My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.
This month I have been paid to work 18 hours on Debian LTS (14h allocated by Freexian + 4h I did not spend last month). I did the following tasks:
- CVE triage: I pushed 19 commits to the security tracker. I also tried to encourage some maintainers to provide security updates for packages that are not in use by the current LTS sponsors and that are thus not in our priority list.
- DLA 87: dbus update fixing 3 CVE
- DLA 93: libgcrypt11 update fixing 1 CVE
- DLA 96: openjdk-6 security update fixing 21 CVE
- Worked on preparing a security update to linux. It’s not released yet.
Updating the linux source package took a good half of the allocated time. We opted to update the kernel to the upstream version 188.8.131.52. I integrated the upstream patches and identified about 130 patches that we had to disable (because they were already integrated upstream). Then I updated our “openvz flavor” patch to apply on top of the new kernel. This required quite a bit of manual conflict resolution and there are even parts where I was not sure that I took the correct decision. I was not able to find an upstream openvz git tree on this kernel version to to double check.
Instead I asked Ben Hutchings to review my patch. He told me that he did not volunteer to work on LTS, but that he would be open to contribute to it for money. Following this remark, as the coordinator of Freexian’s offer, I offered him to join to the set of paid LTS contributors to take care of the kernel and he accepted.
So hopefully we will be able to wrap this linux upload in the first week of december. We had no uploads of the kernel in Squeeze since July so it’s good to know that we now have someone who will be able to handle it in priority.
No new developments this month. Instead I spent some time to import old historic news so that when you lookup removed packages you have some actual content instead of a 404 error. For example you can look at python2.1.
Another thing that I did is to tag some bugs with the newly-announced tag “newcomer”. Those are easy bugs that are ideal targets for new contributors who’d like to get started: here’s the list. It’s up to you now!
DEP-14: Recommended layout for Git packaging repositories
The discussion has been interesting and constructive (yes this is still possible in Debian!). I have a bunch of improvements in my local copy and needs to process a few more feedback before submitting an updated draft. It’s not a revolution but it’s a good step to try to standardize tags and branches naming conventions.
Systemd, the tech-ctte and our mailing lists
As an old-timer, I care a lot about the governance of Debian and it’s annoying to see how the systemd debate brought back some of our old daemons in terms of hostile atmosphere on our mailing lists.
We can disagree on a lot of things, but we must respect each other and we are here to work together on solutions for everybody. As such I wrote to the persons who cross the line to invite them to behave better. And I’m glad that our listmasters are backing up our calls with bans when appropriate. I believe we must go further in that direction and I shared an idea (on a debian-private thread that should have never existed, much like most of the traffic on that list) that I shall formalize and share on email@example.com at some point.
At the same time, we also had another governance-related discussion with the idea to impose some turnover in the technical committee. I’m glad to see that we will soon vote on this topic. This is a good thing in general even though we just had 3 tech-ctte members who retired.
I filed a few bugs:
- #768256 about huge vim icons in the GNOME contextual menus
- #768540: cdebootstrap: fails to bootstrap old releases with dpkg not supporting data.tar.xz
- #770011: lynx -dump badly converting …
See you next month for a new summary of my activities.