My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.
This month I have been paid to work 15.25 hours on Debian LTS. In that time I did the following:
- CVE triage: I pushed 37 commits to the security tracker and contacted 20 maintainers about security issues affecting their packages.
- I started a small helper script based on the new JSON output of the security tracker (see #761859 for details). It’s not ready yet but will make it easier to detect issues where the LTS team lags behind the security team, and other divergences like this and will speed up future CVE triage work (once done).
- I sent DLA-174-1 (tcpdump update fixing 3 CVE) after having received a debdiff from the Romain Françoise.
- I prepared DLA-175-1 on gnupg, fixing 3 CVE.
- I prepared DLA-180-1 on gnutls26, fixing 3 CVE.
That’s it for the paid work. But still about LTS, I proposed two events for Debconf 15:
- Inner workings of an unusual team in Debian: the Long Term Support team: a generic presentation of the team and the project;
- Preparing for Wheezy LTS: a work session between the security team and the LTS team.
In my last Freexian LTS report, I mentioned briefly that it would be nice to have a logo for the LTS project. Shortly after I got a first logo prepared by Damien Escoffier and a few more followed: they are available on a wiki page (and the logo you see above is from him!). Following a suggestion of Paul Wise, I registered the logo request on another wiki page dedicated to artwork requests. That kind of collaboration is awesome! Thanks to all the artists involved in Debian.
Django. This month has seen no less than 3 upstream point releases packaged for Debian (1.7.5, 1.7.6 and 1.7.7) and they have been accepted by the release team into Jessie. I’m pleased with this tolerance as I have argued the case for it multiple times in the past given the sane upstream release policy (bugfix only in a given released branch).
Python code analysis. I discovered a few months ago a tool combining the power of multiple Python code analysis tools: it’s prospector. I just filed a “Request for Package” for it (see #781165) and someone already volunteered to package it, yay \o/
update-rc.d and systemd. While working on a Kali version based on Jessie, I got hit by what boils down to a poor interaction between systemd and update-rc.d (see #746580) and after some exchanges with other affected users I raised the severity to serious as we really ought to do something about it before release. I also opened #781155 on openbsd-inetd as its usage of inetd.service instead of openbsd-inetd.service (which is only provided as a symlink to the former) leads to multiple small issues.
Debian France. The general assembly is over and the new board elected its new president: it’s now official, I’m no longer Debian France’s president. Good luck to Nicolas Dandrimont who took on this responsibility.
Salt’s openssh formula. I improved salt’s openssh formula to make it possible to manage the
/etc/ssh/ssh_known_hosts file referencing the public SSH keys of other managed minions.
Tendenci.com. I was looking for a free software solution to handle membership management of a large NPO and I discovered Tendenci. It looked very interesting feature wise and written with a language/framework that I enjoy (Python/Django). But while it’s free software, there’s no community at all. The company that wrote it released it under a free software license and it really looks like that they did intend to build a community but they failed at it. When I looked their “development forums” were web-based and mostly empty with only initial discussion of the current developers and no reply from anybody… there’s also no mention of an IRC channel or a mailing list. I sent them a mail to see what kind of collaboration we could expect if we opted for their software and got no reply. A pity, really.
What free software membership management solution would you use when you have more than 10000 members to handle and when you want to use the underlying database to offer SSO authentication to multiple external services?
See you next month for a new summary of my activities.