 about huge vim icons in the GNOME contextual menus
  • #768540: cdebootstrap: fails to bootstrap old releases with dpkg not supporting data.tar.xz
  • #770011: lynx -dump badly converting …

Thanks

See you next month for a new summary of my activities.

Freexian’s third report about Debian Long Term Support

Get Freexian’s latest hindsights about Debian LTS.

[Continue reading…]

My Free Software Activities in October 2014

The last month before Jessie freeze naturally saw quite some packaging work… but not only. LTS and Distro-Tracker are still among my top priority projects.

[Continue reading…]

My Debian LTS report for October 2014

During October, I spent 10 hours on paid LTS work. I should have worked 4 hours more, but for various reasons this did not happen. Instead I’ll spend 4 more hours in November. During this time, I did the following: CVE triage: this month I pushed 23 commits to the security tracker SVN repository, and […]

[Continue reading…]

Freexian’s second report about Debian Long Term Support

Get Freexian’s latest hindsights about Debian LTS.

[Continue reading…]

My Free Software Activities in September 2014

A bit of Django 1.7, a bit of Distro Tracker, a bit of Long Term Support, a bit of packaging, September has seen lots of variety in my contributions.

[Continue reading…]

My Debian LTS report for September

Discover what it means to contribute to Debian LTS in more concrete terms through one month of my work on this project.

[Continue reading…]

Freexian’s first report about Debian Long Term Support

After 2 months of work on Debian Long Term Support, a small update is in order.

[Continue reading…]

The problem of distributing applications

How Lennart Poettering and the systemd team wants to solve a problem that Linus Torvalds recently expressed during Debconf.

[Continue reading…]