apt-get install debian-wizard

Insider infos, master your Debian/Ubuntu distribution

You are here: Home / Archives for Freexian

Working as a paid LTS contributor

by

A Debian LTS logoWhile the details about how to join the set of paid contributors have always been public (here) we did not advertise this fact very much outside of the people already interested in LTS (and thus subscribed to debian-lts@lists.debian.org). But right now we would like to have a few more paid contributors on board and I’m thus posting this call for volunteers.

Who can apply?

You need to meet those requirements:

  • you are Debian Developer or a Debian Maintainer;
  • you have some prior experience with providing security updates in Debian (at least on your own packages);
  • you have good programming skills and know multiple languages (to be able to backport security fixes);
  • you can emit invoices to Freexian;
  • you accept the rules defined for this project:
    • you must respect the privacy of any customer data;
    • you must prepare a public monthly report of the work done on paid time;
    • you must respect the Debian code of conduct and respond to queries about your work from fellow community members;
    • you must do your best to meet the high-quality standards set by the Debian security team.

Even though Freexian is located in France and requires you to provide invoice in EUR, there are no conditions on your nationality or country of residence. For contributors outside of the Euro zone, Freexian is using Transferwise to pay them with minimal currency conversion costs (Paypal is also possible if nothing else works).

The rate offered to paid contributors is the same for all (75 EUR/hour), it’s based on a correct rate for independent contractors in western Europe. If the rate is very high for your own country, then be happy to be able to invoice Freexian at this rate and use this opportunity to work less (for money) and contribute more to Debian on your (now copious) free time.

How does the work look like?

If you apply, you will have to send us an SSH key so that you can have access to the internal git repository used for work. It contains a ledger file to track the hours funded by sponsors and how they have been dispatched to the various contributors. You can always know how many hours are assigned to you, how many can be invoiced, and so on. You will have to update it once a month to record the work you did (and indicate us where the report has been published).

The repository also contains a README with many explanations about the workflow (how hours are dispatched, the delay you have to publish your report, etc) and a small helper script (./find-work) to match up the pending updates (registered in dla-needed.txt) with the popularity of the package among the sponsors.

Now the work itself is relatively well documented in the LTS wiki. You will have to provide updates for packages that need an update.

You have some freedom in selecting the packages but at some point you will have to work on packages that you don’t know that are written in a language that you have almost not used. So you must be able to go out of your comfort zone and still do a good work. You must also be able to multi-task because in some cases you will get stuck on a particular update and you will have to seek help from the upstream developer (or from the Debian package maintainer). Don’t expect to be able to do all your work hours in a single run… thus don’t wait until the last days of the month. Start early and dispatch your work hours over the month.

From time to time, you will also have to handle the “LTS frontdesk” for one week. During this week, you need to spend a bit of time every day to triage the new CVE, to respond to questions on the mailing list, and to sponsor updates prepared by volunteers who do not have upload rights.

Questions?

Ask your questions in the comments and I will update this section with your questions and our answers.

What if I have no prior experience with security updates?

Start getting some experience. The LTS and security teams are open for anyone to join. Read their documentation and provide some updates that other contributors can sponsor.

Before accepting you as paid contributor, we generally ask you to prepare one or two DLA on your free time just to make sure that you know the workflow and that you are up to the task.

What if I have only X hours available for paid LTS work?

In the git repository there’s a file where you document how many work hours you can handle. You might get less than this amount, but we generally never assign less than 8 hours (to make sure that you can handle one complicated update from start to end, or your possible week of LTS frontdesk).

You can adjust it each month or even opt-out if you are not available for whatever reason. But once you have been assigned work hours, it’s important to actually do the work that you requested!

How do I apply?

Get in touch with me (as documented).

Freexian’s report about Debian Long Term Support, December 2015

by

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In December, 113.50 work hours have been dispatched among 9 paid contributors. Their reports are available:

  • Antoine Beaupré did 8h for his first month of work on LTS.
  • Ben Hutchings did 20 hours (out of 15 hours allocated + 15 extra hours remaining, meaning that he has 10 extra hours to do over January).
  • Chris Lamb did 12 hours.
  • Guido Günther did 9 hours (out of 8 hours allocated + 2 remaining, thus keeping 1 extra hour for January).
  • Mike Gabriel did nothing (the 8 hours allocated are carried over for January).
  • Raphaël Hertzog did 21.25 hours (18h allocated + 3.25h taken over from Mike’s unused hours of November).
  • Santiago Ruano Rincón did 15 hours (out of 18.25h allocated + 2 remaining + 3.25 taken over from Mike’s unused hours of November, thus keeping 8.50 extra hours for January).
  • Scott Kitterman did 8 hours.
  • Thorsten Alteholz did 21.25 hours (out of 18.25h allocated + 3 hours taken over from Mike’s unused hours of November).

Evolution of the situation

We lost our first silver sponsor (Gandi.net, they prefer to give the same amount of money to Debian directly) and another sponsor reduced his sponsorship level. While this won’t show in the hours dispatched in January, we will do a small jump backwards in February (unless we get new sponsors replacing those in the next 3 weeks).

This is a bit unfortunate as we are rather looking at reinforcing the amount of sponsorship we get as we approach Wheezy LTS and we will need more support to properly support virtualization related packages and other packages that were formerly excluded from Squeeze LTS. Can you convince your company and help us reach our second goal?

In terms of security updates waiting to be handled, the situation is close to last month. It looks like that having about 20 packages needing an update is the normal situation and that we can’t really get further down given the time required to process some updates (sometimes we wait until the upstream authors provides a patch, and so on).

Thanks to our sponsors

We got one new bronze sponsor but he’s not listed (he did not fill the form where we request their permission to be listed).

Freexian’s report about Debian Long Term Support, November 2015

by

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In November, 114.50 work hours have been dispatched among 8 paid contributors. Their reports are available:

  • Ben Hutchings did 5 hours only (out of 15 hours allocated + 5 extra hours remaining, meaning that he has 15 extra hours to do over December).
  • Chris Lamb did 13 hours (12h allocated + 1h remaining).
  • Guido Günther did 10 hours (out of 8 hours allocated + 4 remaining, thus keeping 2 extra hours for December).
  • Mike Gabriel did 6.5 hours only (out of 8 hours allocated + 8 hours remaining, the 9.5 unused extra hours have been dispatched to others for December).
  • Raphaël Hertzog did 21.25 hours.
  • Santiago Ruano Rincón did 19 hours (out of 21h allocated, thus keeping 2 extra hours for December).
  • Scott Kitterman did 8 hours.
  • Thorsten Alteholz did 21.25 hours.

Evolution of the situation

We lost one hour of funding for December due to a sponsor not renewing, and we don’t have any new sponsor lined up right now. There’s another sponsor who will reduce his sponsorship starting with 2016.

While the situation is relatively healthy right now, we should continue the efforts to find new sponsors, both to ensure we can cover more software in wheezy and to better share the costs: having many small sponsors is more resilient than relying on a few big ones. And we still haven’t reached our second goal of funding the equivalent of a full-time position.

In terms of security updates waiting to be handled, the situation is close to last month: the dla-needed.txt file lists 19 packages awaiting an update (2 less than last month), the list of open vulnerabilities in Squeeze shows about 22 affected packages in total (1 less than last month).

Thanks to our sponsors

The new sponsors are in bold.

Freexian’s report about Debian Long Term Support, October 2015

by

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In September, 85.50 work hours have been dispatched among 8 paid contributors. Their reports are available:

  • Ben Hutchings did 14 hours (13.5h allocated, thus only catching up 0.5 hours out of the 5.5 extra hours he had left from former month).
  • Chris Lamb did 11 hours (12h allocated, he will catch up later).
  • Guido Günther did 4 hours (out of 8 hours allocated, thus keeping 4 extra hours for November).
  • Mike Gabriel did nothing (out of 8 hours allocated, he will catch up in November).
  • Raphaël Hertzog did 13.25 hours.
  • Santiago Ruano Rincón did 13.5 hours.
  • Scott Kitterman did 8 hours (4 hours allocated and 4 hours remaining from September)
  • Thorsten Alteholz did 13.25 hours.

Evolution of the situation

November crossed a new record with 114.5 hours funded. This is mainly thanks to our first Platinum sponsor: TOSHIBA (through Toshiba Software Development Vietnam). They don’t know yet if they can sponsor us in the long term (they hope so), but it’s still a nice news as we jumped from 50% to 65% of the objective of the equivalent of a full-time position with a single new sponsor.

Currently no change is expected for next month as we don’t have any other new sponsor in the process of joining us.

We still need more support to be able to support all the packages we could not afford to support during the squeeze cycle. We are currently discussing which package we can or cannot support on the LTS list, see the thread Unsupported packages for Wheezy LTS for the current situation.

In terms of security updates waiting to be handled, the situation is close to last month: the dla-needed.txt file lists 21 packages awaiting an update (6 more than last month), the list of open vulnerabilities in Squeeze shows about 23 affected packages in total (exactly like last month).

Thanks to our sponsors

The new sponsors are in bold.

Tags

3.0 (quilt) Activity summary APT aptitude Blog Book Cleanup conffile Contributing CUT d-i Debconf Debian Debian France Debian Handbook Debian Live Distro Tracker dpkg dpkg-source Flattr Flattr FOSS Freexian Funding Git GNOME GSOC HOWTO Interview LTS Me Multiarch nautilus-dropbox News Packaging pkg-security Programming PTS publican python-django Reference release rolling synaptic Ubuntu WordPress

Recent Posts