February has been again a busy month for me. Here s a quick summary of what I did: Multi-Arch work I have spent many days implementing and refining dpkg s Multi-Arch support with Guillem Jover (dpkg co-maintainer) and Steve Langasek (beta-tester of my code ). Early testers can try what s in my latest pu/multiarch/snapshot/* branch in my personal git repository. A Debian DVD shop I m always exploring new options to fund my Debian work (besides direct donations) and this month with the Debian Squeeze release I saw an opportunity in selling Debian DVD. Nobody provides DVD with included firmwares and quite a few people would like to avoid the SpaceFun theme. So I built unofficial Debian DVDs that integrate firmware and that install a system with the old theme (MoreBlue Orbit). Click here to learn more about my unofficial DVDs. On my blog In my People behind Debian series, I interviewed Mike Hommey (Iceweasel maintainer) and Maximiliam Attems (member of the kernel team). I started a Debian Cleanup Tip series and already published 4 installments:

• Debian Cleanup Tip #1: Get rid of useless configuration files
• Debian Cleanup Tip #2: Get rid of obsolete packages
• Debian Cleanup Tip #3: Get rid of third-party packages
• Debian Cleanup Tip #4: Find broken packages and reinstall them

For contributors, I wrote two articles: the first gives a set of (suggested) best practices for sponsoring Debian packages and adapted my article as a patch for the Developers Reference. In the second article, I shared some personal advice for people who are considering participating on Debian mailing list: 7 mistakes to avoid when participating to Debian mailing lists.

Click here to subscribe to my free newsletter and get my monthly analysis on what s going on in Debian and Ubuntu. Or just follow along via the RSS feed, Identi.ca, Twitter or Facebook.

No comment Liked this article? Click here. My blog is Flattr-enabled.

Paul Wise called attention recently to the fact that there's renewed activity around multiarch in the face of the squeeze release. Although I fervently wish we could have gotten multiarch support into squeeze, it's better late than never; and real progress is being made now, thanks mostly to the efforts of wonderful package management experts like Raphael Hertzog, Guillem Jover, and David Kalnischkies. Don't believe it's finally coming? Here's some output from my amd64 multiarch chroot:

$ dpkg -l '*:i386'
Desired=Unknown/Install/Remove/Purge/Hold
  Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
 / Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
 / Name           Version        Description
+++-==============-==============-============================================
ii  gcc-4.5-base   4.5.2-3ubuntu2 The GNU Compiler Collection (base package)
ii  libc6          2.13-0ubuntu1+ Embedded GNU C Library: Shared libraries
ii  libdb4.8       4.8.30-5multia Berkeley v4.8 Database Libraries [runtime]
ii  libgcc1        1:4.5.2-3ubunt GCC support library
in  libpam-modules <none>         (no description available)
ii  libpam0g       1.1.2-2ubuntu1 Pluggable Authentication Modules library
ii  libselinux1    2.0.96-1multia SELinux runtime shared libraries
ii  libstdc++6     4.5.2-3ubuntu2 The GNU Standard C++ Library v3
iU  libuuid1       2.17.2-9.1ubun Universally Unique ID library
ii  selinux-utils  2.0.96-1multia SELinux utility programs
ii  zlib1g         1:1.2.3.4.dfsg compression library - runtime

If you're as excited about this making its way into Debian as I am, you might be wondering what you can do to help. That's great, because I'd love to tell you! Perhaps you happen to maintain a package that provides executables; and perhaps other packages depend on your package exclusively to use those executables; and perhaps some of those packages depending on your package are shared libraries. If all of the above is true, please consider declaring this package to be Multi-Arch: foreign as defined here. Note: it is very important that you not use this on any package that will provide architecture-dependent interfaces to its reverse-dependencies. So if you're shipping both shared libraries and executables in the same binary package, don't do this. But if your package does fit this description, this is one part of multiarch that you can safely start implementing today. This will go a long way towards getting the system ready to handle multiarch libraries when they land. My own efforts to help with getting Multi-Arch: foreign packages documented in the archive are trackable here.

So Debian squeeze has finally been released and it is time to look toward to what we might work on or want to happen for the next release, codenamed Debian wheezy. An informal discussion on IRC mentioned libburnia libraries and apps, finishing DEP5, objnam, wayland, multiarch, Matthew Palmer plans to work on netcfg, ifupdown and the KDE team plan to remove Qt3/KDE3. I personally plan to work on catching up with my packages, the removal of defoma, boosting the Debian games team, improving collaboration with derivatives, changes to the Debian wiki, reviewing more packages mentioned on debian-mentors and more. I am really excited to see the cross-distro collaboration of Enrico Zini and others in bringing application management to Linux distributions, the multiarch work by Steve Langasek and others and hopefully optimistic about the recent discussions of automated post-install testing. I probably will not work on almost all of these but I would like to see multiarch, cross compiliation, widespread systemd integration, netconf revival, porting to phones/tablets, OEM mode and media for d-i, partitioning improvments for d-i, widespread automated post-install testing, expansion of daca, deployment of debexpo, widespread adoption of PET, automated removal of bad packages, better pro-active security measures, building all packages on buildds, migration away from Debian-specific stuff in favour of cross-distro solutions, addition of new UI experiences (like MeeGo, Android, Unity, QtMoko), addition of new APIs for portability (like Android, Khronos, MacOS/iOS stuff), more interesting/weird ports, merging derivatives into Debian, better integration of Debian Pure Blends, removing non-free packages where free alternatives exist, ex-developers and MIA folks returning to Debian, expansion of the backports repository, fixes for lots of bugs and probably other things I forgot. What are you going to work on? What do you wish you could work on? What work are you hoping others will do? What work are you excited about that others are doing?

Colin Watson is not a high-profile Debian figure, you rarely see him on mailing lists but he cares a lot about Debian and you will see him on Debconf videos sharing many thoughtful comments. I have the pleasure to work with him on dpkg as he maintains the package in Ubuntu, but he does a lot of more interesting things. I also took the opportunity to ask some Ubuntu specific questions since he s worked for Canonical since the start. Read on. My questions are in bold, the rest is by Colin. Who are you? Hi. I m 32 years old, grew up in Belfast in Northern Ireland, but have been living in Cambridge, England, since I was 18. I m married with a stepson and a daughter. I became interested in Debian due to the critical mass of Debian work happening in Cambridge at the time (and perhaps more immediately because my roommate was running Debian: hey, what s that? ), started doing random bits of development in 2000, and joined as a developer in 2001 (a really exciting time, with lots of new people joining who became integral parts of the project). I d only really been intending to do QA work and various bits of packaging around the edges, and maybe some work on the BTS, but then Fabrizio Polacco died and I took over man-db from him, and it sort of snowballed from there. I graduated from university shortly before becoming a Debian developer. I worked for a web server company (Zeus), then a hardware cryptography company (nCipher), before moving to work for Canonical in 2004, since when I ve been working full-time on Ubuntu. By this point, I suspect that going back to work in an office every day would be pretty tough. What s your biggest achievement within Debian or Ubuntu? One thing I should say: I rarely start projects. Firstly I don t think I m very good at it, and secondly I much prefer coming on to an existing project and worrying away at all the broken bits, often after other people have got bored and wandered off to the next new and shiny thing. That s probably why I ended up in the GNU/Linux distribution world in the first place, rather than doing lots of upstream development from the start I like being able to polish things into a finished product that we can give to end users. So, I ve had my fingers in a lot of pies over the years, doing ongoing maintenance and fixing lots of bugs. I think the single project I m most proud of would have to be my work on the Debian installer. I joined that team in early 2004 (a few months before Canonical started up) partly because I was a release assistant at the time and it was an obvious hot-spot, and partly because I thought it d be a good idea to make sure it worked well on the shiny new G4 PowerBook I d just treated myself to. I ended up as one of the powerpc d-i port maintainers for a while (no longer, as that machine is dead), but I ve done a lot of core work as well: much of the work to put progress bars in front of absolutely everything that used to have piles of text output, rescue mode, the current kernel selection framework, a good deal of udev support, several significant debconf extensions, lots of os-prober work, and I think I can claim to be one of the few people who understands the partitioner almost top to bottom. d-i is the very first thing many of our users see, and has a huge range of uses, from simple desktop installs to massive corporate deployments; it s unspeakably important that it works well, and it s a testament to its design that it s been able to trundle along without actually very much serious refactoring for the best part of five years now. I have a soft spot for man-db too. It was my first major project in Debian, starting out from an embarrassingly broken state, and is now nice and stable to the point where I recently had time to spawn a useful generic library out of it (libpipeline). What are your plans for Debian Wheezy? d-i has a lot of code to deal with disks and partitions. Of course a lot of it is in the partitioner, and for that we use libparted so we don t have to worry very much about the minutiae of device naming. But there are several other cases where we do need to care about naming, mainly before the partitioner when detecting disks, and after the partitioner when installing the boot loader. Back in etch, we introduced list-devices , which abstracted away the disk naming assumptions involved in hardware detection. In wheezy, I would like to take all the messy, duplicated, and error-prone code that handles disk naming in the boot loader installers, and design a simple interface to cover all of them. This has only got more important following the addition of the kFreeBSD and Hurd d-i ports in squeeze, but it bites us every time we notice that, say, CCISS arrays aren t handled consistently, and it s a pain to test all that duplicated code. I d also like to spread the use of libpipeline through C programs in the archive, which I think has potential to eliminate a class of security vulnerabilities in a much simpler way than was previously available. If you could spend all your time on Debian, what would you work on? I would love to systematically reduce the need for the current mass of boot loaders. There s a significant cost to having so much variation across architectures here: it s work that needs to be done in N different places, the wildly differing configuration means that d-i has to have huge piles of code to manage them all differently, and there are a bunch of strange arbitrary limitations on what you can do. The reason I m working on GRUB 2 is that, in my view, it s the project with the best chance of centralising all this duplicated work into a single place, and making it easier to bring up new hardware in future (in a way that doesn t compromise software freedom, as many proprietary boot loaders of the kind often found on phones do). Of course, with flexibility tends to come complexity, and some people have a natural objection to that and prefer something simpler. The things I don t quite have time to do here are to figure out a coherent way to address the specific over-complexity problems people have with the configuration framework while still keeping the flexibility we need, and to do enough QA and porting work to be able to roll out GRUB 2 at installation time to all the Debian architectures it theoretically supports. What s the biggest problem of Debian? Backbiting, and too much playing the man rather than the ball. With one or two honourable exceptions, I ve largely stopped reading most Debian mailing lists since it just never seems a productive way to spend time compared to writing code and fixing bugs; and yet I m conscious that they re one of the primary means of communication for the project and I m derelict in not taking part in them. I do find it a bit frustrating that people are seen primarily in terms of their affiliations. I suppose it s natural for people to see me as an Ubuntu guy , but I don t really see myself that way: I ve been working on Debian for nearly twice as long as I ve been working on Ubuntu, and, while I care a great deal about both projects, I ve put far more of my own personal time into Debian and I try to make sure that a decent number of the things I m involved with there aren t to do with work. Work/life separation is a good thing, not that I m very good at it. Generally speaking, when I m working on Debian, I m doing so as a Debian developer, because I want Debian to be better. When that s not the case, if it matters, I try to indicate it explicitly. You re working for Canonical since Ubuntu s inception. If you were Mark Shuttleworth, is there something that you would have done differently? We had many good intentions when we founded Ubuntu. We also had a huge amount of work to deliver, to the point where it wasn t at all clear whether it would be possible (the warty release was named based on the expectations of it, after all, and came out much more usable than we d dared to hope). In hindsight, it might have helped to be quieter about our good intentions, so that we could exceed expectations rather than in some cases failing to meet them. That might have set a very different tone early on. (Personally, I m happy I m not Mark. The decisions in my office are much easier to take.) It seems to me that the community part of Ubuntu is much more eager to cooperate with Debian than the corporate part. It s probably just that more and more Canonical employees are not former Debian contributors. Do you also have this feeling? Are there processes in place to ensure everybody at Canonical is trying to do the right thing towards Debian cooperation? Just to be clear, I m wearing my own hat here which, ironically, is a fedora rather than a company hat. It makes sense for Canonical to be taking on more non-Debian folks; after all, we can t simply hire from the Debian community forever, and a variety of backgrounds is healthy. As you say, it may well be natural that Ubuntu developers who don t work for Canonical are more likely to have a Debianish background, as it tends to take something significant to get people to switch to a very different family of GNU/Linux distributions, and changing jobs is one of the most obvious of those things. Certainly, there was a definite sense among the early developers that we were all part of the Debian family and cared about the success of Debian as well. As Ubuntu has developed its own identity, people involved in it now tend to care primarily about the success of Ubuntu. At the same time, pragmatically, it s still true that getting code changes into Debian is one of the most economical ways to land them; changes made in Debian or upstream land once and tend to stay in place, while changes made only in Ubuntu incur an ongoing merge overhead, which is not at all trivial. In many ways it s human nature to try to fulfil your immediate goals in the most direct way possible. If your goal is to deliver changes to Ubuntu users, then it s natural to concentrate on that rather than looking at the bigger picture (which takes experience). Debian developers often fail to send changes upstream for much the same reason, although there s more variation there because they re normally working on Debian of their own volition and thus tend to have wider goals; the economics are more or less parallel though. Thus, I think the best way to improve things is to make it the path of least resistance for Ubuntu developers to send changes to Debian. We re already seeing how this works with the Ubuntu MOTU group; if you send a patch for review, or work on merging a package from Debian, very often the response includes have you sent these changes to Debian? . We re working on both streamlining our code review through a regular patch pilot programme and requiring more code review for changes in general, so I think this will be a good opportunity to ask more people to work with Debian when they propose changes to Ubuntu. For myself, this may be obvious, but I notice that I m much better at getting changes into Debian when I already have commit access to the Debian package in question. All the work on improving collaborative maintenance in Debian can only help, for Ubuntu as well as for everyone else. It doesn t make so much difference for large changes that require extensive discussion, but there are lots of small changes too. Canonical is upstream of many software projects (unity, indicators infrastructure, etc.). Why aren t those software immediately packaged in Debian? Do you think we can get this to change? I m not sure what the right approach is here, particularly as I haven t been involved with much of that on the Ubuntu side. I suspect it would be helpful to look at this in a similar way to Ubuntu changes in general. It s understandable that those developers have getting changes into Ubuntu as their first goal. And yet, having code in Debian offers a wider, and often technically adept, audience, and most developers like having their code reach a wider audience even if it s not their first priority, particularly if that audience is likely to be able to help with finding problems and fixing bugs. It should be seen as something beneficial to both distributions. The hardest problems will be with things that aren t merely optional add-ons (which should generally be fairly non-controversial in Debian, given the breadth of the archive in general the existence of things like bzr and germinate as Debian packages was never a hard question), but which require changes in established packages. For example, gnome-power-manager in Ubuntu is built with application indicator support, and that s an important part of having a good indicator-based panel: a lot of the point of indicators is consistency. Since I do very little desktop work myself, I don t know exactly what would be involved in making it possible to choose this system based on a Debian desktop, but I think it s probably a bit more complicated than just making sure all the new packages exist in Debian too. Obviously you have to start somewhere. Is there someone in Debian that you admire for his contributions? Christian Perrier is absolutely tireless and has done superb things for the state of translations in Debian. And Russ Allbery, even aside from his fine ongoing work on policy, Lintian, and Kerberos, is a constant voice of sanity and calmness. Release management is incredibly hard work, as I know from my own experience, and anyone who can sustain involvement in it for a long period is somebody pretty special. Steve Langasek and I got involved at about the same time but he outlasted me by quite a few years. He deserves some kind of medal for everything he s done there.

---

Thank you to Colin for the time spent answering my questions. I hope you enjoyed reading his answers as I did. Subscribe to my newsletter to get my monthly summary of the Debian/Ubuntu news and to not miss further interviews. You can also follow along on Identi.ca, Twitter and Facebook.

11 comments Liked this article? Click here. My blog is Flattr-enabled.

Buying a ThinkPad? Don't buy one with this wireless chipset. "ThinkPad wireless" is apparently code for "poorly supported RealTek chip". If you do end up with one of these chips (perhaps you failed to notice the addition of a new option on the website before the time you spec'ed out your new laptop and the time you ordered it; perhaps you assumed it was iwlagn by default; who can say?), you may be treated to such issues as a lack of rfkill interface support, a driver that needs to be hard reset about once an hour to continue to be able to see APs, a kernel panic if you try to run powertop... or maybe a mysterious bug that prevents the wireless card from transmitting packets to a VoIP server, with 100% reliability. And after you wear yourself out from laughing at the Lenovo sales rep's suggestion that you could pay a 15% restocking fee and reorder another laptop that costs $40 more to get the Intel Centrino option when that same Centrino card can be found on-line for $40 by itself, you might decide to order an Intel Centrino Ultimate-N 6300 from a third party, the same card that's advertised on Lenovo's website as an option for the X201, and install it yourself. And that's when the fun would start. Did you know that it's common practice for laptop OEMs to hard-code a whitelist of authorized wifi (and 3G) cards in the BIOS, and refuse to boot with an unrecognized card - nominally to ensure no one can combine a wireless adapter with their hardware antennas to create a transmission device that violates FCC regulations? And that these same OEMs may have different PCI subsystem IDs for the cards they ship than are used for the ones you can buy retail from third parties? I did not know that. Apparently some people knew that because they had tried this before, but I missed that memo, having never before needed to combine a laptop and a wifi card from different vendors. Here, gentle reader, is a memo. You're welcome. Hacking the ThinkPad BIOS So although this feature was news to me, it was not news to the Internet at large. A quick search on the BIOS error message quickly turned up a relevant description of the problem, as well as pointers to some options for fixing (in the veterinary sense) the whitelist checking in the ThinkPad BIOS. It's great to be part of such a large community of ThinkPad-using Free Software hackers looking out for each other (and not taking "no" for an answer from their BIOS)! But wait, none of the methods described on that page for modifying your BIOS (or bypassing the check by moving the card to a different slot, or taping over one of the pins, or...) work on the X201! As Matthew summarized it, things are more difficult for "anything with three digits or starting with a six". Fortunately, another hint from Matthew took me to the website of a guy who's been providing fixes for this BIOS issue for the past couple of years. Hmm, but the X201 is a bleeding-edge new model and isn't on his list of models that he's patched the BIOS for. Well, fortunately there's a step-by-step howto here that I can follow here to do it myself... grab the latest BIOS image from the vendor's website; decompress the image with phcomp.exe (oh Wine, you pair well with more than cheese); unpack the individual BIOS modules with phnxsplit; run phnxpatch to apply the binary patches, finding that the only one that applies is "wwan1a" when the issue is not with a WWAN card at all, so hand-hack the whitelist in the binary instead; use the fi.exe and fp.exe tools to add the necessary header back onto the BIOS module (after deciphering the example batch script accompanying the BIOS update and translating it into a reusable script in a real scripting language); use phnxmod to inject the newly-packaged BIOS module into the original image; call phnxcksm to update the BIOS's internal checksum; ... Uh? Phnxcksum fails, saying that there's no extended checksum field. Just how deep is this rabbit hole? How much was that restocking fee again, and how much is my time worth? But no; now it's a matter of principle. Besides, I'd rather spend my time fighting with a BIOS than having to reinstall the OS on another new machine. Which is to say that I'd rather beg the local reverse engineering experts for their time fighting with a BIOS. So now we have a BIOS image whose code we're confident has been correctly patched to bypass the whitelist, but we can't find the checksum field that our patching tools expect. Maybe we can flash this to the BIOS as is? No such luck; sure enough, we get a checksum error. Ah, but WinPhlash gives us a logfile, and shows that the failure is a per-module checksum mismatch. So where is that checksum? Oh, there it is; it's the byte labeled "data_checksum" in the module header description in phnxsplit.h, which phnxmod doesn't copy when it splices an updated module into the BIOS image. Well, could it really be as easy as updating a single byte? Yes, the BIOS utility takes it and flashes it without complaint... and the system boots afterwards! Thanks to Paul and Matthew for their great work documenting this problem in general; Zender, for tools that provide a 99% solution; and Kees and Jesse for a dazzling display of impromptu reverse-engineering. Now, to figure out how to get these tools packaged and into Debian and Ubuntu. Posted from my Centrino-wireless-using Lenovo X201 laptop.

If you do care about having good samba packages in squeeze, you can help. If you're in a hurry and don't want to read the blah-blah, just skip to the end of this story and read the last paragraph. Thanks to the confidence of the release team, we (samba packagers) have been "authorized" to upload samba 3.5.4 in unstable, thus targeting having that version in squeeze. Up to July, we were indeed targeting 3.4.8 for squeeze, on the assumption that, as usual, samba upstream releases need some maturation before being strong guarantee that no regression happens. In July we were ready to move and finally upload in unstable the 3.5 packages we kept in experimental until then. The final decision was to be taken during DebConf10. It was roughly taken with Steve Langasek, but....I couldn't upload immediately (most people know that working on major packages during DebConf is a dream)...and had holidays afteer. In the meantime, the freeze happened so we got theoretically screwed... Still, I could manage to convince the release team that long term support for samba 3.5 will certainly be better than 3.4...and that functionality in that version (particularly several Win7-related fixes and a much improved code for printing support) and we got a notice "please upload to unstable and come back to us in a few weeks". That happened, finally. So, now, we need YOU, samba users and admins, to test these packages. Merging our packaging branches was hard (thanks, Steve Langasek, for your help) and glitches are always possible. So, please TEST these packages by installing samba, winbind, libsmbclient and friends from unstable....and report bugs, preferrably the release critical ones....

...awesome. OK, I'm writing this while I'm still in USA, but there are so many things to say about these weeks that I can't write them in only one blog post. And, still, this one will be quite long as it will talk about hacking, running and sightseeing...:) Let's start about hacking: after all, this is the first reason for being there in US, isn't it? I cam to DebConf with a very long TODO list and, for the first time in seven DebConfs, I'm pretty happy with what I achieved from it:

• samba packages
  • I (shortly) discussed with Steve Langasek about samba packages. He will have to talk with upstream about 3.6 that unexpectedly drops symbols in libraries , so that we can upload it in experimental (and probably also offer a lenny backport)
  • We didn't decide yet about the version to have in squeeze. I know, the freeze happened in the meantime, so we should stick with 3.4.8 but I'm more and more convinced that we should have 3.5.4 instead as upstream should stop supporting 3.4 security-wise around June 2011. I think I can convince the Release Team that 3.4-3.5 upgrade is not to be disruptive with the freeze.
  • I hopefully fixed the 3.5.4 packages for lenny which we have in our unofficial repository at http://pkg-samba.alioth.debian.org. I didn't take time to check this properly, though, so feedback will be appreciated.
• Pootle/translate-toolkit/virtaal
  • These are usually maintained by Nicolas Fran ois but he has no time for them. So, I agreed with him that I would release new upstream versions
  • pootle 2.0.5 is now in unstable. I have to work on an RC bug, still
  • translate-toolkit 1.7.0 is now in unstable too
  • virtaal: I began working on new upstream release packaging
  • backporting: I planned to backport translate-toolkit and pootle as there is a strong demand for them for lenny servers but the above mentioned RC bug prevented me to do so
• D-I work
  • I partly reviewed and corrected the D-I l10n documentation
  • I reviewed and activated new debconf templates added by Otavio Salvador and Daniel Baumann to live-installer, then called for their translation
  • Support for locales with "@" in their name in localechooser: I looked at this but I need someone more clever than me in shell scripting to fix that. Until that's done, I deactivated Serbian (Latin), unfortunately.
• Various packaging work
  • New release for console-data (mostly l10n stuff aimed for D-I)
  • Uploaded ttf-dzongkha and ttf-inconsolata to s-p-u to fix two RC bugs in stable
  • Polish tasksel and have Otavio to upload it
  • Checked my own packages against Rhonda's list of RC bugs in stable
• Localization work
  • Pootle upstream French translation completed, for 2.1.0
  • Cleaned out the tracking robot for French l10n in Debian

As one can see, a lot of planned work happened while I still could maintain the usual flow of recurrent work with localization (Smith reviews, l10n NMUs). Some asked me why I didn't propose l10n sessions this year. Indeed, I wasn't feeling I could sustain animating them and I had no clear idea about which topic I could bring to be discussed. Last year, these sessions slightly killed my free time and I wanted to keep some this year for "impromptu" things. I didn't attend many talks, sorry for the speakers. The most I attended were during Debian Day, which I found highlyinteresting and motivating, just like Eben Moglen's talk. Marga's talk was also one I wanted to attend, though I regreted that things went mostly out of control during the talk (too many comments from the audience to allow Marga pushing her important points). As usual, I invested a big part of my time in "social" activities, the most proeminent being of course the Cheese and Wine party, which turned ut to be a great success. The help of my son Jean-Baptiste and the tremendous support of Michelle Lynn Hall helped a lot, though I still regret that we screwed about accessibility. I also ran a lot..:-)..that may be counted as social activities as I organized several group runs. The one I'm proud of has been participating to a local race, namely the Van Cortland Track Club Summer Series of cross-country running, in Bronx. We went there with no less than 10 DebConf participants and 1 kilt (hey, Luca!). All of us completed the race (that had 170 runners for 5 kilometers) and No l K the even finished 17th scratch and 2nd in his age/gender category. Besides that, we had a great run/sightseeing to Georges Washington Bridge (that links New Jersey and Harlem and offers an unusual view of Manhattan "from behind"). All this with a 17km run. We also ran several times in Central Park, and No l and me happened to go to Coney Island for the Day Trip by doing half of the trip by running (all around Manhattan and over the Broolyn Bridge), for about 20km. Then we "showered" in the Atlantic Ocean....:). At the end of DebConf, I think that I had my record broken with 112km run in 10 days and only one day *without* running. What about sightseeing? Well, this blog post is too long and we reach the end of Interstate-90, close to Albany, so that will be for an upcoming blog post. Aug 25th update: back home, so now I can publish this blog post...

Robert Collins did a very nice writeup not so long ago of creating a Debian package with bzr-builddeb, but he starts from the assumption that upstream also uses bzr. As we all know, there are many projects that have their upstream sources in a VCS, but don't use bzr. Can we still get reasonable results from bzr-builddeb, including the ability to merge new upstream releases direct from the VCS, if, say, upstream is using git? Yes, we can! Of course, if you're happy with using git as the VCS for your Debian packaging already, there's probably no compelling reason for you to switch to bzr. But if you prefer to use bzr and have been frustrated at having to choose between being able to use the VCS client of your choice for your packages and being able to use your VCS client to access upstream revision history, read on. Thanks to the fine work of Jelmer Vernooij and friends, bzr-git has been usable for a while if you just want to track the default git branch. But what if you care about tracking multiple upstream branches? Enter bzr git-import, which we'll use to set up a bzr repo from scratch for our cifs-utils package, with a full import of all the branches of upstream's git tree. First we do some work to set up a shared bzr repository. As long as we're going to the effort of mirroring all the git branches, we probably want to publish them for other people to use, so we make sure our bzr repository is reasonably configured for sharing data between branches:

$ bzr init-repo --no-trees cifs-utils.server
Shared repository (format: 2a)
Location:
  shared repository: cifs-utils.server
$ cd cifs-utils.server

Then we use bzr git-import, provided by the bzr-git plugin, to do a full import of the upstream branches into a cleverly named subdirectory:

$ bzr git-import git://git.samba.org/cifs-utils.git upstream
[/                   ] Counting objects: 181, done.

Now we create our own local 'trunk' for the package, by branching from the upstream tag matching the release version we're going to package.

$ bzr branch -r tag:cifs-utils-4.0rc1 upstream/HEAD trunk
Branched 42 revision(s).

Do a little more prep work for future branches...

$ mkdir branches

And that's it. Now we have a bzr repo locally that we can push out to our hosting server of choice (N.B.: we could do this all directly on the server, but alioth doesn't currently have bzr-git installed):

$ rsync -az . alioth.debian.org:/bzr/pkg-samba/cifs-utils/
$

Now that we have a bzr repository, it's time to get ourselves a working directory and do some packaging. We're probably going to work with multiple branches locally as well, so we create another shared repository for local use, and get a copy of the trunk branch we created before.

$ bzr init-repo cifs-utils
Shared repository with trees (format: 2a)
Location:
  shared repository: cifs-utils
$ cd cifs-utils
$ bzr co bzr+ssh://bzr.debian.org/bzr/pkg-samba/cifs-utils/trunk

Now we grab the upstream tarball, and whip up some quick packaging with (what else?) debhelper 7:

$ wget ftp://ftp.samba.org/pub/samba/cifs-utils/cifs-utils-4.0rc1.tar.bz2
$ ln -s cifs-utils-4.0rc1.tar.bz2 cifs-utils_4.0~rc1.orig.tar.bz2
$ cd trunk
$ mkdir -p debian/source
$ echo '3.0 (quilt)' > debian/source/format
$ echo 7 > debian/compat
$ cp /usr/share/doc/debhelper/examples/rules.tiny debian/rules
$ dch --package cifs-utils --versio 4.0~rc1-1 --create 'Initial package'

Create debian/control by hand, generate an initial source package, and import it into bzr with bzr-builddeb.

$ debuild -uc -us -S -i
$ rm -r debian
$ bzr import-dsc ../*.dsc
$

Since we want to continue tracking upstream development, we need to periodically sync our bzr import of the git tree.

$ bzr git-import git://git.samba.org/cifs-utils.git bzr+ssh://bzr.debian.org/bzr/pkg-samba/cifs-utils/upstream
$

And when we find a new upstream version in that import that we want to package, bzr-builddeb makes this a snap, too.

$ cd cifs-utils
$ wget ftp://ftp.samba.org/pub/samba/cifs-utils/cifs-utils-$version.tar.bz2
$ cd trunk
$ bzr merge-upstream --v3 --version $version_with_epoch \
    ../cifs-utils-$version.tar.bz2 -r tag:cifs-utils-$version \
    bzr+ssh://bzr.debian.org/bzr/pkg-samba/cifs-utils/upstream/HEAD
No distribution specified, and no changelog, assuming 'debian'
Committing to: /tmp/tmpbzOVMs/upstream/
Committed revision 2.
All changes applied successfully.
The new upstream version has been imported.
You should now review the changes and then commit.
$ bzr diff
<review changes>
$ bzr commit -m "merge upstream $version"
Committing to: bzr+ssh://bzr.debian.org/bzr/pkg-samba/cifs-utils/trunk
modified debian/changelog
Committed revision 50.
$

And that's it! It's exciting to see signs of real interoperability between DVCSes at last. Thanks to everyone who's helped make it possible!

Steve Langasek:

As a developer, how do you embody the spirit and culture that has made Debian a great operating system? If elected DPL, how will you inspire the same in others?

I do not believe that there is any one single spirit or culture that has made Debian great, never any truly united community. With contributors from various places around the globe, we have a melting pot of different cultural viewpoints. Furthermore we have people doing things for a variety of reasons, some more selfish than others. The interplay between these differences has led to tension, and it has also led to greatness. I am certain that some of the great things in Debian have come to pass borne out of anger and hatred. We have had shifts in cultural norms over the years. When I joined the project, it was considered highly controversial to use the word fuck . Many community members would scream at anyone who did that, rudely sending private emails to admonish them. Eventually, enough anti-censorship people joined that the political tide turned, and many of the people offended by the use of the word fuck quietly faded away. We effectively disenfranchised them. Now the pendulum may be swinging in the other direction, and if it does, we can expect the same sorts of tensions and the same sorts of attrition. Perhaps this is part of the natural cycle of things, perhaps not. So if I list what I do or what I try to do, I do not believe it adequately answers the question. I think that Debian is superior for technical excellence and cohesive policy, so I try to do my part to meet those standards. I think that Debian is great for being a good Free Software Citizen, so I try to forward relevant bugs and patches upstream. I think that Debian is great for not being fully beholden to corporations, other financial interests, or dictatorial personalities, so I try not to encourage that sort of thing. I think that Debian is greater because of a few team efforts, so when someone tries to set up a worthwhile endeavor, I feel some compulsion to join in or at least be supportive. I think that Debian is greater because of some commitment to transparency, so I try not to do anything important behind closed doors, and even when I assume that something is transparent enough because it has been discussed only in public channels, and someone yells at me for hypocrisy, I try to increase the distribution of that information to a level that people feel is appropriate. As DPL I would try to set a good example by not being a hypocrite about any of the things I think are important to Debian, and would try to inspire an atmosphere of more teamwork, cooperation, and empowerment. I think that this could be revitalizing. Alexander Reichle-Schmehl:

Suppose that you would not run for DPL: Who would you vote and why?

I am not sure of how I will be voting. Each of the candidates had said things that I like, and each of the candidates has said things that I dislike very much. I am choosing not to get into specifics here, because I do not consider it appropriate or ethical to try to affect other people's votes in that manner.

Tollef forced me to take over libpam-passwdqc after I had reported bug #517967. passwdqc is a toolset that can be used to enforce password strength policies at exactly the right place: there s a PAM module, and with the next version, you can also use a library and command-line tools read on below. The toolset gives administrators flexibility in defining the minimum password length based on the number of character classes a user tries to use. It also includes libpam-cracklib functionality and prevents the use of trivial passwords. I appreciate this functionality, so I had little choice but to make the best out of it:

• I uploaded libpam-passwdqc 1.0.5-1 to unstable, fixing a few bugs on the way, and bringing the packaging up to speed.
• I wrote a message to upstream introducing myself and was happy when I got an almost immediate response from two developers, suggesting that development was thriving. Yay!
• Having been pointed to the upstream CVS-Git clone, I based the packaging off the repository, rather than the tarballs. This required me to juggle directories a bit, as well as to repack the tarballs. Oh well.
• Next, I fixed the bug I reported, and now libpam-passwdqc can be installed and configured in a jiffy, thanks to Steve Langasek s impressive work on pam-auth-update. Someone also reported this feature request as LP#314775, but I don t use Launchpad, so someone else will have to triage it there.
• Finally, I imported the latest upstream work into the repository, which had me change the source package name. The benefit of version 1.1.4 in addition to improvements and bugs fixed is that the functionality is now also available through client programs in the passwdqc package, as well as in an independent C library. Due to the new packages, the upload is currently waiting in the Debian NEW queue, so hold your horses for a few days.

Debhelper 7 is really nice. Thanks, Joey.

Vincent Sanders took notes during all our meetings at the Portland Linux Plumbers Conference: Debian Kernel Group Meeting. The condensed form has been posted today as Bits from the kernel team. In the case of feedback I'd highly recommend to bring the Debian Kernel Mailinglist into the loop. The meeting decisions were done by the team as entity. Responding to the deprecation of some external patches (Vserver, Xen Dom0): None of above patches have an upstream that supported the Lenny released version. Both have troublesome bugs in Lenny and thus are not in a condition one would expect from a stable release. If you want to help and have continued release of those beyond squeeze the answer is easy: Get them merged upstream. Openvz supports Lenny linux-2.6 version actively and promised to keep up with their work for Squeeze. It has been a very productive meeting with lots of problems^Witems discussed. Interesting tracks for better cooperation between distributions, heavy technical tracks and loud BOFS. Quite some work has already been picked up since (Bug scripts, 2.6.31 experimental uploads, DEB_BUILD_OPTIONS=parallel=N support, package descriptions improvements, piuparts install fix, DFSG firmware clean, preempt, ..). So thanks a lot to Steve McIntyre (Debian Project Leader) for pushing the meeting, to Steve Langasek for setting it up on site and of course to everyone who contributed. Read aboves report for the full picture. :-)

Chris, Please note that the method you recommend for activating libpam-cracklib only applies to lenny and earlier; it's obsolete for the upcoming squeeze release (and in Ubuntu 8.10 and later), where libpam-cracklib is integrated with pam-auth-update and will be autoconfigured. Running your sed command on a squeeze system will break pam-auth-update integration, and cause the admin headaches going forward if they ever have occasion to use anything other than pam_unix for authentication. So for a squeeze system, this should be:

apt-get install libpam-cracklib

... and you're done! Actually, the package defaults in squeeze are stronger than what you've listed: libpam-cracklib will set minlen=8 by default (instead of the uselessly-weak minlen=6), and coming soon, pam_unix should default to sha512 instead of md5 for password hashing.

In the spirit of Thomas Limoncelli's Time Management for System Administrators, this is my checklist for setting up a new Debian system. I have added a few notes to the original list to justify their existence and to provide some background information. Whilst you should avoid performing repetitive interactive configuration and defer to the multitude of tools designed for this task, constructing and sharing a checklist can still be an instructive step. It can also be useful in situations where a machine has already been partly configured for you.

The first version of samba packages (2:3.3.1-1) that is different from the version in lenny (2:3.2.5-4) entered testing this week-end. The first update of samba packages that's aimed for lenny has also been accepted for the next point release of Lenny, through stabe-proposed-updates. This is version 2:3.2.5-4lenny1. It fixes two important bugs discovered after the release of lenny that potentially affect many users and were fixed upstream in post-3.2.5 releases In the constant tracking of a very active upstream, I also uploaded packages for 3.3.2 in unstable. That was quite a straightforward process, of course helped by Steve Langasek, who is a constant active support in the maintenance of samba packages. I really like the team we're having now, with Steve being very picky and motivated by quality and /me doing most of the nasty repetitive work to try saving his time for more important tasks..:-) The next plan is updating packages on backports.org. Having 3.3.1 packages in testing now allows us to upload them in lenny-backports which should be good for lenny users who want to track upstream. Finally, my proposal for a talk about "Packaging Samba for Debian and derivatives" has been accepted at Samba XP, the annual conference of Samba developers and users in G ttingen, Germany. For the first time, I'll be a speaker at this conference which I attend yearly since...it exists. My "german pilgrimage" of the year in Northern/Central Germany... Ah, and I'm still preparing for the Paris Marathon, in 3 weeks now, which I will run with Ralf Treinen and No l K the. I feel in good shape for this as, this week-end, while I promised myself to "not run for too long", I just ran 19km and felt this was a quite "short" run. Still not in the performances of Dirk who mentions that 1h36 for a semi is "good for someone who didn't train that much during winter"...but I think I'll never reach that level of performance. I should have started running long distance 20 years ago for this, I'm afraid.

Sign on the lunch buffet the other day in Berlin:

Antipasti von Aubergine, Zucchini und Champignon

Pshaw, and they say it only ever rains in Portland.

Two policy issues have been brewing in debian and I ve been mostly quiet about them because I ve been busy with TTLLP work. One is the Lenny release GR which I m still trying to make sense of. I mean: yikes! I ve been reading debian-legal and -vote for years and this ballot confuses me. I think I ll vote 5324671 but I m really not sure what that means. The other big issue is that Manoj has resigned as secretary. I think this is a good thing, if for no other reason than he s been secretary for 7 years and I feel it s not healthy for one person to hold that post too long in a thousand-strong group. I ve disagreed with Manoj about some tasks, but I didn t see any point in making this difficult job even less fun, so I stopped criticising him a while ago. Since then, my comments on the secretary s work have usually been limited to small review comments on ballots (which are then apparently ignored anyway, but at least I offer help). I m apprehensive about who will replace Manoj. In the short term, Bdale Garbee acts as secretary, but surely Bdale is busy enough already? Given his increased vote-taking activity, Neil McGovern seems a likely choice, but the work left undone after his term as SPI secretary may count against him. More generally, I think there s a problem with Debian s secretary, so anyone who would be a good secretary would probably refuse to do it as currently defined. There s an email about bundled votes and the secretary by Steve Langasek which touches on this major problem:

the secretary is the *only* line of defense against gaming of the GR process by a small group of developers who propose an uncontroversial but orthogonal amendment that will always win over the alternatives, in the process preventing the will of the project from being formally enacted

In other words, in Debian, the secretary is both secretary (usually an appointed or consensual post in most organisations, in my experience) and chairman (usually an elected post) - both doing the hard administrative leg-work and actually ruling on contentious issues, rather than just giving an opinion to the chairman. Manoj commented that he would be happy if the constitution was changed, to clarify the issue, or to explicitly add another entity to handle intepretations . Is it time to split the secretary s role?

... is to have upstream do it..:-) Apparently, yesterday, Jelmer Vernooij, member of the Samba Team and maintainer of samba4 and related packages (openchange, etc.) started some triaging of bugs of the samba package. After several years of efforts by Steve Langasek, No l K the and /me, the bug log of samba is not in a so bad shape, but, still, tseeing one of our upstream digging in our dirt is very good news... Thanks again, Jelmer. You really deserve to reach the end of your NM process, now.

Like Jaldhar, I too am thrilled at the news that McCain has chosen Palin as his running mate. Finally, a candidate who embodies the truly American spirit of the Republican party! Haven't we had enough political circus in Washington? Isn't it time to give Flying Circus a chance?

I'm back (for several days now) from Argentina and DebConf 8 to Portland. Too long a journey and too short a trip, as always. It was great to see everybody again as well as to meet a number of new folks from the local community. Here's hoping that DebConf 8 inspires more involvement in Debian from Argentina! It was my first time to this wonderful South American country, which made it even more melancholy to have to leave after such a short time and to be making this trip without Patty. Random observations about Argentina, for posterity:

• The 6-hour bus ride from Buenos Aires to Mar del Plata looks an awful lot like Iowa. Except for the occasional palm tree and the fact that it's 20 C in winter.
• Well, ok... Iowa also tends not to have quite so many cows. Or country grills (parrillas) right next to pastures...
• All the towns along the route are named after generals or colonels?
• All the police on the highway wear OSHA green vests.
• Following the German with the voluminous guidebook is an effective way to acquire generous portions of bife de chorizo.
• People from Bah a Blanca seem to have a somewhat more paranoid opinion of what constitutes a "dangerous neighborhood" than I do. :)
• "Buenos Aires" appears, I'm sad to say, to be a marketing lie. There was nothing bueno about the aire on the autopista on the ride to the airport. But the air in Mar del Plata was quite nice, and the people were the best!

As always it was a pleasure to take part in another annual DebConf, an event which is such a positive force for rejuvenating the Debian community. And BTW, Biella, NYC is not the only US city entertaining a bid for DebConf 10.