apt-get install debian-wizard

Insider infos, master your Debian/Ubuntu distribution

You are here: Home / Archives for News

Looking back at the Debian Long Term Support project

by

On Sunday I gave a talk about Debian LTS during the Mini-DebConf in Lyon. Obviously I presented the project and the way it’s organized, but I also took the opportunity to compute some statistics.

You can watch the presentation (thanks to the video team!) or have a look at the slides to learn more.

Here are some extracts of the statistics I collected:

The number of the uploads per “affiliation” (known affiliations are recorded in the LTS/Team wiki page) is displayed on the graph below. “None” corresponds to packages maintainers taking care of their own packages, “Debian Security” corresponds to members of the security team who also contributed to LTS, “Debian LTS” corresponds to individual members of the LTS team without any explicit affiliation. “Freexian” represents in fact 29 financial sponsors (see detail here).

Debian LTS uploads over time

Top 12 contributors (in number of uploads):

  • Thorsten Alteholz: 66
  • Holger Levsen: 27
  • Raphaël Hertzog: 14
  • Raphaël Geissert: 13
  • Thijs Kinkhorst: 8
  • Kurt Roeck: 7
  • Christoph Biedl: 7
  • Nguyen Cong: 6
  • Ben Hutchings: 6
  • Michael Vogt: 5
  • Moritz Mühlenhoff: 4
  • Matt Palmer: 4

The talk also contains explanations about the current funding setup. Hopefully this clears things up for people who were still wondering how the LTS project is working.

Freexian’s report about Debian Long Term Support, March 2015

by

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In March, 61 work hours have been equally split among 4 paid contributors. Their reports are available:

The remaining hours of Ben and Holger have been redispatched to other contributors for April (during which Mike Gabriel joins the set of paid contributors). BTW, if you want to join the team of paid contributors, read this and apply!

Evolution of the situation

April has seen no change in terms of sponsored hours but we have two new sponsors in the pipe and May should hopefully have a few more sponsored hours.

For the need of a LTS presentation I gave during the Mini-DebConf Lyon I prepared a small graph showing the evolution of the hours sponsored through Freexian:
freexian-hours

The growth is rather slow and it will take years to reach our goal of funding the equivalent a full time position (176 hours per month). Even the intermediary goal of funding the equivalent of a half-time position (88h/month) is more than 6 months away given the current growth rate. But the perspective of Wheezy-LTS should help us to convince more organizations and hopefully we will reach that goal sooner. If you want to sponsor the project, check out this page.

In terms of security updates waiting to be handled, the situation looks similar to last month: the dla-needed.txt file lists 40 packages awaiting an update (exactly like last month), the list of open vulnerabilities in Squeeze shows about 56 affected packages in total (2 less than last month).

Thanks to our sponsors

The new sponsors of the month are in bold (none this month).

My Free Software Activities in March 2015

by

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 15.25 hours on Debian LTS. In that time I did the following:

  • CVE triage: I pushed 37 commits to the security tracker and contacted 20 maintainers about security issues affecting their packages.
  • I started a small helper script based on the new JSON output of the security tracker (see #761859 for details). It’s not ready yet but will make it easier to detect issues where the LTS team lags behind the security team, and other divergences like this and will speed up future CVE triage work (once done).
  • I sent DLA-174-1 (tcpdump update fixing 3 CVE) after having received a debdiff from the Romain Françoise.
  • I prepared DLA-175-1 on gnupg, fixing 3 CVE.
  • I prepared DLA-180-1 on gnutls26, fixing 3 CVE.

That’s it for the paid work. But still about LTS, I proposed two events for Debconf 15:

A Debian LTS logoIn my last Freexian LTS report, I mentioned briefly that it would be nice to have a logo for the LTS project. Shortly after I got a first logo prepared by Damien Escoffier and a few more followed: they are available on a wiki page (and the logo you see above is from him!). Following a suggestion of Paul Wise, I registered the logo request on another wiki page dedicated to artwork requests. That kind of collaboration is awesome! Thanks to all the artists involved in Debian.

Debian packaging

Django. This month has seen no less than 3 upstream point releases packaged for Debian (1.7.5, 1.7.6 and 1.7.7) and they have been accepted by the release team into Jessie. I’m pleased with this tolerance as I have argued the case for it multiple times in the past given the sane upstream release policy (bugfix only in a given released branch).

Python code analysis. I discovered a few months ago a tool combining the power of multiple Python code analysis tools: it’s prospector. I just filed a “Request for Package” for it (see #781165) and someone already volunteered to package it, yay \o/

update-rc.d and systemd. While working on a Kali version based on Jessie, I got hit by what boils down to a poor interaction between systemd and update-rc.d (see #746580) and after some exchanges with other affected users I raised the severity to serious as we really ought to do something about it before release. I also opened #781155 on openbsd-inetd as its usage of inetd.service instead of openbsd-inetd.service (which is only provided as a symlink to the former) leads to multiple small issues.

Misc

Debian France. The general assembly is over and the new board elected its new president: it’s now official, I’m no longer Debian France’s president. Good luck to Nicolas Dandrimont who took on this responsibility.

Salt’s openssh formula. I improved salt’s openssh formula to make it possible to manage the /etc/ssh/ssh_known_hosts file referencing the public SSH keys of other managed minions.

Tendenci.com. I was looking for a free software solution to handle membership management of a large NPO and I discovered Tendenci. It looked very interesting feature wise and written with a language/framework that I enjoy (Python/Django). But while it’s free software, there’s no community at all. The company that wrote it released it under a free software license and it really looks like that they did intend to build a community but they failed at it. When I looked their “development forums” were web-based and mostly empty with only initial discussion of the current developers and no reply from anybody… there’s also no mention of an IRC channel or a mailing list. I sent them a mail to see what kind of collaboration we could expect if we opted for their software and got no reply. A pity, really.

What free software membership management solution would you use when you have more than 10000 members to handle and when you want to use the underlying database to offer SSO authentication to multiple external services?

Thanks

See you next month for a new summary of my activities.

Freexian’s report about Debian Long Term Support, February 2015

by

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In February, 58 work hours have been equally split among 4 paid contributors. Their reports are available:

Evolution of the situation

During the last month, we gained 3 paid work hours: we’re now at 61 hours per month sponsored by 28 organizations and we have one supplementary sponsor in the pipe that should bring 4 more hours.

The increase is not very quick but seems to be steady. Hopefully at some point, we will have enough resources to do a more exhaustive job. For now, the paid contributors handle in priority the most popular packages used by the sponsors and there are some packages in the end of the queue which have open security issues for months already (example: CVE-2012-6685 on libnokogiri-ruby).

So, as usual, we are looking for more sponsors.

In terms of security updates waiting to be handled, the situation looks a little bit worse than last month: the dla-needed.txt file lists 40 packages awaiting an update (3 more than last month), the list of open vulnerabilities in Squeeze shows about 58 affected packages in total (5 less than last month). We are getting a bit more effective with CVE triage.

A logo for the LTS project?

Every time that I write an LTS report, I remember that it would be nice if my LTS related articles could feature a nice picture/logo that reminds people of the LTS team/initiative. Is there anyone up for the challenge of creating that logo? 🙂

Thanks to our sponsors

The new sponsors of the month are in bold.

Tags

3.0 (quilt) Activity summary APT aptitude Blog Book Cleanup conffile Contributing CUT d-i Debconf Debian Debian France Debian Handbook Debian Live Distro Tracker dpkg dpkg-source Flattr Flattr FOSS Freexian Funding Git GNOME GSOC HOWTO Interview LTS Me Multiarch nautilus-dropbox News Packaging pkg-security Programming PTS publican python-django Reference release rolling synaptic Ubuntu WordPress

Recent Posts