this was a weird RCBW week for me. although we are not that far into the freeze yet, the amount of easy-enough-for-me-to-fix RC bugs on UDD is already rather low. besides the not very impressive list below, I at least tried to do some housekeeping on some bugreports (tagging, reassigning, forwarding, ).

• #636805 viewvc: "viewvc runs extremely slowly (~15s per page)"
  send debdiff to BTS
• #660671 src:libdispatch: "libdispatch: Fails to build (link dispatch_starfish) on armel"
  apply patch from Ubuntu / Colin Watson, send debdiff to BTS (build fails differently on armel)
• #671673 dvipsk-ja: "dvipsk-ja: unowned file /usr/local/share/texmf/ls-R after purge (policy 6.8, 9.1.2)"
  upload NMU prepared by Taku YASUI (use dh_installtex), upload to DELAYED/2
• #677361 rubrica: "rubrica: FTBFS on kfreebsd-any & hurd-i386 due to rpath"
  autoreconf, upload to DELAYED/2
• #681756 canna: "canna: removes files that were installed by another package: /etc/canna/default.canna"
  add info to bug report
• #682882 inguma: "inguma: Recommends non-existent python-qt3 package"
  add info to bug report

Another great DebConf is over. Two weeks ago, I was lingering a little longer in Nicaragua, enjoying some tropical holidays, and having a few To as with some fellow debconfers in Granada, and I exposed some rough ideas I've been incubating in the back of my head for some days. Since it had a positive initial reaction from the table (Gregor already volunteered to help!), I want to show it to a larger audience, in the hopes of getting some useful feedback, ideas, and maybe even some volunteers! The trigger was Zack's Bits from the DPL talk, and Enrico's post on the same topic. We need to recognise more what people is doing in the project, much valuable work is done in the shadows, and it is in our interest to make the people doing that work feel acknowledged, feel they are part of the project. The core of my idea is to create a web service that, for each person known to the project (let's say, http://whois.debian.net/tincho), shows a simple page with information about the person, optionally a mugshot/hackergotchi, what are they working on, maybe some stats and links (the Debian portfolio stuff, for example), and the core of this idea badges of merit, and attribution for their contributions. What I picture is having badges that say: Closed X RC bugs , Active translator for Esperanto , #1 video team camera operator in DC12 , Created 100 bugs .. You get the idea. In this ugly mock I created with my null designing skills, the idea might be a little more clear. An important feature of the project is that it will be just a collector of information distributed in different places:

• Personal information stored in special files in the person's alioth account (if any). If the person does not have an account or does not add any information, the page will only show the user name, and maybe the full name.
• Automated links to other sources of information: PTS, Debian Portfolio, UDD Dashboard, etc.
• A collection of badges and detailed statistics gathered from independent sources:
• Automated data from UDD, PentaBarf, BTS.
• Statistics from commits, changes to wikis, mailing lists, etc.
• Lists created by specific teams to recognise their members, specially when these are not using automated tools that can generate reports.

This way, every team or project in Debian that wants to give recognition to its volunteers would easily do it, without needing to dive into the details of the code, or dealing with much bureaucracy. Just a signed mail with the pointer to the source of the data would be sufficient. I think the more complex part of this project would be matching different identities to real persons, in a way similar to carnivore, so we can match between different email addresses, a name, a Debian or alioth user-id (if applicable), IRC nickname, or any other identification that might be used to distinguish a person inside Debian. This might sound scary, but I don't plan on exposing or crawling any identities that are not currently publicly exposed, I just want to be able to see in a single page all the information associated both with my debian.org email address and with my gmail one. I have some basic design ideas, but I don't want to make this post even longer than what it is now. Please get in touch if you have comments, ideas, or if you want to flame me. Tags: Planet Debian

Monthly DPL bits, fresh from the oven.

---

Tip to feel good about the release #476: before reading this, grab and fix one of the RC bugs affecting Wheezy. Done? Now you're ready for a slightly less exciting report of DPL activities. Highlights

• I've wrapped up a couple of years of discussions with FSF representatives, proposing a joint working group on FSF' assessment of Debian Free-ness. Some news coverage ensued. The discussion list that has been set up welcomes participants and, in particular, could use some more DDs, fond of Debian principles but also interested in external review of our free/non-free separation.
• DebConf12 has happened!, and many of us attended it. Due to family reasons I've been able to attend only DebCamp and DebConf day-0, just in time to deliver the traditional "bits from the DPL" speech. Among other topics, in the speech I've discussed governance scaling issues in our governance, and in particular about the role of the DPL --- issue which I'm partly trying to address with the "DPL helpers" initiatives. Slides and videos of the talk are available. As many others DebConf people, I took part in Nicaraguan TV shows about DebConf, showing a good deal of interest by the local media in our presence. I don't have links to the recordings yet, but I suspect DebConf orga people will provide them as soon as they're available.
• Many others DebConf12 events are relevant for future Project directions. I went through many of the events I've missed thanks to the work of the video team and of the gobby note takers. I recommend doing the same. Some events are particularly relevant to recent project-wide discussions, such as EFI, hijacking, and the release process and I'm sure you'll find more If you're a DebConf12 speaker and produced slides, please upload them to penta, so that they could be used as future reference.

Assets

• On the hardware front, we bought another server according to DSA's "5-year plan". It will be used as a ganeti node at the man-da hosting location. We bought it thanks to donated money, for a total of ~6'600 EUR.
• (After ~8 months of pestering,) we got from SPI a data dump of Debian financial transactions there. Thanks for this result goes to the SPI Board and in particular to Robert Brockway and Joerg Jaspert. This was the last blocker to produce detailed financial reports for the past couple of years of Debian activities. Unfortunately, it still is a blocker: Debian auditors found out that the data dump is not complete. SPI will send us remaining data soon , but I don't have an ETA, unfortunately.
• An ftpmasters sprint is being organized and I've been happy to approve its budget. Help is still needed on the -sprints list to keep up with the organization part of sprints, including activities like documenting sprints to show donors what we do with their help.

Logo & trademark

• to stop the absurdity of not using the official logo ("with Debian") as part of our official theme, I advanced a bit on the topic of relicensing the logo under a DFSG-free license. I sought a second legal advice to SFLC (as requested by the SPI board). They confirm we can safely do the relicensing (without undermining our rights on contained marks) under a license like dual LGPLv3+ / CC-BY-SA, provided that a suitable trademark policy is in place
• which is why I've posted to -project a trademark policy draft, based on legal advice from SFLC. I've gather useful feedback already, but more is welcome. Note that, as Russ very eloquently put it, we do not particularly enjoy thinking about which restrictions we put on the usage of our marks. But given we do have (and use) those marks, we should better empower the legal owners (SPI in this case) to properly defend them. Our specification for the policy to SFLC has been "as free as possible", and that is what we're trying to achieve.

Note that the actual logo relicensing should be done by SPI, via their board, upon request of mine (as Debian Project liaison). We won't make it for the next SPI board meeting, as it is on 4 days away. But we can aim for the subsequent meeting, on September 13th. If all goes well (big "if"), we will enjoy a DFSG-free logo after that date. Internal organization Recent flurry of re-organization in the tech-ctte --- which I somewhat triggered pushing for periodic meetings --- seems to be proceeding well. I'm very happy about it, as we all need to trust that tech-ctte decisions will be not only sound, but also prompt. If you're interested into this topic, some recent evidence of the ongoing reorganization and its result can be found in their DebConf12 BoF, minutes of the last meeting, a set of forthcoming GRs, and the recent great decision of posting decisions results to d-d-a (as it happened for node/nodejs). Kudos to tech-ctte members for the recent activism! I haven't worked on it myself directly, but I highlight Enrico's work on server side archival of NM conversations. It has the potential of enabling automatic detection of stuck NM processes. I'm a bit rusty as AM now, but I think missing that ability is one of the main remaining causes of frustration when joining Debian. So, if you are an AM, please opt-in and use this feature with your appicants. If you are not an AM why not? Miscellanea Some misc legal stuff:

• I got the legal advice we asked about the possibility of turning mentors.debian.net into an official service. The worry there was about the potential copyright infringements by mentees. In the end, we don't need to worry about that, provided we've clear contact points (and "reasonable" timing ) for removing infringing material once it's been reported, and that we declare our public policy about that. I've a draft policy document to start with. I'll soon contact mentors.d.n to adapt it where needed and have it vetted by SPI before going live.
• I've worked with GNOME maintainers (thanks in particular to Jordi Mallach) to rework the mixed Debian/GNOME logo on their alioth project page, to stay on the safe side and avoid any ambiguity wrt GNOME trademark policy.

and some misc "political" stuff:

• we've been happy to accept an invitation to attend the GNOME Advisory Board meeting at GUADEC: Jord (thanks, again!) kindly accepted to represent Debian there. An early report has been posted on his blog, a more detailed one is forthcoming to -project.
• OSI has discussed with their affiliates the possibility of signing the Declaration of Internet Freedom. On behalf of Debian, I've vouched for it. By the way, I'm serving pro tempore as Debian liaison at OSI, but if there are people interested in doing that, I'll be happy to consider handing over the responsibility to other (it's a quite lightweight one, at present).

Happy RC bug squashing,
Cheers.

---

PS the boring day-to-day activity log for July 2012 is available at master:/srv/leader/news/bits-from-the-DPL.txt.201207

It s the last day of Debconf 12 in Managua, it s the first ever Decbonf I ve attended and it has been just awesome.

More diversity in Debian skills This blog post has been co-authored with Francesca Ciceri. In his Debconf talk, zack said:

We need to understand how to invite people with different backgrounds than packaging to join the Debian project [...] I don't know what exactly, but we need to do more to attract those kinds of people.

Francesca and I know what we could do: make other kinds of contributions visible. Basically, we should track and acknowledge the contributions of webmasters, translators, programmers, sysadmins, event organisers, and so on, at the same level as what we do for packagers: DDPO, minechangelogs, Portfolio... For any non-packaging activity that we can make visible and credited, we get:

• to acknowledge the people who do it, and show that they are active contributors in the project;
• to acknowledge the work that gets done, and show the actual amount of non-packaging work that gets done in Debian every day;
• to allow non-packagers to have a reputation, too: first of all, they deserve it, and among other things, it would make nm processing trivial.

Here's an example: who's the lead translator for German? And if you are German, who's the lead translator for Spanish? Czech? Thai? I (Enrico) don't know the answers, not even for Italian, but we all should! Or at least it should be trivial to find out. To start to change this, is just a matter of programming. Francesca already worked on a list of trackable data sources, at least for translators. Here are some more details, related to translation:

• Translations can be tracked via the i18n robot (and relative statistics). This works only with teams who activated the robot and actively use the pseudo-urls in their messages on localisation mailing lists. Some translators don't bother to do it but it's ok to only support the main workflow. It beats extracting .po files from l10n-tagged BTS bugs at any rate.
• DPN and website translations: for wml pages there's a specific field to be extracted for each translated page: grep for maintainer="name" on normal wml pages, while for DPN translations we have a specific translator="name" field. The problem is that this field is not mandatory, so sometimes there's no indication of the maintainer. Again, it's ok to only support the main workflow. Anyway, this is preferable to the cvs log: often the commit is done by the coordinator of the team and not by the actual translator. See above for the alternative solution of using the statistics provided by the i18n bot.
• DDTSS: since the new release of DDTSS-Django, done by Martijn van Oosterhout about a year ago, the contributions are by default non-anonymous. This should be easy to track.
• : it is more complicated because in the wiki we do not have a proper l10n translation workflow, so the only thing that can be tracked are changelogs $LANG/* pages. A nice idea would be to have translated pages list the version of the page that was translated and who did the translation.
• translation of debian manuals and release notes: usually in the translation of manuals and long documentation there is a specific translator field.

And here are some notes about other fields:

• DPN editors: for each issue there's a list of editors at the bottom of the page. In the wml: grep for editor=.
• Artwork: artwork submitted via debianart are easy to track on the portal. Anyway usually you can find the author in the license and copyright file.
• Programming: the only thing we have is the list of services which can be expanded if needed.
• Press and publicity: there seems to be not much besides svn logs.
• l10n-english: The Smith Review Project page has some tracking links. Other activities can probably only be tracked, at the moment, via mailing list activity.
• Events: we can use the "main coordinator" field on www.debian.org/events/$year/$date-$eventname.wml: grep for <define-tag coord>; for events not published on the http://www.debian.org, but only on http://wiki.debian.org, the coordinator or the contact for the event is usually present on the page itself.
• Sysadmins: we haven't asked DSA.

And finally, if you are still wondering who those translation coordinators are, they are listed here, although not all teams keep that page up to date. Of course, when a data source is too hard to mine, it can make sense to see if the workflow could be improved, rather than spending months writing compicated mining code. This is a fun project for people at Debconf to get together and try. If by the end of the conference we had a way to credit some group of non-packaging contributors, even if just one like translators or website contributors, at least we would finally have started having official trackers for the activities of non-packagers.

One week. One long week. One beautiful week. One of the two major weeks of the year has passed since my previous post. Surely, we are in the middle of the two Major Weeks of the year, in the yearly schedule I have upheld for almost(!) ten years: DebConf+DebCamp. Yesterday, DebConf officially started. For the first time ever, we had a DebConf track targetted at the local (for a wide definition of local: All of the Central American countries) communities, which I chaired. We had the following talk lineup during this track:

• Empaquetando software para Debian (Gunnar Wolf)
• Introduction to Debian translation workflow and processes (Christian Perrier)
• OpenPGP discussion and skillshare (Daniel Kahn Gillmor)
• Empaquetando colaborativamente con git y collab-maint (Ulises Vitulli)
• Uso del sistema de manejo de errores de Debian (Hector Colina)
• Building free software communities (Leandro G mez

I believe it was a great success, and I hope the talks are useful in the future. They will be put online soon thanks to the tireless work of our work team. Today we sadly lost the presence of our DPL due to very happy circumstances he will surely announce himself. But DebConf will continue nevertheless - And proof of that is our anual, great, fun and inviting Cheese and Wine Party! After a series of organizational hiccups I hope nobody notices (oops, was I supposed not to say this?), today we had a beautiful, fun and most successful cheese and wine party, as we have had year after year since 2005. As many other people, we did our humble contribution for this party to be the success it deserves. There is lots of great cheeses, great wines, and much other great stuff we have to thank to each of the individuals who made this C&W party the success it was. Yes, it might be among the least-academic parts of our conference, but at the same time, it's one of its most cherished -and successful- traditions. And above all else, we have to thank our Great Leader^W^WCheeseMaster (who we still need to convince to play by our Great Leader's mandates - And no, I don't mean Zack here!) Hugs and thanks to my good and dear friend Christian Perrier for giving form to one of DebConf's social traditions that makes it so unique, so different from every other academic or communitary conference I have ever been part of. We still have most of the week to go. And if you are not in Managua (and are not coming soon), you can follow our activities following our video streams. Remember, debian/rules, now more than ever! And even given the (perpetual) heat in Managua: Wheezy is frozen, whee! [ all photos here taken by regina ]

Attachment	Size
100_2110.JPG	1.53 MB
100_2119.JPG	1.49 MB
100_2121.JPG	1.52 MB
100_2135.JPG	1.49 MB
100_2144.JPG	1.11 MB
100_2146.JPG	1.53 MB
100_2145.JPG	1.08 MB
100_2122.JPG	1.51 MB

I'm at DebConf 12 and I've decided to use my time to clear out some minor bits and pieces I've been planning for a while. One of these was to do some graphing of the Debian keyrings over time. The bzr repository goes back to March 2008, but I've also got copies of keyrings for releases back to slink (February 1999). I've been a long time user of GD::Graph under Perl, but recently discovered SVG::TT::Graph and have been meaning to play with it. So I did. First up, number of keys in each keyring: Most of the interesting data is towards the right, but we can also see the point where our v4 keyring overtook v3 keys back in 2001. More recently there's the end of our v3 support in 2010, and the steady increase of Debian Maintainers. The tiny green line is the Debian non-upload keyring. Next I looked at key size (limiting myself to the DDv4 keyring to make things simpler): Here we can see the steady increase of 4096 bit keys since 2009, and to a lesser extent 2048 bit keys. There are a few other sizes - 1 10k key, 1 8k key and 2 3k keys (I suspect these are tied to OpenPGPv2 cards). We're up to 28% of the keyring being stronger keys, but there's still a long way to go. (Interestingly the Debian Maintainer keyring is much better with 65% of keys being 2k or larger. The non-upload keyring is all 2k or greater.) Finally I graphed key type, again limiting myself to the DDv4 keyring: No real surprises here; DSA far and away the most common with RSA usage increasing as part of the move to larger key sizes. In the past we had a few Elgamal signing keys, but these were shown to be compromised thus disappeared entirely. What do these graphs show me? At least the following:

• Debian has a steady rate of growth, for both DDs and DMs. As Zack mentioned in his keynote yesterday it would be nice to see more non-packaging contributors.
• We've made a noticeable effort towards transitioning to stronger keys, but there's still a lot of people who need to make the switch.
• Our rate of growth has slowed over the years (not really surprising).

(You should be able to click on the graphs for larger version.)

If you're organizing a DebConf12, and especially if you're new to it, please have a look at the DebConf BoF HOWTO. One of its main take away messages is: don't be exclusive, think of the kittens. Since last year, and to the might powers of DSA (and their kittens), we now have a more stable place for the gobby server: gobby.debian.org. I've just amended the howto to point to that, and updated the info about which gobby package to use (nowadays clarified, thanks to Phil). Enjoy your BoF-s!

Monthly DPL bits, fresh from the oven^W^W^W hot from DebConf12, and just posted to d-d-a.

---

Howdy from DebConf12. It's hot, but it's also time to bother you again with a (not so) brief DPL activity report, this time for June 2012. Time-based freeze: DONE, short freeze: TODO Two highlights for this month. First, you've probably noticed Wheezy is now frozen, YAY. This is huge achievement for the release, but also for the project. It's the first time we do a time-based freeze, and it took some quite heated discussion at the beginning of the release cycle to decide to do this. And we did it properly: respecting the planned month and narrowing down the period later. This exercise has hopefully helped both DDs in their package planning and our upstreams in targeting Wheezy with stable releases of their software. Kudos to the release team for their coordination work! Now we've the second part still TODO: releasing Wheezy, without RC bugs, with a freeze period as short as possible. See the beginning of my last "bits from the DPL" mail for my usual song and dance on how to deliver that, together. DebConf12 A lot of us will attend DebConf12. Enjoy it! ... and take the chance to both have fun and make great plans for Debian's future. But remember that "if it didn't happen on a mailing list, it didn't happen". Not all of us will be lucky enough to attend DebConf (in person or remotely). Make sure that those who don't can take part in your team decisions and get informed of what is going to happen here. Politics

• After discussion (and consensus) on debian-boot, I've asked to join FSF campaign on secure boot.
• Since OIN was seeking comments on their Linux System definition (not really openly though: I learned about it last minute from people directly in touch with OIN representatives), I've contacted them proposing to include all "Debian main" packages in their definition. I haven't yet hear back from them, but I doubt they'll accept the idea. It'd be nice to have an official answer about why, though.

Zack's spring tour I spent a significant part of June doing Debian talks ins some sort of "spring tour" between Italy and France. In particular:

• I've taught a lenghty class about the Debian Project at the Insubria International Open Source Summer School in Como, Italy (see slides)
• I've delivered the opening keynote at the yearly Free Software conference in Ancona, Italy, ConfSL'12 (see slides)
• I've delivered the opening talk at the Debian for Scientific Facilities Days event organized by the European Synchrotron Radiation Facility (ESRF) in Grenoble, France (see slides)

Many thanks to the organizers of these events for inviting and sponsoring me (as well as other Debian people, in the ESRF case) and for their interest in Debian. Sprints

• I approved (for a budget of ~2'000 EUR) and helped hosting the i18n sprint in Paris. As a (great!) result of it, the i18n infrastructure has now been moved on DSA administered machines. A more detailed report is available. Thanks to all attendees and in particular to Christian Perrier for the organization work.
• as part of the "Debian for Scientific Facilities" event, a Debian Science sprint also took place at ESRF. Report is pending
• a BSP took place in Salzburg in June, see the report posted by Bernd Zeimetz. I've approved using some Debian money (~350 EUR) to pay for lodgement of some of the attendees

Assets

• DSA have been working on seting up the first machines we bought as part of the yearly revamping plan of Debian hardware. As one of the first user visible changes, UDD has been moved to a new, faster, machine. I single this out because, if you're doing RC bug squashing (as you should! :-)), you'll notice that the bugs search interface is now much faster, hopefully making your release work less frustrating. Similar improvements are forthcoming for other machines, while DSA (thanks!) migrate other services to newer hardware.
• Last April I mentioned that we're aiming at publishing comprehensive Debian budget reports for the past couple of years and that one of the blocker is access to our transaction information at SPI. This is still a blocker, unfortunately. And we still don't have an ETA on when it'll be fixed.
• The current owner of debian.eu has let us know that he is willing to hand over the domain to us. Finally.
• The European part of our Madrid protocol application for the Debian trademark has been vetted by the European trademark office. Meaning: Debian trademark is now officially protected in Europe.
• DuckDuckGo sent me a first report of the "donation" they're ready to make, based on our agreement with them. The aument is still unclaimed, as we're aiming at invoicing twice per year (to keep the papwerwork low). It isn't a stellar amount: 32.55 USD for the month of May.

Discussions Some relevant discussions for project evolution has been going on in June and I took part into them. You might want to have a look at them:

• proposal to change the way DM permissions are handled
• proposal to change the policy ruling the debian.net domain
• we've been discussing debconf12 budget at length, including how to deal with travel sponsorship requests in the future:
• in the "debian account on github" thread, I've proposed a general policy for presence of accounts named "debian" on non-free services
• the long quest on how to choose Wheezy artwork has come to an end, and we have a very nice theme now, thanks to contributions by many artist and integration work by Paul Tagliamonte. Not all went well in the process, but there are useful lessons for the future.

Misc

• I got quite some feedback about the debate with debian-multimedia.org I mentioned last month. My take away message from that feedback is that many users have no idea about the multimedia capabilities (and in particular of codecs availability) of recent Debian releases. We should probably invest some communication energies into that.
• as planned, another tech-ctte IRC meeting has happened. I took part into it, mostly asking to prioritize long standing issues, such as the Python maintenance one. Minutes of the meeting are available.

Cheers.

---

PS the boring day-to-day activity log for June is available at master:/srv/leader/news/bits-from-the-DPL.txt.201206

It's that time of the year again. No, not only the Debian biyearly freeze that has just happened, again (YAY!). It's DebConf time again. Yesterday night I arrived in Managua, Nicaragua, for DebConf12. I'm still jetlagged a bit, but the first impression is great. And that impression is also very green, shockingly green. The city is gorgeous: full of trees and plants (well, at least compared to my metropolitan European standards), and the campus of Universidad Centroamericana where the conference is hosted is even more so. Also, it's a great pleasure to have DebConf in an university campus where students are still swarming. My only reason for sadness thus far. While I did bring my traditional Debian kilt at DebConf, I discovered this morning that I forgot my sporran at home
So if you don't see me wearing my kilt at this DebConf often, that's why

I am transitioning my GPG key from an old 1024-bit DSA key to a new 4096-bit RSA key. The old key will continue to be valid for some time but I prefer all new correspondance to be encrypted with the new key. I will be making all signatures going forward with the new key. I have followed the excellent tutorial from Daniel Kahn Gillmor which also explains why this migration is needed. The only step that I did not execute is issuing a new certification for keys I have signed in the past. I did not find any search engine to tell me which key I have signed. Here is the signed transition statement (I have stolen it from Zack): For easier access, I have also published it in text format. You can check it with: To avoid signing/encrypting with the old key who share the same email addresses than the new one, I have saved it, removed it from the keyring and added it again. The new key is now first in both the secret and the public keyrings and will be used whenever the appropriate email address is requested. I now need to gather some signatures for the new key. If this is appropriate for you, please sign the new key if you signed the old one.

I ve pushed up some code (named familytree) to my GitHub, which lets folks browse the social connections that make up Debian. Many thanks to the number of people who gave me feedback (arno, luca, algernon (at least!)) Y all rock! I ve taken the dump of information from nm.debian.org, and rendered it out into four datasets.

• Advocations for a person
• People who one has advocated
• If the person is a Debian Developer Emeritus
• Who a person has AMd for

Mashing this up with an example d3 page, I ve come up with what I m calling debgraph . Here are some notable examples that I think are rad :) By the way - green lines indicate sponsorship, black lines indicate sponsors, and dashed lines indicate AM-ing. Tan nodes are DD-emeritus, and blue is active. I don t think this handles MIA correctly. Anyway, here it is: Me! (paultag) Algernon tbm (OK, this one is massive, I ve scaled it down a skitch old computer warning, it ll peg your CPU!) zack

Just posted to d-d-a, here are the monthly DPL bits.

---

Dear project members,
here's the periodic report of what has happened in DPL land, this time during May 2012. It's briefer than usual, as this year I've enjoyed the lovely French habit of frequent holidays during the month of May. Highlight First highlight for this month is an invitation to us all. We're now in June and the Wheezy freeze is literally a few days away. The RC bugs count is moving in the right direction, but it's still stellar if we want to ensure a short freeze. And a short freeze is of paramount importance: it'll reduce the time during which we can't implement great plans for the future, increase the "freshness" of software we'll ship with Wheezy, and reduce the inconveniences for those who run the testing suite due to its nice "rolling" feature. So please set out some regular time to do RC bug squashing, by providing patches and doing NMUs. Releasing Wheezy is not something that could be outsourced to the Release Team, it's a collective responsibility that kicks in as soon as our own packages are RC bug free (which they already are, right? The second highlight is more on the internal structure camp. As mentioned last month, I've discussed with the tech-ctte insisting a bit to set up periodic IRC meetings, to ensure outstanding issues get periodically reviewed. At the end of May the first IRC meeting has happened, and has been very productive. See the minutes. Another one has been scheduled, trying to setup a monthly cadence, for the end of June. Many thanks to all tech-ctte members who have took part in and helped with the meeting organization. Communication I've given an interview to iTWire, answering a number of questions about several past and future Debian challenges. Discussions The ongoing discussion to harmonize packaging of multimedia software between the official Debian archive and the unofficial debian-multimedia.org archive (dmo) has progressed. I've tried to help the two groups reaching an agreement on which packages belong where, so that both duplicate packaging efforts and user inconveniences are minimized. That seems not to have worked and dmo maintainers have simply announced that they will move away from the current domain name to a new one that does not include "debian" in its name. Sprints There will be a Debian Science sprint in June, co-located with the broader Debian Science event organized by European Synchrotron Radiation Facility (ESRF) in Grenoble. I've confirmed my attendance for the opening talk of the conference day. ESRF organizers have kindly sponsored travel for all Debian attendees, many thanks to them! Another sprint will happen next week-end in Paris, this time by the i18n/l10n team. I've approved the corresponding tentative budget for travel sponrship for ~2'000 EUR. Other expenses Hardware replacement plans go on. We've ordered SSDs (for ~3'000 CAD) for recently bought machines meant to replace bugs-mirror, bugs-master, and udd. On the "small emergencies" front, we also had to replace failing disks on wagner (1/2 of alioth), for as little as 100 GBP. Miscellanea

• I've helped a bit with the ratification of the Debian diversity statement by seconding it and shortening the discussion period
• on the multimedia front, I've also sought legal advice for the multimedia team, to better understand how to provide a decent multimedia experience for Debian users while respecting the draconian copyright system that exists almost world-wide. There seem to be some solutions in sight for the few missing packages (which I'm still discussing with the respective maintainers), but they'll hardly be ready for Wheezy
• three people replied to my call for help with DPL tasks (thanks!). I'll be shortly contact them to share the list of tasks that can be outsourced to anyone willing to help; then I'll try to setup a calendar of periodic IRC public meetings. There's still time to apply if you are interested (hint hint!)
• on behalf of Debian, SPI has entered in the ISC Forum Membership Agreement, giving access to the Debian security team to security notices for softwares like BIND and DHCP. We previously had a similar agreement for individual maintainers, but it's good to move it at a project level, in order to diminish bus factors

Happy Wheezy freeze,
and RC bugs squashing!

---

PS the boring day-to-day activity log for May is available at master:/srv/leader/news/bits-from-the-DPL.txt.201205

I ve decided to start putting together packages to rebuild the bare bones install I use for most of my systems, since rebuilding everything by hand is starting to get annoying. I call it hairy candy. Because my setup relies on some chem interesting chem hacks, none of this is fit in any way for the archive. If the vim team was to catch wind of what I was doing, they d be none too happy :) While these packages work great for me, I can t stress enough how badly they can break something. Using Zack s guide, I was able to get an archive up and running, no problem. Taking his advice, I even got signing working. Simple. mini-dinstall rocks a nice alternative to a PPA, for sure. At least, for one arch :) Now, the one spin I took on Zack s work was to add a landing page a listing of what s in the archive. I did this using a bit of Python & Jinja2. The script follows.

#!/usr/bin/env python
# Copyright (c) Paul Tagliamonte, under the terms of the Expat license.
from jinja2 import Template
import sys
def parse_packages(fd):
    ret = []
    cur =  
    key = None
    for line in fd.readlines():
    if line.strip() == "":
        ret.append(cur)
        cur =  
        continue
    if line[0] == " ":
        cur[key] += "\n" + line.strip()
    else:
        key, val = line.split(":", 1)
        cur[key] = val.strip()
    return ret
pkgs = parse_packages(open(sys.argv[1], 'r'))
context =  
    "pkgs": pkgs
 
t = Template(open(sys.argv[2], 'r').read())
print t.render(**context)

Invocation looks something like:

render.py $ARCHIVE/debian/wicked/Packages $DATA/index.html

I kick this script off in the singing script, since mini-dinstall doesn t have a exit hook. Works great, thanks everyone!

Just posted to d-d-a, here is the monthly report about my DPL activities.

---

Dear project members,
last bits of the past DPL term and first bits of the current term, all in one. Here is a report of what has happened in DPL land last April. Highlight: call for DPL helpers Before the report, though, let me point out that your friendly neighborhood DPL could use some help. As discussed during campaign, there are some intrinsic transparency and scalability limits in the DPL institution, when run by a single person. Before trying something new to fix that, I'd like to give a last try to an old "tactic": calling for help. If you're considering running for DPL or if you're simply interested in the job the DPL does and willing to help with that, please let me know. Ideally, if I find a group of people I'm happy to work with, I'd like to set up periodic IRC meetings with all "DPL helpers" to publicly discuss items in the DPL agenda and share the work-load. Ongoing discussions A big topic of last month has been the proposal by Francesca Ciceri to publish a diversity statement for the Debian Project. After a lively discussion on -project, we reached consensus on a text, and I've been happy to help with that. To finalize statement publication we now need to vote on it with a GR. I've helped drafting a corresponding GR proposal that has already been posted to -vote by Francesca. A final one, looking for seconds, will be posted there soon. Wrapping up March discussions on a revenue sharing agreement with DuckDuckGo, I've announced my intention to finalize the agreement and have done so shortly thereafter. The Iceweasel maintainer has deployed the corresponding search engine query string and other web browser maintainers could do the same, if they want to. In April I've also spent some time to move forward the long running conflict on Python maintenance, reported to the tech-ctte more than 2 years ago. With the help of people on the -python mailing list, I've now submitted to the tech-ctte an up to date list of potential maintenance teams. I hope the tech-ctte now have all the information needed to come to a decision. Speaking of which, I'm also discussing with tech-ctte members the possibility of having periodic ctte meetings; the idea is to ensure that outstanding issues are periodically reassessed, improving the reliability of tech-ctte decision times. I've also discussed at length with members of the pkg-multimedia-maintainers team the relationships with the unofficial debian-multimedia.org (d-m.o) repository, that have been a cause of tension for Debian multimedia users and maintainers for quite some time. On behalf of the team and of the Project I've now reached out to the d-m.o maintainer, hoping to come to some sort of amicable agreement on which packages belong where. Hardware replacement As anticipated in last report, I've started approving hardware purchases to implement the yearly hardware replacement plan prepared by DSA. During April I've approved requests to buy servers to replace the machines running the bugs-master, bugs-mirror, and UDD services. The total expected expenditure is about 15'000 USD. Communication I've delivered my classic Debian "18^W 19 years" talk at UNIVPM, a polytechnic university in center Italy; slides are available. I've then been contacted by people from the European Synchrotoron in Grenoble who, beside having recently migrated their infrastructure to Debian, are looking into organizing a workshop on Debian usage for large science facilities. I've been happy to help out providing a list of potential topics and speakers for the event. Also as anticipated last month, the Debian Project has been present at the OpenStack summit. Loic Dachary has represented Debian at the event and provided a nice report about his experience there. Speaking of which, I've also coordinated a news release about the availability of cloud technologies in Wheezy, taking the chance to point out the relationships between what Debian stands for and the ability to deploy your own private cloud. Sprints April has been a rather calm month on the sprint front, with the notable exception of the I18n team who is organizing a sprint for June in Paris. Miscellanea

• Google Summer of Code (GSoC) has now started and for Debian is already quite a success. Wrt last year we doubled the number of student applications and we jumped from 9 to 15 approved projects. More details about Debian in GSoC have been posted by Ana. I encourage all of you to take the chance of GSoC to bond with students and show them how nice is the Debian community to work with: that's the prime trait we need to exhibit to make sure we'll always have enough volunteers to run the Debian Project.
• The one month notice before opening up LDAP dnsZoneEntry has expired and the field has now been opened by DSA. Practically, this means that the full listing of *.debian.net entries can now be queried publicly via LDAP. If anyone would be so kind to provide a script that does so and produce a nice looking HTML index, we can now publish it somewhere and replace the perennially out of date wiki index

Thanks for reading thus far,
HDH! (Happy Debian Hacking)

---

PS the boring day-to-day activity log for April is available at master:/srv/leader/news/bits-from-the-DPL.txt.201204

Debian, free software, and critical consumption As mentioned in my last report, about a month ago I've been interviewed (in Italian) for la Repubblica, a major general-interest Italian newspaper. Matteo Cortese has kindly contributed an English translation of the interview (thanks!), which I've just made available. If you're a Free Software enthusiast, there is probably nothing new in there for you. But for a different public the story is quite another. In many countries it is still very difficult to find room on general-interest newspapers to explain why Free Software matter to people, and how not caring about it will lead consumers to progressively lose their rights while software become more and more common in the stuff they buy. So many thanks to journalist like Giulia Belardelli who show a genuine interest in these topics and try to bring them "to the masses".

Posted a week ago, already deferred back then, this report is even more deferred now! But as there are people interest in knowing what the "DPL job" is about even among non debian-devel-announce subscribers, here is a blog-conveyed reproduction, for the records.

---

Dear project members,
here is my monthly DPL activity report, this time for last March. It is delayed by a couple of weeks because, myself being both incumbent and candidate DPL, I preferred not to use d-d-a during the voting period unless really needed. Apologies for the delay (or the unneeded paranoia, you name it). As a side effect of the delay, the results of the DPL election are now known. I'd like to thank all the people who took part in the elections: voters, people who asked questions on -vote, the secretary, and obviously Gergely and Wouter, without whom the campaign wouldn't have allowed to discuss relevant aspects of Debian "politics". Thanks for your trust. I'll do my best to match your expectations. ... and just to remind you what you've just asked for, here goes the BigMonthlyBlurb! Highlight: long-term hardware replacement planning The highlight for this month is long term planning of hardware replacement. It's something I've been discussing with DSA for quite a while and on which DSA has worked hard during the recent sprint. As a result, we now have a quite ambitious 5-year hardware replacement plan that will guarantee that all machines in production are under warranty at any given time (with the nice side effect of generally better performances, as they go hand in hand with newer hardware). The current estimated cost per year is 29'000 USD. That does not yet include buildds and porter-boxes, so it is expected to increase a bit to cover all our hardware needs. But we expect it not increase too much, as we tend to get explicit hardware donations to cover arch-specific needs. Given the current state of Debian finances and donation trends, the plan looks sustainable for at least 2-3 years. But this assessment still needs to be refined as soon as, together with the auditors, we'll manage to obtain the history of past Debian transactions, in particular from SPI. We've been waiting for this for about 5 months now, but I'm positive it could become a reality in the next weeks. In the meantime, it is surely safe to start with the plan for the next 1-1.5 years, so I'll give green light to DSA for the first acquisitions as soon as they're ready for it. When implemented, this plan will increase our ability to rely on hardware. But it also means we will need to become a bit more organized about fund-raising. The discussion started with the sprint report has some insights about how to do that. As part of this, we'll also need to share resources (e.g. contact databases, people, etc.) among the yearly DebConf fund-raising initiatives and the initiatives mentioned in the aforementioned discussion. Ongoing discussions

• A couple of important clarifications on how to deal with trademark-encumbered software in the Debian archive have been posted to -project. It seems to me there might be consensus on the overall topic, but we need to write down guidelines for maintainers (and possibly a project position statement?). I could use some help on that front, so if you've followed the discussion and/or have an interest in trademark and free software, please get in touch.
• To put an end to the long and glorious life of DEP-5, I've marked it as ACCEPTED given that it has been "implemented" in February via inclusion in the debian-policy package. You still have some time to port your debian/copyright-s to it before the Wheezy freeze.
• I've been contacted by the DuckDuckGo about a revenue sharing agreement for the inbound traffic they already get from Debian browsers. I've informed -project proposing to accept it and that has spawned a discussion that has won us an LWN article. I haven't yet summarized the thread proposing a way forward; I'll do so shortly.
• as part of a discussion on unofficial "debian" repositories, I've proposed to open up the list of *.debian.net domains. As nobody disagreed, consensus has been quickly reached and the announced change is now imminent. Thanks to Carsten Hey and Gerfried Fuchs for their help in figuring out the details of the last discussion on the matter and DSA for their feedback.

Summer of Code Debian has been accepted as an organization for the Google Summer of Code. At the time these bits go out, the student application deadline has also elapsed. In March I've contributed a few project ideas and chased potential mentors for them, when I thought the project could be important for Debian and the prospective student. I'm happy that one (a dak building block needed for the implementation of PPAs and more) has found both mentors and students. We'll see if any of the corresponding student proposal is retained and how it goes. Communication I've given an interview, about Debian and Free Software in general, to La Repubblica, one of the major newspapers in Italy. The interview is available online, but only in Italian. If some kind (and Italian-speaking) soul would like to translate it into English, I'll be happy to publish the translation as well. (update 22/04/2012: Matteo Cortese has contributed an English translation of the interview, which I'll make available shortly) Legal stuff In order to transfer ownership of the Debian trademark in Japan to SPI, I've contacted the current owners (all Japanese Debian Developers or contributors) to do the needed paperwork. I've been blessed by the help of Kenshi Muto that has taken the matter in his hands. He is now navigating through Japanese trademark procedures, a subject neither myself nor SPI lawyers were familiar with. Thanks also to Jonathan McDowell who has done the needed paperwork, SPI-side. Sprints Plenty of sprints and sprint reports in March!: Debian Med, DSA, DAM/FrontDesk. Everything should also be available from the wiki sprint page where you can find info to organize your team sprint. Assets miscellanea

• I've signed the annual memorandum of understanding with the financial entity that will help us with local expenditures for DebConf12 in Nicaragua. This year is ISIC, with whom we have an important trust path via Norman Garcia Aguilar, member of the DebConf orga team.
• After discussion with auditors, we've resolved to set a 1 year deadline for reimbursement requests. The reason is that it's a PITA to keep track of longer-running requests (yes, they do happen!) and they add uncertainty to our available finances. There can be exceptions, but please help on this front by timely requesting reimbursements after travels or other expenses.

Cheers.

---

PS the boring day-to-day activity log for March is available at master:/srv/leader/news/bits-from-the-DPL.txt.201203

So, the vote is over, and Stefano won. During many past DPL elections, I've made my vote public, and this one is no different:

V: 1223 		597c362e6156ec7e37b334837161da26

That's me, in this list. Obviously I wouldn't run if I'm not serious about it, so I voted myself first. As to the other part: I thought long and hard about that, but eventually came to the conclusion that both Stefano and Gergely had properties as a candidate that I liked, and properties that I didn't like, and that therefore I couldn't prefer either of them over the other. I found Gergely's platform to be fairly similar to my own, which is a good thing; but there were a few details that made me have some pause about his candidacy. And while I stand by the things I said during campaigning about Stefano as a DPL, the truth is that the project could be far worse off than to have him re-elected. As to the outcome... I can't say it's entirely unexpected. I knew it was a long shot even before I started, and then campaigning didn't excactly go as I would have hoped. I expected to lose, but not by such a margin what Stefano did wasn't winning, it's called 'trashing the opposition'. Congratulations, zack, for a truly exceptional performance; and thanks, also to Gergely, for being a worthy opponent. In closing, I'll say that I don't think I'll run again. I've gone through the process three times now, and have never gotten very close to winning; this probably means that what I feel about the position of DPL is somewhat removed from what the project as a whole thinks about it. So, absent some radical changes in either the project itself or in the way I look upon it, another candidacy from me is highly unlikely. I guess I'll have to find other ways to spend my time...

another weekend, another RCBW report:

• #387756 crack-common: "crack: Do not expect the /var/run/ content to persist"
  apply patch from Georgios M. Zarkadas, upload to DELAYED/2
• #655329 src:libperl5i-perl: "libperl5i-perl: FTBFS: Failed test at t/utf8.t line 23"
  add patch from upstream git (pkg-perl)
• #655844 quassel-core: "quassel-core: fails to upgrade from squeeze"
  fix preinst script, upload to DELAYED/2
• #664939 src:egenix-mx-base: "egenix-mx-base: FTBFS with Python 2.7.3: ImportError: cannot import name customize_compiler"
  add patch from Ubuntu / Colin Watson, upload to DELAYED/2
• #665083 src:kdepim: "kdepim: FTBFS: cp: cannot stat debian/tmp/usr/lib/libakregatorinterfaces.so.4.6.0': No such file or directory"
  send patch to the BTS
• #666278 src:polybori: "polybori: FTBFS: mv: cannot stat debian/python-polybori2.7/*': No such file or directory"
  add build-arch target in debian/rules, upload to DELAYED/2
• #666279 src:ulogd: "ulogd: FTBFS: cp: cannot stat ./debian/tmp/usr/lib/ulogd/ulogd_SQLITE3.so': No such file or directory"
  add patches from from Ubuntu / Clint Byrum, upload to DELAYED/2, then integrated into an NMU by bubulle that adds debconf translations
• #666283 src:proftpd-mod-msg: "proftpd-mod-msg: FTBFS: mod_msg.c:314:5: error: format not a string literal and no format arguments [-Werror=format-security]"
  add patch to add missing format string, upload to DELAYED/2
• #666284 src:avbin: "avbin: FTBFS: make[1]: *** No rule to make target Makefile.'. Stop."
  sponsor NMU by Sebastian Ramacher, upload to DELAYED/2
• #666285 src:garlic: "garlic: FTBFS: cp: cannot stat ./garlic': No such file or directory"
  add build-arch target in debian/rules, upload to DELAYED/2
• #666295 src:scotch: "scotch: FTBFS: cp: cannot stat debian/tmp/int/bin/scotch_esmumps': No such file or directory"
  fix target dependencies in debian/rules, upload to DELAYED/2
• #666296 src:scmxx: "scmxx: FTBFS: cp: cannot stat debian/debian_provider_logo.bmp': No such file or directory"
  add build-arch target in debian/rules, upload to DELAYED/2

long life to notmuch-mutt

• Bad news: I've just killed mutt-notmuch
• Good news: mutt-notmuch has been integrated upstream as a notmuch contrib script under the name notmuch-mutt
  (note the word switch, due to uniformity with other tools of the notmuch suite)
• Good news (for Debian users): starting with next notmuch upload there will be a Debian notmuch-mutt package. It will work out of the box with Mutt, without requiring any ~/.muttrc fiddling

As a consequence, no further separate releases of mutt-notmuch will be made. Future releases (of notmuch-mutt) will happen as part of notmuch. In other news, several changes have been implemented in notmuch-mutt wrt mutt-notmuch 0.2:

• move cache dir to ~/.cache/notmuch/mutt/ by default
  (Note: given that, from the point of view of notmuch, the next one will be the first release, no migration code from the previous cache location is present. Please switch to the new version and get rid of ~/.mutt-notmuch* manually.)
• support for XDG basedir, allowing to override the cache dir
• switch to String::ShellQuote for proper shell escaping in all notmuch calls
• system-wide Mutt configuration snippet for /etc/Muttrc.d/ (Debian-specific) or /etc/Muttrc

---

Many thanks to David Bremner (for shepherding my changes in) and to Ben Boeckel (whose desire to package mutt-notmuch in Fedora made me kick Debian bug #628018, this time for real).