Freexian’s report about Debian Long Term Support, June 2016

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In June, 158.25 work hours have been dispatched among 11 paid contributors. Their reports are available:

DebConf 16 Presentation

If you want to know more about how the LTS project is organized, you can watch the presentation I gave during DebConf 16 in Cape Town.

Evolution of the situation

The number of sponsored hours increased a little bit at 135 hours per month thanks to 3 new sponsors (Laboratoire LEGI – UMR 5519 / CNRS, Quarantainenet BV, GNI MEDIA). Our funding goal is getting closer but it’s not there yet.

The security tracker currently lists 40 packages with a known CVE and the dla-needed.txt file lists 38 packages awaiting an update.

Thanks to our sponsors

New sponsors are in bold.

Freexian’s report about Debian Long Term Support, May 2016

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In May, 166 work hours have been dispatched among 9 paid contributors. Their reports are available:

  • Antoine Beaupré did 20h.
  • Ben Hutchings did 10 hours (out of 15 hours allocated, keeping 5 extra hours for June).
  • Brian May did 15 hours.
  • Chris Lamb did 18 hours.
  • Guido Günther did 17.25 hours (out of 8 hours allocated + 9.25 remaining hours).
  • Markus Koschany did 30 hours (out of 31 hours allocated, thus keeping one extra hour for June).
  • Santiago Ruano Rincón did 20 hours (out of 20h allocated + 8 remaining, thus keeping 8 extra hours for June).
  • 8 hours that were initially affected to Scott Kitterman have been put back in the June pool after he resigned.
  • Thorsten Alteholz did 31 hours.

Evolution of the situation

The number of sponsored hours stayed the same over May but will likely increase a little bit the next month as we have two new Bronze sponsors being processed.

The security tracker currently lists 36 packages with a known CVE and the dla-needed.txt file lists 36 packages awaiting an update.

Despite the higher than usual number of work hours dispatched in May, we still have more open CVE than we used to have at the end of the squeeze LTS period. So more support is always needed…

Thanks to our sponsors

New sponsors are in bold.

My Free Software Activities in May 2016

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

Due to some departure and increased workload, I wanted to find out a few new paid contributors for Debian LTS. So I sent a mail to debian-jobs@lists.debian.org and contrary to last time (where I posted the announce only here on my blog), I had plenty of replies… I ended up enrolling 6 new contributors and refusing 3 persons that did not have the required profile.

All new contributors are supposed to handle at least one LTS update on their free time to get up to speed. But from the 6 new contributors only 3 managed to handle their “training update” in May. 🙁

During the month I spent quite some time providing guidance to the new contributors both in private mails and on the debian-lts mailing list.

I also reviewed a xen update where I had (rightfully) some doubts about the work done.

Packaging work

fonts-cantarell. After having diagnosed the problem last month, I got annoyed enough by the lack of a fixed package that I found a way to package a newer upstream release of fonts-cantarell without requiring a fontforge update that was likely to take some time still… so I prepared and uploaded 0.0.24-1.

cpputest. Bug #823711 reported some license issues with some of the files. I immediately forwarded this upstream (issue 961) and fixed it in Debian by repacking the upstream tarball. Fortunately upstream has been quick to handle his and there’s a new upstream release (3.8) where the problematic files have been dropped.

live-boot. Kali’s live images were no longer booting (stuck in the initrd) and with the help of Ben Hutchings we diagnosed this back to #823069 which I fixed in live-boot 20160511.

udev. I filed #824025 to request that the rule defining the MAC-based name of USB network interfaces be isolated in its own file so that it can be easily disabled (we do that in Kali).

Misc stuff. I packaged Django 1.8.13 in jessie-backports. I filed
#824165 against sbuild being broken with “$apt_allow_unauthenticated = 1;” in .sbuildrc. I filed a wishlist bug #824168 against apt-listchanges to suggest that it ignores news from auto-installed packages. I filed #825923 to report a regression in python-nltk (discovered in Kali first).

Infrastructure work

packages.debian.org. A few months ago, I wrote a patch for packages.debian.org so that it forwards emails to tracker.debian.org instead of packages.qa.debian.org. At that time, I was in touch with Rhonda and was hoping that she would apply it rather quickly (the patch is rather short). After a few more pings, she made it clear that she was not alone and that I should rather file a proper request so that someone else can also process it. So I filed #824085 and tried to find someone else to apply my patch. Most of the members of pkg_maint said that they were part of the group only due to generic webmaster involvement but that they did not want to touch that part. Fortunately, Martin Zobel Helas was more receptive to my request and helped me to deploy my changes. I committed my change and Martin pulled it in the live checkout on picconi.debian.org.

This update is also a first step towards the possibility to use foo@packages.debian.org and/or teams+foo@tracker.debian.org in the Maintainer field of a package. With this we can get rid of dedicated mailing lists that just duplicate the work of the package tracker. And we no longer need to care about the fact that the Maintainer is handled differently than Uploaders since all (human) co-maintainers would then be listed in Uploaders only (and the package tracker would deal appropriately with mails sent to the Maintainer).

Distro Tracker. I improved the import process to be able to force a new processing of source packages that were already imported. This was useful to let it recognize architectures which were newly added in its database (and that were ignored and thus not displayed up to now).

I also made a first review of the AppStream patch submitted by Matthias Klump in #806740.

Thanks

See you next month for a new summary of my activities.

Freexian’s report about Debian Long Term Support, April 2016

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In April, 116.75 work hours have been dispatched among 9 paid contributors. Their reports are available:

  • Antoine Beaupré did 16h.
  • Ben Hutchings did 12.25 hours (out of 15 hours allocated + 5.50 extra hours remaining, he returned the remaining 8.25h to the pool).
  • Brian May did 10 hours.
  • Chris Lamb did nothing (instead of the 16 hours he was allocated, his hours have been redispatched to other contributors over May).
  • Guido Günther did 2 hours (out of 8 hours allocated + 3.25 remaining hours, leaving 9.25 extra hours for May).
  • Markus Koschany did 16 hours.
  • Santiago Ruano Rincón did 7.50 hours (out of 12h allocated + 3.50 remaining, thus keeping 8 extra hours for May).
  • Scott Kitterman posted a report for 6 hours made in March but did nothing in April. His 18 remaining hours have been returned to the pool. He decided to stop doing LTS work for now.
  • Thorsten Alteholz did 15.75 hours.

Many contributors did not use all their allocated hours. This is partly explained by the fact that in April Wheezy was still under the responsibility of the security team and they were not able to drive updates from start to finish.

In any case, this means that they have more hours available over May and since the LTS period started, they should hopefully be able to make a good dent in the backlog of security updates.

Evolution of the situation

The number of sponsored hours reached a new record with 132 hours per month, thanks to two new gold sponsors (Babiel GmbH and Plat’Home). Plat’Home’s sponsorship was aimed to help us maintain Debian 7 Wheezy on armel and armhf (on top of already supported amd64 and i386). Hopefully the trend will continue so that we can reach our objective of funding the equivalent of a full-time position.

The security tracker currently lists 45 packages with a known CVE and the dla-needed.txt file lists 44 packages awaiting an update.

This is a bit more than the 15-20 open entries that we used to have at the end of the Debian 6 LTS period.

Thanks to our sponsors

New sponsors are in bold.