Freexian’s report about Debian Long Term Support, October 2015

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In September, 85.50 work hours have been dispatched among 8 paid contributors. Their reports are available:

  • Ben Hutchings did 14 hours (13.5h allocated, thus only catching up 0.5 hours out of the 5.5 extra hours he had left from former month).
  • Chris Lamb did 11 hours (12h allocated, he will catch up later).
  • Guido Günther did 4 hours (out of 8 hours allocated, thus keeping 4 extra hours for November).
  • Mike Gabriel did nothing (out of 8 hours allocated, he will catch up in November).
  • Raphaël Hertzog did 13.25 hours.
  • Santiago Ruano Rincón did 13.5 hours.
  • Scott Kitterman did 8 hours (4 hours allocated and 4 hours remaining from September)
  • Thorsten Alteholz did 13.25 hours.

Evolution of the situation

November crossed a new record with 114.5 hours funded. This is mainly thanks to our first Platinum sponsor: TOSHIBA (through Toshiba Software Development Vietnam). They don’t know yet if they can sponsor us in the long term (they hope so), but it’s still a nice news as we jumped from 50% to 65% of the objective of the equivalent of a full-time position with a single new sponsor.

Currently no change is expected for next month as we don’t have any other new sponsor in the process of joining us.

We still need more support to be able to support all the packages we could not afford to support during the squeeze cycle. We are currently discussing which package we can or cannot support on the LTS list, see the thread Unsupported packages for Wheezy LTS for the current situation.

In terms of security updates waiting to be handled, the situation is close to last month: the dla-needed.txt file lists 21 packages awaiting an update (6 more than last month), the list of open vulnerabilities in Squeeze shows about 23 affected packages in total (exactly like last month).

Thanks to our sponsors

The new sponsors are in bold.

My Free Software Activities in October 2015

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 13.25 hours on Debian LTS. During this time I worked on the following things:

  • I prepared and released DLA 330-1 fixing two CVE on unzip.
  • I prepared a bouncycastle update fixing CVE-2015-7940 (after having requested that CVE assignment since nobody had done it yet) but I have not yet released the corresponding DLA yet since I’m waiting for a review by the upstream author. This is hairy cryptographic Java code that was non-trivial to backport and I’d rather make sure that I do not mess anything. The patches are available in the bug report #802671 that I opened.
  • I tested the update to MySQL 5.5 with multiple packages and sent back my findings to the debian-lts mailing list.

I also started a conversation about what paid contributors could work on if they have some spare cycle as the current funding level might allow us to invest some time on work outside of just plain security updates.

The Debian Administrator’s Handbook

I spent quite some time finalizing the Jessie book update, both for the content and for the layout of the printed book.

Debian Handbook: cover of the jessie edition

Misc Debian work

GNOME 3.18. I uploaded a new gnome-shell-timer working with GNOME Shell 3.18 and I filed bugs #800660 and #802480 about an annoying gnome-keyring regression… I did multiple test rounds with the Debian maintainers (Dmitry Shachnev, kudos to him!) and the upstream developers (see here and here). Apart from those regressions, I like GNOME 3.18!

Python-modules team migration to Git. After the Git migration, and since the team policy now imposes usage of git-dpm on all members, I made some tries with it on the python-django package while pushing version 1.8.5 to experimental. And the least I can say is that I’m not pleased with the result. I thus filed 3 bugs summarizing the problems I have with git-dpm: #801666 (no way to set the upstream branch names from within the repository), #801667 (no clean way to merge between packaging branches), #801668 (does not create upstream tag immediately on tarball import). That is on top of other randomly stupid bugs that were already reported like #801548 (does not work with perfectly valid pre-existing upstream tags).

Django packaging. I filed bugs on all packages build-depending on python-django that fail to build with Django 1.8 and informed them that I would upload Django 1.8 to unstable in early November (it’s done already). Then I fixed python-django-jsonfield myself since Distro Tracker relies on this package.

Following this small mass-bug filing, I filed a wishlist bug on devscripts to improve the “mass-bug” helper script (see #801926). And since I used “ratt” to rebuild the packages, I filed a wishlist issue on this new tool as well.

Tryton 3.6 upgrade. I upgraded my own Tryton installation to version 3.6 and filed bug #803066 because the SysV init script was not working properly. That also reminded me that the DD process of Matthias Behrle (the tryton package maintainer) was stalled due to a bug in the NM infrastructure so I pinged the NM team and we sorted out a way for me to advocate him and get his process going…

Distro Tracker. I continued my work to refactor the way we handle incoming mail processing (branch people/hertzog/mailprocessing). It’s now mostly finished and I need to deploy it in a test environment before being able to roll it out on tracker.debian.org.

Thanks

See you next month for a new summary of my activities.

The Debian Administrator’s Handbook Updated for Debian 8 “Jessie”

Debian Handbook: cover of the jessie editionLater than what I hoped, I’m still pleased to be able to announce the availability of the Jessie version of the Debian Administrator’s Handbook.

Check out the official announce with its special launch offer (a 15% discount on the paperback until Sunday!).

The book’s preface is co-signed by the last three Debian Project Leaders and it has been available through debian.org for a few months now. We are glad to have so much recognition for the hard work we have put in the book over the years.

Thank you all and I hope you will enjoy this new edition!

The work is not yet entirely over us for Roland and I, since we’re now busy updating the French translation of the book. It should be available in the upcoming weeks. Keep posted!

Freexian’s report about Debian Long Term Support, September 2015

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In September, 71.50 work hours have been dispatched among 7 paid contributors. Their reports are available:

Evolution of the situation

October is back to the highest level of funding with 85.5 hours funded. The late sponsors have all caught up now. And next month will again rise to a new record with multiple sponsors having joined up. So far we already have two new silver sponsors (Université Jean Monnet de Saint-Étienne and Univention GmbH) and a new bronze sponsor (Entr’ouvert). Many thanks to them!

With those sponsors we crossed the 50% mark that was our first objective. \o/ But we still need more support to reach our second goal of funding the equivalent of a full time position.

That said the increased level of support already allows us to do a better job in some areas that have been neglected : I asked the paid contributors to work towards providing mysql-5.5 in squeeze since version 5.1 is no longer supported by Oracle. We need beta testers to test the upgrade, see this message on the mailling list.

In terms of security updates waiting to be handled, the situation is close to last month: the dla-needed.txt file lists 15 packages awaiting an update (3 less than last month), the list of open vulnerabilities in Squeeze shows about 23 affected packages in total (7 less than last month).

Thanks to our sponsors

The new sponsors are in bold.