My Free Software Activities in April 2015

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 26.25 hours on Debian LTS. In that time I did the following:

  • CVE triage: I pushed 52 commits to the security tracker. I finished a new helper script (bin/lts-cve-triage.py) that builds on the JSON output that Holger implemented recently. It helps to triage more quickly some issues based on the triaging work already done by the Debian Security team.
  • I filed #783005 to clarify the situation of libhtp and suricata in unstable (discovered this problem while triaging issues affecting those packages).
  • I reviewed and sponsored DLA-197-1 for Nguyen Cong fixing 5 CVE on libvncserver.
  • I released DLA-199-1 fixing one CVE on libx11. I also used codesearch.debian.net to identify all packages that had to be rebuilt with the fixed macro and uploaded them all (there was 11 of them).
  • I sponsored DLA-207-1 for James McCoy fixing 7 CVE on subversion.
  • I released DLA-210-1 fixing 5 CVE on qt4-x11.
  • I released DLA-213-1 fixing 7 CVE on openjdk-6.
  • I released DLA-214-1 fixing 1 CVE on libxml-libxml-perl.
  • I released DLA-215-1 fixing 1 CVE on libjson-ruby. This backport was non-trivial but luckily included some non-regression tests.
  • I filed #783800 about the security-tracker not handling correctly squeeze-lts/non-free.

Now, still related to Debian LTS, but on unpaid hours I did quite a few other things:

Other Debian work

Feature request in update-alternatives. After a discussion with Josselin Mouette during the Mini-DebConf in Lyon, I filed #782493 to request the possibility to override at a system-wide level the default priority of alternatives recorded in update-alternatives. This would make it easier for derivatives to make different choices than Debian.

Sponsored a dnsjava NMU. This NMU introcuded a new upstream version which is needed by jitsi. And I also notified the MIA team that the dnsjava maintainers have disappeared.

python-crcmod bug fix and uploads to *-backports. A member of the Google Cloud team wanted this package (with its C extension) to be available to Wheezy users so I NMUed the package in unstable (to fix #782379) and prepared backports for wheezy-backports and jessie-backports (the latter only once the release team rejected a fix in jessie proper, see #782766).

Old and new PTS updates for Jessies’s release. I took care to update tracker.debian.org and packages.qa.debian.org to take into account Jessie’s release (which, most notably, introduced the “oldoldstable” suite as the new name for Squeeze until its end of life).

Received thanks with pleasure. This is not something that I did but I enjoyed reading so many spontaneous thanks in response to Guillem’s terse and thankless notification of me stepping down from dpkg maintenance. I love the Debian community. Thank you.

Thanks

See you next month for a new summary of my activities.

My Free Software Activities in September 2013

This is my monthly summary of my free software related activities. If you’re among the people who made a donation to support my work (86.18 €, thanks everybody!), then you can learn how I spent your money. Otherwise it’s just an interesting status update on my various projects.

Package Tracking System^U Distro Tracker

Marko Lalic implemented quite a few interesting features in the last weeks of the Google Summer of Code (support of teams most notably). Unfortunately he didn’t deploy (yet) the latest changes on pts.debian.net.

Given the good work he made over the summer, I marked him as successful in his GSOC. Hopefully he will stick around and continue to contribute, he promised to try to handle some mass renaming that we agreed upon. Effectively, after much bike-shedding, I decided that the software would be called “Distro Tracker”.

Once those last-minute cleanups are done, I plan to request “tracker.debian.org” to Debian System Administrators. This means that it will be deployed in parallel to the current PTS at least until we’re at feature parity in the new codebase.

The new codebase should be much more easy to get started with, so I should do some promotion and invite people to contribute to it… possibly by writing some short “how to get started” documentation.

I started by creating a dedicated wiki page: http://wiki.debian.org/qa.debian.org/distro-tracker

Misc packaging

I got two REJECTs from ftpmasters this month (one for galette, one for dolibarr). I took care of fixing the various issues in galette and the package has been promptly accepted afterwards. For dolibarr, I mentored the upstream maintainer about the various problems and got him to fix it. It took a bit more time and the package is thus still in NEW.

I packaged wordpress 3.6, and then wordpress 3.6.1 (security update). python-django also had multiple security updates this month, I took care of one or two uploads but Luke Faraone dealt with most of them (including backports to Squeeze!).

I packaged Publican 3.6.1 and uploaded dh-linktree 0.4 to fix a FTBFS issue introduced with Perl 5.18.

Of anecdotal importance, but I also filed bug #721849 after seeing how much energy was spent to ensure debian/rules didn’t contain an improper copyright statement.

Thanks

See you next month for a new summary of my activities.

Finding a new name for the Package Tracking System

The Google Summer of Code rewriting the Package Tracking System is approaching its end and I’m starting to think about deploying it on debian.org. Its scope has expanded over the years and the rewritten PTS will continue this trend by bringing some new features for teams (like the possibility to subscribe to all packages of a team).

I believe that its current hostname (and name) doesn’t reflect properly the role of the PTS. Add to this the fact that there’s still some work left to be done to reach feature-parity with the current PTS, I’m considering deploying it in parallel to the current PTS under a new name.

“Package Tracking System” is also a bit too long for a name, and sounds more like a description than a name…

But if I get rid of “packages.qa.debian.org” and “Package Tracking System”, how should we call the new PTS? 🙂

The PTS is a sort of central place that brings together information from many parts of Debian. It’s currently mainly a consumer/dispatcher of information but I expect to integrate some of the external services that are useful for all Debian derivatives, and it will thus become more and more a producer of first-hand information as well.

To replace packages.qa.debian.org, Stefano Zacchiroli suggested me hub.debian.org and I must say I like it, it’s short and relatively close to what the PTS actually is (and reminds me of DEP-2 — the new PTS will be an asset to make it a reality). My other ideas were devel.debian.org, inside.debian.org, watch.debian.org, track.debian.org, … do you have better suggestions? what’s your preference?

Finding a better name is harder, but there’s room to build on the hub concept and similar images. I would like a full name that’s not too long and an associated abbreviation/short name for the top-level Python package (currently we use “pts” for that Python package). Can you come up with something original and satisfactory?

My latest thoughts end up with “DistroHub” as full name and “dhub” as Python package name. Still boring…

So, dear lazy web, I heard that we’re good at bikeshedding in Debian, so can you come up with something better? Share your suggestions in the comments!

My Free Software Activities in August 2013

This is my monthly summary of my free software related activities. If you’re among the people who made a donation to support my work (47.50 €, thanks everybody!), then you can learn how I spent your money. Otherwise it’s just an interesting status update on my various projects.

Package Tracking System

There are only 2-3 weeks left in the summer of code project dedicated to rewrite the package tracking system. We have come a long way during August… check it out yourself in pts.debian.net.

The rewrite doesn’t have all the features of the old PTS yet, but I opted to keep some of the easy and less interesting features for others to re-implement. Instead I asked Marko to work in the coming weeks on new features that will bring more value, like the possibility to have user accounts with the possibility to easily review and tweak all your subscriptions on the web, and like the possibility to subscribe to groups of packages (i.e. those managed by a team).

Our main problem right now is that exim has a pretty poor default behavior of forking hundreds of processes if you get hundreds of mails (in a batch) to an address that delivers via a pipe (postfix is saner, it serializes the deliveries on pipes). The new PTS is much more modular and its memory footprint is bigger (about 3 times more for the process that delivers mails, 30Mb instead of 10Mb), and in such a situation we managed to run out of memory… for now we worked around the situation with an exim setting that queues mails once the load gets too high but it’s a poor workaround IMO. We could obviously implement our own queue and a daemon but I’d like to avoid this. So who knows how to tell exim to behave? 🙂

On the positive side, Marko has gotten some feedback from people who like the new PTS and are using it daily already. And several persons have expressed their interest to work on the new codebase already.

On my side, I created a package so that it’s easy to deploy for derivatives. In this process, I revamped the way we manage the Django settings (for development and for production). The package is not finished yet, but it’s mostly usable already. But I still want to do some cleanup/refactoring in the models before others start deploying it. We must also enable South to make it possible to upgrade easily afterwards.

DebConf 13 in Vaumarcus

From August 10th to 17th, I was attending DebConf 13. It matched the only week of vacation that my wife had this summer so we went there with the whole family (that is with a 3 years old son, and 6 months old one). Thus I could not immerse myself in Debconf and missed all the nice things that happen outside of the talk rooms. I picked 3-4 interesting talks per day and I spent the rest with my family.

On the positive side, I was pleased that my wife could meet (or at least see) some other Debian people. She knows quite a few (of you) by name because I have been telling her Debian stories for years now…

Debian France

Debian France sold quite some merchandise during Debconf but I didn’t take care of that. It was supervised by Sylvestre Ledru but fortunately he got the help of multiple persons, both to bring everything there, to sell it, and to bring back the rest.

The good news of the month is that the upstream author of galette published a new version with all the features that we ordered him a few months ago. We send now automatic reminders to members who must renew their subscription, we have automatic update of our accounting books (in a ledger file in a git repository) when we people donate or pay their subscription via the paypal form on our website.

I was so pleased to finally have this that I took some hours to finalize the packaging of galette, so that it could be uploaded to Debian. It’s now waiting in the NEW queue. I also spent multiple hours to write the python script that is executed by galette and that updates the accounting files.

Misc Debian stuff

Debian Packaging. I did two uploads of logidee-tools to fix bugs #718671 and #718836. I created a package for Dolibarr a PHP-based CRM and ERP software (it doesn’t do accounting however), it’s sitting in the NEW queue for almost a month already. I forwarded #719000 to the upstream Publican developers. I filed #720393 to request a new upstream version of libphp-mailer.

git-multimail. After its deployment on Alioth last month, Niels Thykier reported me a case where it lead to bounces, I filed this as a new upstream ticket and in fact I fixed it myself a few days after. I got the fixed version installed on Alioth.

dpkg. I investigated why the the automatic builds of dpkg were no longer happening and asked Michael Prokop if he could install a newer version of gettext in the build chroot. He told me that he would need a backport for that so I asked Santiago Vila if he was willing to provide it and he kindly accepted. A few days after, the package was in backports and I’m now again running the latest dpkg out of git thanks to the nice service provided by Michael.

Misc discussions. The thread about “user planets” drifted into a discussion of how to avoid “promotional posts” on such planets and in that context someone again brought up the Debian Machine Usage Policy as a way to shut down any kind of (self-)promotional content on planet if there’s money involved. This always irritates me and this time I opted to ask James Troup about the origin of that clause in the DMUP. So who is willing to work with DSA to fix the DMUP so that people stop abusing it in contexts where it doesn’t make sense?

I also participated in some discussions concerning dgit. I like the ideas behind the tool, but I’m saddened by the behavior of Ian Jackson. I helped him to fill his gap of knowledge about new sources formats but he keeps on bashing about the “3.0 (quilt)” source format both in the manual page and in the output of the program. He believes that dgit is no longer an experiment but the truth is that it’s still a poorly commented Perl script doing lots of hackish things.

Kali Linux

Between Debconf and all, I haven’t done much for Kali except a couple of fixes. There’s a nice story of how I tracked a bug in live-installer on the Kali blog. That fix has been committed to Debian. I also improved live-build to include xfsprogs/jfsutils on the ISO image when you include the debian-installer (so that you don’t end up in problems when you pick JFS or XFS as file systems for your installation).

Thanks

See you next month for a new summary of my activities.