My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.
This month I have been paid to work 26.25 hours on Debian LTS. In that time I did the following:
- CVE triage: I pushed 52 commits to the security tracker. I finished a new helper script (bin/lts-cve-triage.py) that builds on the JSON output that Holger implemented recently. It helps to triage more quickly some issues based on the triaging work already done by the Debian Security team.
- I filed #783005 to clarify the situation of libhtp and suricata in unstable (discovered this problem while triaging issues affecting those packages).
- I reviewed and sponsored DLA-197-1 for Nguyen Cong fixing 5 CVE on libvncserver.
- I released DLA-199-1 fixing one CVE on libx11. I also used codesearch.debian.net to identify all packages that had to be rebuilt with the fixed macro and uploaded them all (there was 11 of them).
- I sponsored DLA-207-1 for James McCoy fixing 7 CVE on subversion.
- I released DLA-210-1 fixing 5 CVE on qt4-x11.
- I released DLA-213-1 fixing 7 CVE on openjdk-6.
- I released DLA-214-1 fixing 1 CVE on libxml-libxml-perl.
- I released DLA-215-1 fixing 1 CVE on libjson-ruby. This backport was non-trivial but luckily included some non-regression tests.
- I filed #783800 about the security-tracker not handling correctly squeeze-lts/non-free.
Now, still related to Debian LTS, but on unpaid hours I did quite a few other things:
- I wrote a talk on Debian LTS that I gave during the Mini-DebConf in Lyon. I took quite some time to collect some statistics about the last 10 months of work within the team.
- I helped to draft a press release announcing our plans for Wheezy LTS and seeking more help at the same time.
- I ensured that the Jessie press release will include a sentence saying that it would be supported for 5 years too.
Other Debian work
Feature request in update-alternatives. After a discussion with Josselin Mouette during the Mini-DebConf in Lyon, I filed #782493 to request the possibility to override at a system-wide level the default priority of alternatives recorded in update-alternatives. This would make it easier for derivatives to make different choices than Debian.
Sponsored a dnsjava NMU. This NMU introcuded a new upstream version which is needed by jitsi. And I also notified the MIA team that the dnsjava maintainers have disappeared.
python-crcmod bug fix and uploads to *-backports. A member of the Google Cloud team wanted this package (with its C extension) to be available to Wheezy users so I NMUed the package in unstable (to fix #782379) and prepared backports for wheezy-backports and jessie-backports (the latter only once the release team rejected a fix in jessie proper, see #782766).
Old and new PTS updates for Jessies’s release. I took care to update tracker.debian.org and packages.qa.debian.org to take into account Jessie’s release (which, most notably, introduced the “oldoldstable” suite as the new name for Squeeze until its end of life).
Received thanks with pleasure. This is not something that I did but I enjoyed reading so many spontaneous thanks in response to Guillem’s terse and thankless notification of me stepping down from dpkg maintenance. I love the Debian community. Thank you.
See you next month for a new summary of my activities.