Freexian’s report about Debian Long Term Support, June 2015

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In June, 73.50 work hours have been dispatched among 7 paid contributors. Their reports are available:

Evolution of the situation

July has seen a nice increase in terms of sponsored hours (79.50 hours per month) but the trend is unlikely to continue for the next month, worse it might be negative. While most sponsors who joined us last year in July will renew their support, there are a few where I have no confirmation yet. Many thanks to those who confirmed early: Université Lille 3, MyTux.

Our first milestone of funding the equivalent of a half-time position is unlikely to be reached before DebConf or even this summer. If you want to prove me wrong, it’s time to get in touch with your management and convince your company to contribute a small amount.

In terms of security updates waiting to be handled, the situation is similar to last month: the dla-needed.txt file lists 24 packages awaiting an update (5 more than last month), the list of open vulnerabilities in Squeeze shows about 33 affected packages in total (3 less than last month).

Thanks to our sponsors

There are no new sponsors this month. But I decided to include the number of months that the sponsor has been with us. Since we value long-lasting relations, it seemed quite natural to add this.

My Free Software Activities in June 2015

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 14.5 hours on Debian LTS. In that time I did the following:

  • CVE triage: I pushed 24 commits to the security tracker. I also setup a rotation with other paid contributors. That way this task doesn’t rely on me exclusively.
  • Reviewed a libapache-mod-jk update and sent DLA-240-1.
  • Prepared and released DLA-257-1 on libwmf fixing one CVE.
  • Reviewed a shibboleth-sp2 update and sent DLA-259-1. Lacking a proper test setup, the tests done were minimal.
  • Prepared and released DLA-260-1 on hostapd fixing one CVE.
  • Prepared and released DLA-261-1 on aptdaemon fixing one CVE.
  • I started to work on a wishlist bug for tracker.debian.org: displaying open security issues in stable releases is important to catch the attention of package maintainers. Right now it only displays something when security issues are open in unstable.

Other Debian work

Distro Tracker. I fixed a few issues that were affecting the tracker: SSL access to the BTS soap interface was not working due to changes in the way SSL certificates are managed on Debian machines (see #787410 for details of a similar problem), and the bugs panel disappeared for a while (see #787163). I also merged some minor changes from Christophe Siraut and James McCoy.

The Debian Administrator’s Handbook. After some exchanges with Osamu Osuaki of the debian-doc team, we agreed to host a copy of my (DFSG-free) book on debian.org so that it can be better promoted to newcomers who are discovering Debian. It’s over there. I made some changes to the official package (notably integrating all available translations) to make this possible.

Packaging. I uploaded two new release of publican to unstable (4.3.0 and 4.3.1), although I had to cheat by building them in stretch due to a build failure in unstable caused by a libxml2 regression (see #766884). I fixed two small bug reported against the package: a badly documented license (#787993) and a request to replace the dependency on perlmagick to libimage-magick-perl (#789223).

I uploaded zim 0.63 and a new gnome-shell-timer for GNOME 3.16 compatibility.
And I sponsored python-requirements-detector (#789497) as a prerequisite for prospector (a package that I requested some time ago in #781165). I also took care of a stable update of python-reportlab (#787806) at the request of a customer.

Kali related contributions. In Kali, we rely heavily on reprepro to manage our archive. It works rather well for us but over time we identified some annoying issues. I just reported some of them:

  • It should be able to keep unreferenced files for a few days before deleting theme (#788105).
  • It should be possible to clone a distribution in a single command (#788843).
  • It should be possible to rename a distribution in a single command (#788846).

live-build is another important tool for us and when we started using new codenames for our releases, we re-discovered some problems and this time we submitted a bug report with some suggestion to make it more generic (#789800) and committed a small fix to avoid a stupid failure when the release is unknown to live-build.

Misc stuff

Hardware support issue. I have some problems to get some USB disks detected during boot of my Intel NUC, so I sent a bug report to the linux USB developers. It’s a weird issue and rather annoying as it means that my private NAS stops working after each reboot (until I powercycle the external disk enclosure).

My websites. You might have noticed some changes on raphaelhertzog.com and raphaelhertzog.fr. I have deployed new themes that should be mobile-friendly and I also deployed proper https support with free certificates from wosign.com (until letsencrypt.org is ready for general usage). Same goes for the freexian.com webpage hosting our Debian LTS sponsorship offer.

Thanks

See you next month for a new summary of my activities.

Freexian’s report about Debian Long Term Support, May 2015

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In May, 66.25 work hours have been dispatched among 8 paid contributors. Their reports are available:

Evolution of the situation

June has seen a nice increase in terms of sponsored hours (73.50 hours per month) and July shall continue this trend. All the sponsors that are with us since day 0 have just renewed their support (after the first year): many thanks to David Ayers – IntarS Austria, Domeneshop AS, Evolix, Offensive Security and Seznam.cz, a.s. !

Our first milestone of funding the equivalent of a half-time position in now within reach, we only need 9 more hours of sponsored work per month. At the current rate, that makes 2 or 3 new “average” sponsors.

In terms of security updates waiting to be handled, the situation continued to improve: the dla-needed.txt file lists 19 packages awaiting an update (9 less than last month), the list of open vulnerabilities in Squeeze shows about 36 affected packages in total (24 less than last month).

If we keep getting more support, we will be in a good position to extend the coverage that we will offer for Wheezy LTS (notably for virtualization related packages) and we will also be able to consider switching to MySQL 5.5 for Squeeze LTS since MySQL 5.1 is no longer supported upstream (and other similar requests that tend to pop up as more and more software reach their upstream end-of-life).

Thanks to our sponsors

The new sponsors of the month are in bold.

My Free Software Activities in May 2015

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 10.25 hours on Debian LTS. In that time I did the following:

  • CVE triage: I pushed 28 commits to the security tracker.
  • Reviewed an exactimage update and an imagemagick update (prepared by their respective maintainers).
  • Prepared and released DLA-229-1 on libnokogiri-ruby fixing one CVE.
  • Prepared and released DLA-230-1 on eglibc fixing one CVE.

Other Debian work

Package Tracker. The Debian system administrators upgraded the machine hosting tracker.debian.org to jessie and I dealt with the fallout. Fixing the Apache configuration was easy but DACS also broke and I had to disable it (thus breaking login via sso.debian.org). Fortunately Enrico Zini and Martin Zobel-Helas debugged the problem and restored it.

Sponsorship. I sponsored a dolibarr upload and many tryton-modules-* uploads to bring Tryton 3.6 to Debian (and granted DM rights on the newly introduced packages to Matthias Behrle who is maintaining those packages).

Misc stuff. I discussed multiple feature requests with Dmitry Smirnov for dh-linktree.

Packaging. I uploaded a new upstream version of cpputest. I did that twice actually because the first version had failing tests (see #784674). I also filed #784959 on blhc because I saw what looked like a false positive report for a missing hardening flag.

I uploaded Django 1.8 to experimental. This is a major upstream release and shall ideally only be uploaded to sid after having reported problems on reverse dependencies. I doubt we will have the time to do this…

I started working on Publican 4.3.0 but the test suite fails and it’s not even the fault of publican for once. It’s a bug in libxml apparently.

Thanks

See you next month for a new summary of my activities.