apt-get install debian-wizard

My Free Software Activities in June 2018

July 4, 2018 by Raphaël Hertzog Leave a Comment

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donors (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Distro Tracker

I merged a branch adding appstream related data (thanks to Matthias Klumpp). I merged multiple small contributions from a new contributor: Lev Lazinskiy submitted a fix to have the correct version string in the documentation and ensured that we could not use the login page if we are already identified (see MR 36).

Arthur Del Esposte continued his summer of code project and submitted multiple merge requests that I reviewed multiple times before they were ready to be merged. He implemented a team search feature, created a small framework to display an overview of all packages of a team.

On a more administrative level, I had to deal with many subscriptions that became immediately invalid when alioth.debian.org shut down. So I tried to replace all email subscriptions using *@users.alioth.debian.org with alternate emails linked to the same account. When no fallback was possible, I simply deleted the subscription.

pkg-security work

I sponsored cewl 5.4.3-1 (new upstream release) and wfuzz_2.2.11-1.dsc (new upstream release), masscan 1.0.5+ds1-1 (taken over by the team, new upstream release) and wafw00f 0.9.5-1 (new upstream release). I sponsored wifite2, made the unittests run during the build and added some autopkgtest. I submitted a pull request to skip tests when some tools are unavailable.

I filed #901595 on reaver to get a fixed watch file.

Misc Debian work

I reviewed multiple merge requests on live-build (about its handling of archive keys and the associated documentation). I uploaded a new version of live-boot (20180603) with the pending changes.

I sponsored pylint-django 0.11-1 for Joseph Herlant, xlwt 1.3.0-2 (bug fix) and python-num2words_0.5.6-1~bpo9+1 (backport requested by a user).

I uploaded a new version of ftplib fixing a release critical bug (#901224: ftplib FTCBFS: uses the build architecture compiler).

I submitted two patches to git (fixing french l10n in git bisect and marking two strings for translation).

I reviewed multiple merge requests on debootstrap: --components not carried over with --foreign/--second-stage and enabling --merged-usr by default.

Thanks

See you next month for a new summary of my activities.

Freexian’s report about Debian Long Term Support, May 2018

June 19, 2018 by Raphaël Hertzog Leave a Comment

A Debian LTS logo Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In May, about 202 work hours have been dispatched among 12 paid contributors. Their reports are available:

Abhijith PA did 6 hours (out of 10 hours allocated + 5 extra hours, he gave back the 9 remaining hours).
Antoine Beaupré did nothing (out of 12 hours allocated, thus keeping 12 extra hours for June).
Ben Hutchings did 15 hours.
Brian May did 10 hours.
Chris Lamb did 18 hours.
Emilio Pozuelo Monfort did 33.75 hours (out of 24 hours allocated + 9.75 remaining hours).
Holger Levsen did 6.5h (out of 32.75 remaining hours, the unused hours have been put back in the pool).
Hugo Lefeuvre did 24.25 hours.
Markus Koschany did 24.25 hours.
Ola Lundqvist did 9 hours (out of 14 hours allocated + 12.5 remaining hours, thus keeping 17.5 extra hours for June).
Roberto C. Sanchez did 6.5 hours (out of 18 hours allocated, thus keeping 11.5 extra hours for June).
Santiago Ruano Rincón did 1 hour (out of 8 hours allocated, thus keeping 7 extra hours for June).
Thorsten Alteholz did 24.25 hours.

Evolution of the situation

The number of sponsored hours increased to 190 hours per month thanks to a few new sponsors who joined to benefit from Wheezy’s Extended LTS support.

We are currently in a transition phase. Wheezy is no longer supported by the LTS team and the LTS team will soon take over security support of Debian 8 Jessie from Debian’s regular security team.

Thanks to our sponsors

New sponsors are in bold.

Platinum sponsors:

TOSHIBA (for 32 months)
GitHub (for 23 months)

Gold sponsors:

The Positive Internet (for 48 months)
Blablacar (for 47 months)
Linode (for 37 months)
Babiel GmbH (for 26 months)
Plat’Home (for 26 months)

Silver sponsors:

Domeneshop AS (for 48 months)
Université Lille 3 (for 47 months)
Trollweb Solutions (for 45 months)
Nantes Métropole (for 42 months)
Dalenys (for 38 months)
Univention GmbH (for 33 months)
Université Jean Monnet de St Etienne (for 33 months)
Ribbon Communications, Inc. (for 27 months)
maxcluster GmbH (for 21 months)
Exonet B.V. (for 17 months)
Leibniz Rechenzentrum (for 11 months)
Vente-privee.com (for 8 months)
CINECA

Bronze sponsors:

David Ayers – IntarS Austria (for 48 months)
Evolix (for 48 months)
Seznam.cz, a.s. (for 48 months)
Freeside Internet Service (for 47 months)
MyTux (for 47 months)
Intevation GmbH (for 45 months)
Linuxhotel GmbH (for 45 months)
Daevel SARL (for 44 months)
Bitfolk LTD (for 42 months)
Megaspace Internet Services GmbH (for 42 months)
NUMLOG (for 42 months)
Greenbone Networks GmbH (for 41 months)
WinGo AG (for 41 months)
Ecole Centrale de Nantes – LHEEA (for 37 months)
Sig-I/O (for 35 months)
Entr’ouvert (for 32 months)
Adfinis SyGroup AG (for 30 months)
GNI MEDIA (for 24 months)
Laboratoire LEGI – UMR 5519 / CNRS (for 24 months)
Quarantainenet BV (for 24 months)
RHX Srl (for 21 months)
Bearstech (for 16 months)
LiHAS (for 16 months)
People Doc (for 12 months)
Catalyst IT Ltd (for 10 months)
Supagro (for 6 months)
Demarcq SAS (for 4 months)
TrapX Security

My Free Software Activities in May 2018

June 4, 2018 by Raphaël Hertzog Leave a Comment

distro-tracker

With the disappearance of many alioth mailing lists, I took the time to finish proper support of a team email in distro-tracker. There’s no official documentation yet but it’s already used by a bunch of team. If you look at the pkg-security team on tracker.debian.org it has used “pkg-security” as its unique identifier and it has thus inherited from team+pkg-security@tracker.debian.org as an email address that can be used in the Maintainer field (and it can be used to communicate between all team subscribers that have the contact keyword enabled on their team subscription).

I also dealt with a few merge requests:

Reviewed new appstream hints feature;
Merged a fix related to information displayed by the testing migration panel;
Provided early feedback on the new “team packages” view developed as part of a Google Summer of Code.

I also filed ticket #7283 on rt.debian.org to have local_part_suffix = “+” for tracker.debian.org’s exim config. This will let us bounce emails sent to invalid email addresses. Right now all emails are delivered in a Maildir, valid messages are processed and the rest is silently discarded. At the time of processing, it’s too late to send bounces back to the sender.

pkg-security team

This month my activity is limited to sponsorship of new packages:

grokevt_0.5.0-2.dsc fixing one RC bug (missing build-dep on python3-distutils)
dnsrecon_0.8.13-1.dsc (new upstream release)
recon-ng_4.9.3-1.dsc (new upstream release)
wifite_2.1.0-1.dsc (new upstream release)
aircrack-ng (add patch from upstream git)

I also interacted multiple times with Samuel Henrique who started to work on the Google Summer of Code porting Kali packages to Debian. He mainly worked on getting some overview of the work to do.

Misc Debian work

I reviewed multiple changes submitted by Hideki Yamane on debootstrap (on the debian-boot mailing list, and also in MR 2 and MR 3). I reviewed and merged some changes on live-boot too.

Extended LTS

I spent a good part of the month dealing with the setup of the Wheezy Extended LTS program. Given the lack of interest of the various Debian teams, it’s hosted on a Freexian server and not on any debian.org infrastructure. But the principle is basically the same as Debian LTS except that the package list is reduced to the set of packages used by Extended LTS sponsors. But the updates prepared in this project are freely available for all.

It’s not too late to join the program, you can always contact me at deblts@freexian.com with a source package list that you’d like to see supported and I’ll send you back an estimation of the cost.

Thanks to an initial contribution from Credativ, Emilio Pozuelo Monfort has prepared a merge request making it easy for third parties to host their own security tracker that piggy-back on Debian’s one. For Extended LTS, we thus have our own tracker.

Thanks

See you next month for a new summary of my activities.

Freexian’s report about Debian Long Term Support, April 2018

May 15, 2018 by Raphaël Hertzog Leave a Comment

A Debian LTS logo Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In March, about 183 work hours have been dispatched among 13 paid contributors. Their reports are available:

Abhijith PA did 5 hours (out of 10 hours allocated, thus keeping 5 extra hours for May).
Antoine Beaupré did 12h.
Ben Hutchings did 17 hours (out of 15h allocated + 2 remaining hours).
Brian May did 10 hours.
Chris Lamb did 16.25 hours.
Emilio Pozuelo Monfort did 11.5 hours (out of 16.25 hours allocated + 5 remaining hours, thus keeping 9.75 extra hours for May).
Holger Levsen did nothing (out of 16.25 hours allocated + 16.5 hours remaining, thus keeping 32.75 extra hours for May). He did not get hours allocated for May and is expected to catch up.
Hugo Lefeuvre did 20.5 hours (out of 16.25 hours allocated + 4.25 remaining hours).
Markus Koschany did 16.25 hours.
Ola Lundqvist did 11 hours (out of 14 hours allocated + 9.5 remaining hours, thus keeping 12.5 extra hours for May).
Roberto C. Sanchez did 7 hours (out of 16.25 hours allocated + 15.75 hours remaining, but immediately gave back the 25 remaining hours).
Santiago Ruano Rincón did 8 hours.
Thorsten Alteholz did 16.25 hours.

Evolution of the situation

The number of sponsored hours did not change. But a few sponsors interested in having more than 5 years of support should join LTS next month since this was a pre-requisite to benefit from extended LTS support. I did update Freexian’s website to show this as a benefit offered to LTS sponsors.

The security tracker currently lists 20 packages with a known CVE and the dla-needed.txt file 16. At two week from Wheezy’s end-of-life, the number of open issues is close to an historical low.

Thanks to our sponsors

New sponsors are in bold.

Platinum sponsors:

TOSHIBA (for 31 months)
GitHub (for 22 months)

Gold sponsors:

The Positive Internet (for 47 months)
Blablacar (for 46 months)
Linode (for 36 months)
Babiel GmbH (for 25 months)
Plat’Home (for 25 months)

Silver sponsors:

Domeneshop AS (for 46 months)
Université Lille 3 (for 46 months)
Trollweb Solutions (for 44 months)
Nantes Métropole (for 41 months)
Dalenys (for 37 months)
Univention GmbH (for 32 months)
Université Jean Monnet de St Etienne (for 32 months)
Ribbon Communications, Inc. (for 26 months)
maxcluster GmbH (for 20 months)
Exonet B.V. (for 16 months)
Leibniz Rechenzentrum (for 10 months)
Vente-privee.com (for 7 months)

Bronze sponsors:

David Ayers – IntarS Austria (for 47 months)
Evolix (for 47 months)
Offensive Security (for 47 months)
Seznam.cz, a.s. (for 47 months)
Freeside Internet Service (for 46 months)
MyTux (for 46 months)
Intevation GmbH (for 44 months)
Linuxhotel GmbH (for 44 months)
Daevel SARL (for 42 months)
Bitfolk LTD (for 41 months)
Megaspace Internet Services GmbH (for 41 months)
NUMLOG (for 41 months)
Greenbone Networks GmbH (for 40 months)
WinGo AG (for 40 months)
Ecole Centrale de Nantes – LHEEA (for 36 months)
Sig-I/O (for 33 months)
Entr’ouvert (for 31 months)
Adfinis SyGroup AG (for 28 months)
GNI MEDIA (for 23 months)
Laboratoire LEGI – UMR 5519 / CNRS (for 23 months)
Quarantainenet BV (for 23 months)
RHX Srl (for 20 months)
Bearstech (for 14 months)
LiHAS (for 14 months)
People Doc (for 11 months)
Catalyst IT Ltd (for 9 months)
Supagro (for 4 months)
Demarcq SAS (for 3 months)

Distro Tracker

pkg-security work

Misc Debian work

Thanks

Individual reports

Evolution of the situation

Thanks to our sponsors

distro-tracker

pkg-security team

Misc Debian work

Extended LTS

Thanks

Individual reports

Evolution of the situation

Thanks to our sponsors

Tags

Recent Posts