Here s my (thirty-first) monthly but brief update about the activities I ve done in the F/L/OSS world.
Debian
This was my 40th month of actively contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
There s a bunch of things I did this month but mostly non-technical, now that DC22 is around the corner. Here are the things I did:
Debian Uploads
Helped Andrius w/ FTBFS for php-text-captcha, reported via #977403.
I fixed the samed in Ubuntu a couple of months ago and they copied over the patch here.
Other $things:
Volunteering for DC22 Content team.
Leading the Bursary team w/ Paulo.
Answering a bunch of questions of referees and attendees around bursary.
Ubuntu
This was my 15th month of actively contributing to Ubuntu.
Now that I joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/
I mostly worked on different things, I guess.
I was too lazy to maintain a list of things I worked on so there s
no concrete list atm. Maybe I ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my thirty-first month as a Debian LTS and twentieth month as a Debian ELTS paid contributor.
I worked for 23.25 hours for LTS and 20.00 hours for ELTS.
LTS CVE Fixes and Announcements:
Issued DLA 2976-1, fixing CVE-2022-1271, for gzip.
For Debian 9 stretch, these problems have been fixed in version 1.6-5+deb9u1.
Issued DLA 2977-1, fixing CVE-2022-1271, for xz-utils.
For Debian 9 stretch, these problems have been fixed in version 5.2.2-1.2+deb9u1.
Working on src:tiff and src:mbedtls to fix the issues, still waiting for more issues to be reported, though.
Looking at src:mutt CVEs. Haven t had the time to complete but shall roll out next month.
ELTS CVE Fixes and Announcements:
Issued ELA 593-1, fixing CVE-2022-1271, for gzip.
For Debian 8 jessie, these problems have been fixed in version 1.6-4+deb8u1.
Issued ELA 594-1, fixing CVE-2022-1271, for xz-utils.
For Debian 8 jessie, these problems have been fixed in version 5.1.1alpha+20120614-2+deb8u1.
Working on src:tiff and src:beep to fix the issues, still waiting for more issues to be reported for src:tiff and src:beep is a bit of a PITA, though. :)
There was no new activity in Debian project funding in the two existing projects. However, there was a survey run with hundreds of Debian Developers and Debian contributors. The survey results are being collated and we will use the anonymized data to further develop the Freexian project funding initiative.
We are preparing to more broadly announce additional support for Debian 8 Jessie and Debian 9 Stretch. Now, Debian 8 can be supported until June 2025 and Debian 9 until June 2027. More information on ELTS support is available.
Learn more about the rationale behind this initiative in this article.
Debian LTS contributors
In March, 11 contributors were paid to work on Debian LTS, their reports are available below. If you re interested in participating in the LTS or ELTS teams, we welcome participation from the Debian community. Simply get in touch with Jeremiah or Rapha l if you are if you are interested in participating.
Utkarsh Gupta did 57.75h out of 59.5h assigned, carrying over 1.75 hours.
Evolution of the situation
In March we released 42 DLAs.
The security tracker currently lists 81 packages with a known CVE and the dla-needed.txt file has 52 packages needing an update.
We re glad to welcome a few new sponsors such as lectricit de France (Gold sponsor), Telecats BV and Soliton Systems.
Thanks to our sponsors
Sponsors that joined recently are in bold.
In February Rapha l and the LTS worked on a survey of Debian developers meant to solicit ideas for improvements in the Debian project at large. You can see the results of the initial discussion here in the list of ideas of which there are already over 30.
The full survey is due to be emailed to Debian Developers shortly.
Debian LTS contributors
In February, 12 contributors were paid to work on Debian LTS, their reports are available below. If you re interested in participating in the LTS or ELTS teams, we welcome participation from the Debian community. Simply get in touch with Jeremiah or Rapha l if you are if you are interested in participating.
Utkarsh Gupta did 15.75h (out of 42.75h available), thus carrying over 27h to March.
Evolution of the situation
In February we released 24 DLAs.
The security tracker currently lists 61 packages with a known CVE and the dla-needed.txt file has 26 packages needing an update.
You can find out more about the Debian LTS project via the following video:
Thanks to our sponsors
Sponsors that joined recently are in bold.
Here s my (twenty-ninth) monthly but brief update about the activities I ve done in the F/L/OSS world.
Debian
This was my 38th month of actively contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
I had been sick this month, so most of the time I spent away from system, recovering, et al,
and also went through the huge backlog that I had, which is starting to get smaller. :D
Anyway, I did the following stuff in Debian:
Uploads and bug fixes:
at (3.4.4-1) - Adding a DEP8 test for the package, fixing bug #985421.
Other $things:
Mentoring for newcomers.
Moderation of -project mailing list.
Ubuntu
This was my 13th month of actively contributing to Ubuntu.
Now that I joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/
I mostly worked on different things, I guess.
I was too lazy to maintain a list of things I worked on so there s
no concrete list atm. Maybe I ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my twenty-ninth month as a Debian LTS and eighteenth month as a Debian ELTS paid contributor.
Whilst I was assigned 42.75 hours for LTS and 45.25 hours for ELTS, I could only work a little due to being sick and so
I spent 15.75 hours on LTS and 9.25 hours on ELTS and worked on the following things:
LTS CVE Fixes and Announcements:
Issued DLA 2909-1, fixing CVE-2021-45079, for strongswan.
For Debian 9 stretch, these problems have been fixed in version 5.5.1-4+deb9u6.
In January we saw a new funded project proposed. The project is meant to bring in a number of changes to the Tryton modules and packages in Debian. Tryton, a full featured, entirely open source business software platform, is supported by its own foundation. You can track the current status of all our funded projects at its dedicated web page.
Folks continue to add to the Grow Your Ideas project page, that s great.
We continue to looking forward to hearing about Debian project proposals from various Debian stakeholders. This month has seen work on a survey that will go out to Debian Developers to gather feedback on what they think should be the priorities for funding in the project. Learn more about the rationale behind this initiative in this article.
Debian LTS contributors
In January, 13 contributors were paid to work on Debian LTS, their reports are available below. If you re interested in participating in the LTS or ELTS teams, we welcome participation from the Debian community. Simply get in touch with Jeremiah or Rapha l.
Utkarsh Gupta worked 58.25 hours out of 58.25 available.
Evolution of the situation
In January we released 34 DLAs.
The security tracker currently lists 39 packages with a known CVE and the dla-needed.txt file has 20 packages still needing an update.
Thanks to our sponsors
Sponsors that joined recently are in bold.
Here s my (twenty-seventh) monthly but brief update about the activities I ve done in the F/L/OSS world.
Debian
This was my 36th month of actively contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
Just churning through the backlog again this month. Ugh.
Anyway, I did the following stuff in Debian:
Uploads and bug fixes:
ruby2.7 (2.7.5-1) - New upstream version fixing 3 new CVEs.
Other $things:
Mentoring for newcomers.
Moderation of -project mailing list.
Ubuntu
This was my 11th month of actively contributing to Ubuntu.
Now that I ve joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/
I mostly worked on different things, I guess.
I was too lazy to maintain a list of things I worked on so there s
no concrete list atm. Maybe I ll get back to this section later or
will start to list stuff from next year onward, as I was doing before. :D
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my twenty-seventh month as a Debian LTS and eighteenth month as a Debian ELTS paid contributor.
I was assigned 40.00 hours for LTS and 60.00 hours for ELTS and worked on the following things:
(since I had a 3-week vacation, I wanted to wrap things up that were pending and so I worked for 20h more for LTS, which I ll compensate the next month!)
Issued DLA 2854-1, fixing CVE-2017-18635, for novnc.
For Debian 9 stretch, these problems have been fixed in version 1:0.4+dfsg+1+20131010+gitf68af8af3d-6+deb9u1.
Issued ELA 536-1, fixing CVE-2021-43818, for lxml.
For Debian 8 jessie, these problems have been fixed in version Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain.
Started working on src:samba for CVE-2020-25717 to CVE-2020-25722 and CVE-2021-23192 for jessie and stretch, both.
The version difference b/w the suites are a bit too much for the patch(es) to be easily backported. I ve talked to Anton to work something out. \o/
Found the problem w/ libjdom1-java. Will have to roll the regression upload.
I ve prepared the patch but needs some testing to be finally rolled out. Same for stretch.
Other (E)LTS Work:
Front-desk duty from 29-11 to 05-12 and 20-12 to 26-12 for both LTS and ELTS.
Our project funding work continues with an active bid on the work of packaging a recent gradle in Debian. This month the bidder has been estimating the scope of the entire project.
The Grow Your Ideas project page also has some ambitious initiatives that may evolve into a funded project. The project ideas on that page range from a new wiki for Debian, a more efficient reimbursement process, and the implementation of PPAs for Debian.
We continue to looking forward to hearing about Debian project proposals from various Debian stakeholders. This month has seen work on a survey that will go out to Debian Developers to gather feedback on what they think should be the priorities for funding in the project.
Learn more about the rationale behind this initiative in this article.
Debian LTS contributors
In November 13 contributors were paid to work on Debian LTS, their reports are available below. If you re interested in participating in the LTS or ELTS teams, we welcome participation from the Debian community. Simply get in touch with Jeremiah if you are interested in participating.
Adrian Bunk did 62h out of 56h assigned for November and 6h from October.
Jeremiah Foster is coordinating/managing the LTS team did 29h (out of 10h assigned and 10h from October for LTS administration), and spent 9 hours on Projects funded directly through the project funding program.
Lee Garrett did 9 hours out 60 assigned and carried over 51h into December
Utkarsh Gupta did 30 (out of 40h assigned), thus carrying over 10h to December.
Evolution of the situation
In November we released 31 DLAs.
The security tracker currently lists 23 packages with a known CVE and the dla-needed.txt file has 16 packages needing an update.
Thanks to our sponsors
Sponsors that joined recently are in bold.
Here s my (twenty-sixth) monthly but brief update about the activities I ve done in the F/L/OSS world.
Debian
This was my 35th month of actively contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
Just churning through the backlog again this month. Ugh.
Anyway, I did the following stuff in Debian:
Uploads and bug fixes:
rails (2:6.1.4.1+dfsg-3) - No-change rebuild for unstable.
Other $things:
Mentoring for newcomers.
Moderation of -project mailing list.
Ubuntu
This was my 10th month of actively contributing to Ubuntu.
Now that I ve joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/
I mostly worked on different things, I guess.
I was too lazy to maintain a list of things I worked on so there s
no concrete list atm. Maybe I ll get back to this section later or
will start to list stuff from next year onward, as I was doing before. :D
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my twenty-sixth month as a Debian LTS and seventeenth month as a Debian ELTS paid contributor.
I was assigned 30.00 hours for LTS and 45.00 hours for ELTS and worked on the following things:
Issued DLA 2836-1, fixing CVE-2021-43527, for nss.
For Debian 9 stretch, these problems have been fixed in version 2:3.26.2-1.1+deb9u3.
Started working on src:samba for CVE-2020-25717 to CVE-2020-25722 and CVE-2021-23192 for jessie and stretch, both.
The version difference b/w the suites are a bit too much for the patch(es) to be easily backported. I ve talked to Anton to work something out. \o/
Found the problem w/ libjdom1-java. Will have to roll the regression upload.
I ve prepared the patch but needs some testing to be finally rolled out. Same for jessie.
Issued ELA 524-1, fixing CVE-2021-43618, for gmp.
For Debian 8 jessie, these problems have been fixed in version 2:6.0.0+dfsg-6+deb8u1.
Issued ELA 525-1, fixing CVE-2021-43527, for nss.
For Debian 8 jessie, these problems have been fixed in version 2:3.26-1+debu8u14.
Started working on src:samba for CVE-2020-25717 to CVE-2020-25722 and CVE-2021-23192 for jessie and stretch, both.
The version difference b/w the suites are a bit too much for the patch(es) to be easily backported. I ve talked to Anton to work something out. \o/
Found the problem w/ libjdom1-java. Will have to roll the regression upload.
I ve prepared the patch but needs some testing to be finally rolled out. Same for stretch.
Other (E)LTS Work:
Front-desk duty from 29-11 to 05-12 for both LTS and ELTS.
Our project funding work continues with an active bid on the work of packaging gradle in Debian. The next steps are reviewing the bid and formal approval.
We re looking forward to receiving more projects from various Debian teams! Learn more about the rationale behind this initiative in this article.
Debian LTS contributors
In October 12 contributors were paid to work on Debian LTS, their reports are available below.
Adrian Bunk did 40.5h in October (out of 28.5h assigned and 18h remaining, thus keeping 6h for November).
Evolution of the situation
In October we released 34 DLAs.
Also, we would like to remark once again that we are constantly looking for new contributors. Please contact Jeremiah if you are interested!
The security tracker currently lists 37 packages with a known CVE and the dla-needed.txt file has 22 packages needing an update.
Thanks to our sponsors
Sponsors that joined recently are in bold.
Like each month, have a look at the work funded by Freexian s Debian LTS offering.
Debian project funding
Folks from the LTS team, along with members of the Debian Android Tools team and Phil Morrel, have proposed work on the Java build tool, gradle, which is currently blocked due to the need to build with a plugin not available in Debian. The LTS team reviewed the project submission and it has been approved. After approval we ve created a Request for Bids which is active now.
You ll hear more about this through official Debian channels, but in the meantime, if you feel you can help with this project, please submit a bid. Thanks!
This September, Freexian set aside 2550 EUR to fund Debian projects.
We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article.
Debian LTS contributors
In September, 15 contributors have been paid to work on Debian LTS, their reports are available:
Abhijith PA has returned hours and marked themselves inactive, at least for the time being. He did 0h out of 14h, carried over 14h and returned 28h.
Adrian Bunk did 19.5h (out of 24.75h assigned and 12.75 from August), carrying over 18h to October.
Emilio Pozuelo Monfort did not report back about their work so we assume they did nothing (out of 5.5h assigned plus 74.5h from August), thus is carrying over 80h for October.
Holger Levsen did 3h (out of 12h assigned) and gave back 9h and carried over 3h.
Jeremiah Foster worked 10 hours (out of 20h assigned) on LTS work, carrying over 10h.
Lee Garrett did not report back about their work so we assume they did nothing (out of 24.75h assigned and 23.75 from August), thus is carrying over 48.50h for October.
Markus Koschany did 43.5h (out of 24.75h assigned and 18.75h from August)
Utkarsh Gupta did 24.75h (out of 24.75h assigned) but did not publish his report yet.
Ola Lundqvist did 2 hours (out of 21h carried over from previous months), and is thus carrying 19h for October.
Evolution of the situation
In September we released 30 DLAs. September was also the second month of Jeremiah coordinating LTS contributors.
Also, we would like say that we are always looking for new contributors to LTS. Please contact Jeremiah if you are interested!
The security tracker currently lists 33 packages with a known CVE and the dla-needed.txt file has 26 packages needing an update.
Thanks to our sponsors
Sponsors that joined recently are in bold.
Like each month, have a look at the work funded by Freexian s Debian LTS offering.
Debian project funding
In August, we put aside 2460 EUR to fund Debian projects. We received a new project proposal that got approved and there s an associated bid request if you feel like proposing yourself to implement this project.
We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article.
Debian LTS contributors
In August, 14 contributors have been paid to work on Debian LTS, their reports are available:
Abhijith PA did 4.0h (out of 14h assigned and 5h from August), thus carrying over 15h to September.
Adrian Bunk did 11h (out of 23.75h assigned), thus carrying over 12.75h to September.
Emilio Pozuelo Monfort did not report back about their work so we assume they did nothing (out of 23.75h assigned plus 50.75h from August), thus is carrying over 74.5h for September.
Holger Levsen did 3h (out of 12h assigned) to help coordinate the team, and gave back the remaining hours.
Lee Garrett did nothing (out of 23.75h assigned), thus is carrying over 23.75h for September.
Markus Koschany did 35h (out of 23.75h assigned and 30h from August), thus carrying over 18.75h to September.
Neil Williams did 24h (out of 23.75h assigned), thus anticipating 0.25h of October.
Roberto C. S nchez did 22.25h (out of 23.75h assigned), thus carrying over 1.5h to September.
Sylvain Beucler did 21.5h (out of 23.75h assigned), thus carrying over 2.25h to September.
Evolution of the situation
In August we released 30 DLAs.
This is the first month of Jeremiah coordinating LTS contributors. We would like to thank Holger Levsen for his work on this role up to now.
Also, we would like to remark once again that we are constantly looking for new contributors. Please contact Jeremiah if you are interested!
The security tracker currently lists 73 packages with a known CVE and the dla-needed.txt file has 29 packages needing an update.
Thanks to our sponsors
Sponsors that joined recently are in bold.
Here s my (twenty-third) monthly but brief update about the activities I ve done in the F/L/OSS world.
Debian
This was my 32nd month of actively contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
Tough month but I mostly spent on it churning through the immense backlog. But that
somewhat backfired and I have even more backlog than ever. :D
Anyway, I did the following stuff in Debian:
Ubuntu
This was my 7th month of actively contributing to Ubuntu.
Now that I ve joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/
I mostly worked on different things, I guess. But mostly on packaging keylime and some Google Agents upload(s) and SRU(s). Also did a lot of reviewing, et al.
I was too lazy to maintain a list of things I worked on so there s no concrete list atm. Maybe I ll get back to this section later or will start to list stuff from next month onward, as I ve been doing before. :D
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my twenty-third month as a Debian LTS and eleventh month as a Debian ELTS paid contributor.
I was assigned 23.75 hours for LTS and 40.00 hours for ELTS and worked on the following things:
(however, I only worked for 23.75h on ELTS work, thereby, carrying the rest to next month)
Noticed that there s a fallout of CVE-2021-3185, where an update was issued for gst-plugins-bad1.0, however, not for gst-plugins-bad0.10.
Thanks to Sylvain s script, this came up and I prepped an update for that.
Started to work on libjdom1-java s regression.
Other (E)LTS Work:
Front-desk duty from 26-07 until 01-08 and from 30-08 until 05-09 for both LTS and ELTS.
Mark CVE-2021-39240/haproxy as not-affected for stretch and jessie.
Mark CVE-2021-39241/haproxy as not-affected for stretch and jessie.
Mark CVE-2021-39242/haproxy as not-affected for stretch and jessie.
Mark CVE-2021-33582/cyrus-imapd as no-dsa for stretch.
Mark CVE-2020-18771/exiv2 as no-dsa for exiv2 for stretch.
Mark CVE-2020-18899/exiv2 as no-dsa for exiv2 for stretch.
Mark CVE-2021-38171/ffmpeg as postponed for stretch.
Mark CVE-2021-40330/git as no-dsa for stretch and jessie.
Mark CVE-2020-19481/gpac as ignored for stretch.
Mark CVE-2021-40491/inetutils as no-dsa for stretch.
Mark CVE-2021-36370/mc as no-dsa for stretch and jessie.
Mark CVE-2021-35368/modsecurity-crs as no-dsa for stretch.
Mark CVE-2021-23434/node-object-path as end-of-life for stretch.
Mark CVE-2021-32610/php-pear as no-dsa for stretch.
Mark CVE-2017-9525/systemd-cron as no-dsa for stretch.
Mark CVE-2021-37701/node-tar as end-of-life for stretch.
Mark CVE-2021-37712/node-tar as end-of-life in stretch.
Mark CVE-2021-3750/qemu as postponsed for jessie.
Mark CVE-2021-27511/prototypejs as postponsed for jessie.
Mark CVE-2021-23437/pillow as postponed for stretch and jessie.
Auto EOL ed gpac, cacti, openscad, cgal, cyrus-imapd-2.4, libsolv, mosquitto, atomicparsley, gtkpod, node-tar, libapache2-mod-auth-openidc, neutron, inetutils and linux for jessie.
Drop cpio from ela-needed; open issues don t warrant an ELA.
Attended monthly Debian LTS meeting.
Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
Like each month, have a look at the work funded by Freexian s Debian LTS offering.
Debian project funding
In July, we put aside 2400 EUR to fund Debian projects. We haven t received proposals of projects to fund in the last months, so we have scheduled a discussion during Debconf to try to to figure out why that is and how we can fix that. Join us on August 26th at 16:00 UTC on this link.
We are pleased to announce that Jeremiah Foster will help out to make this initiative a success : he can help Debian members to come up with solid proposals, he can look for people willing to do the work once the project has been formalized and approved, and he will make sure that the project implementation keeps on track when the actual work has begun.
We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article.
Debian LTS contributors
In July, 12 contributors have been paid to work on Debian LTS, their reports are available:
Abhijith PA did 5.0h (out of 7h assigned and 3h remaining), thus carrying over 5h to August.
Emilio Pozuelo Monfort did not report back about their work so we assume they did nothing (out of 39.75h assigned plus 11h from June), thus is carrying over 50.75h for August.
Holger Levsen s work was coordinating/managing the LTS team, he did 3.5h (out of 12h assigned) and gave back 8.5h to the pool.
Markus Koschany did 30h (out of 30h assigned and 30h from June), thus carrying over 30h to August.
Ola Lundqvist did nothing (out of 12h assigned plus 20h from June), thus is carrying over 32h for August.
Roberto C. S nchez did 13.5h (out of 32h assigned and 20h from June), and gave back 38.5h to the pool.
Evolution of the situation
In July we released 30 DLAs. Also we were glad to welcome Neil Williams and Lee Garrett who became active contributors.
The security tracker currently lists 63 packages with a known CVE and the dla-needed.txt file has 17 packages needing an update.
We would like to thank Holger Levsen for the years of work where he managed/coordinated the paid LTS contributors. Jeremiah Foster will take over his duties.
Thanks to our sponsors
Sponsors that joined recently are in bold.
IntroMy name is Leandro Doctors ( allentiak on IRC), and I ve been the GSoC
intern working with the Debian Clojure Team during 2021. This is my
final report. You can also check my original
proposal
and my first
report.
SummaryWhereas the raw data may not sound by itself very positive, my personal
conclusion is. This is, whereas I didn t fully finish the required
deliverables envisioned in my original proposal, I do feel I am much
closer to, eventually, becoming a Debian Developer. So, by all means, I
consider this project has had a positive outcome.
ProjectThe goal of the Clojure Build Tools in Debian project was to provide
Clojure Debian users with some of the latest advanced build tools and
libraries the upstream Clojure developers have been lately working on.
These include tools.deps.alpha, a library for dependency graph
resolution and classpath building, and the CLI tool clj, for REPL
interaction. If time permitted, I was also to improve the quality of
both new and existing Clojure packages, and the overall Debian Clojure
packaging process. My mentor was Louis-Louis-Philippe V ronneau, and my
co-mentor was Utkarsh Gupta.
MotivationWhy this project? On the one side, if you re a Clojure lover like me,
you may have noticed that the Clojure experience in Debian is, as of mid
2021, well... still quiet limited. Additionally, this project aligned
with my own background in Free Software community building and my
research interest in Peer Production.When I mention how limited today s Clojure experience in Debian is, I
can see two reasons for this, deeply intertwined. The first one is that
there currently aren t many Clojure-specific packaging tools in Debian
(such as a clojure-debian-helper). The second reason for which we only
currently have a suboptimal Clojure experience in Debian, and probably
the root of the previous one, is that many core build tools and
libraries for the language have not simply been packaged yet. My project
aimed to attack that seemingly root cause.As I said, another reason for me choosing this project is my own
experience as the Co-founder and Leader of, probably, the first Free
Software Community experience in my hometown of San Juan, Argentina.
That interest in Free Software evolved in a first PhD attempt in what is
now known as the field of Peer Production. A subject that has lived
within me as a research interest during my day job at a University.Being a Clojure fan, it felt only logical combining all those interests
somehow. And this project seemed like the ideal combination.
The Debian Clojure TeamI ve been working with a small, yet very warm team. The current
incarnation of the Debian Clojure Team exists thanks to the hard work of
three people.Elana Hashman (aka the Clojure necromancer ), revived the team around
three years ago. Later on, the team gained the invaluable presence of
Louis-Philippe V ronneau and Utkarsh Gupta (my mentor and co-mentor,
respectively).Together, these Three Musketeers have maintained the team alive,
allowing us, Debian users, to enjoy Clojure.
StatusDuring the first part of my project, I mainly worked on learning the
basics of Debian packaging, and got my first package uploaded. I have to
thank Louis-Philippe, Utkarsh, and Elana for their immense patience and
support during that part, as it took me quite some effort grasping the
basics of Debian packaging.During the second part of my project, I worked on my last packages, and
almost completed the originally required scope of the project. I only
have to finish working on the transition from the currently provided set
of packages (based on a Debian-specific clojure runner) to the newly
provided upstream clojure and clj runners.Unfortunately, I didn t have much time left to start working on the
opportunities for improvement already identified by the Debian Clojure
Team originally outlined in my proposal. Whereas I did update one older
Clojure package not built using leiningen (tools-data-xml-clojure), I
didn t write any Lintian tags to make Clojure packaging in Debian more
robust, nor worked towards the automation of Clojure unit tests in
autopkgtests via autodep8.
Deliverables: Data vs. ConclusionsIf we are to talk about deliverables, we should start with the data.
According to my original proposal, I was required to provide both new
and updated Clojure packages accepted into Debian unstable , and
updated Clojure packaging documentation. Additionally, if time
permitted, I was to also provide new Clojure Lintian tags merged by the
Lintian maintainers, and new Clojure autodep8 scripts merged by the
autodep8 maintainers. Whereas I partially accomplished both required
tasks, I didn t manage to start working on any of the optional
deliverables.When looked in isolation, those numbers may look somewhat disappointing
for some people. However, I can draw a much more positive conclusion.
Why?Firstly, GSoC is supposed to be a learning experience. Moreover, as I
said in my original proposal, I
approach[ed] this project as a great
opportunity to, finally, start my journey towards becoming a Debian
Developer . In that sense, I consider the time invested into this
project fruitful. In this way, I have learned the basics of packaging,
how to interact with the Debian Clojure Team, and and already got my
first packages accepted. Plus, I m looking forward to continuing to work
with the Debian Clojure Team so I can attain the original scope of the
project. Therefore, all things considered, I can consider this
experience as a moderate success.
Lessons LearnedTechnically speaking, if I have learned one thing during these weeks, is
that packaging, although easy to be underestimated, is by no means a
trivial process. As any Debian Developer surely knows, the onboarding
process can take some time. Plus, what is easy for some people, can be
difficult for others. In my case, this was quite evident. Whereas I can
speak several languages and learning new ones takes me little effort,
grasping the basics of packaging took me (literally!) blood, sweat and
tears. Indeed, the packaging learning curve was quite steep for me.That being said, I did learn a thing or two about packaging. So, if I
managed to get here, I m sure many others can. It may take them more or
less time than what it took me, but learning (at least the basics) of
packaging is an achievable goal.Technical skill learning aside, I value very highly the non-technical
skills I have so far improved during this project.For instance, I also learned that it can take some time to adapt to
real-time online communication. Before this project, remote working
meant either exchanging emails or getting into video or audio calls,
with a low emphasis on chat-based interaction. Early on, I realized that
the Debian Clojure Team interacts almost exclusively via, well... chat!
And those two approaches are very different indeed. It has taken me some
time to adjust, but I ve improved greatly in this aspect as well.Finally, improving my time management skills has been also a key part of
this process. Whereas I had already been working remotely for over a
year and a half already, my day job is not so interaction-dependent as
this project (specially in the beginning). So it took me some time to
adapt to this way of working, and to plan my workload so I could use
those waiting moments to advance in other parts of the project. Still a
lot to improve here, but improving nevertheless.
AcknowledgmentsI first have to thank upstream. More specifically, one of the upstream
developers of the clojure-tools, Alex Miller. Everytime I needed
specific information on what do specific parts of the Clojure CLI
tools s codebase do, tools.deps.alpha do, he popped up a reply in a
matter of hours. He has shown genuine interest in the success of is
project during by carefully replying to my emails with detailed
explanations of code intent and form, both in private and in public
conversations. Thank you for all that, Alex!Let s move on to the Debian Clojure Team.First, Elana. I thank Elana for her initial openness when I first
contacted her about this idea. It was *her*
who initially contacted Louis-Philippe so he would become my mentor. I
wouldn t have started to work on this project if it wasn t for her.
Plus, she provided quite a piece of advise in more that one ocassion.
So, thank you very much for all that, Elana!I also thank Utkarsh, my co-mentor, for his overall technical advise.
And a special mention to his initial help to setup my Matrix client for
OFTC chat. At that moment, it was *him* who
took the time to help me in real time so I could solve that problem. So,
thank you very much for all that, Utkarsh!I finally have to thank Louis-Philippe, my mentor, for his patient
guidance during the whole process. His dedication and hard work has been
*instrumental* for my progress. And a
special mention for his tolerance with respect to some unforeseen
personal circumstances I had to endure during the first weeks. When one
is playing the newbie, times abound when one depends on other people s
feedback. And Debian is made of volunteers, who have a life outside it.
Every time I asked, Louis-Philippe was there. I wouldn t have gotten
here if it wasn t for him. So, thank you
*so* much for all that, Louis-Philippe!
Final WordsI would like to close this report with a reflection.I have been using Debian for many, many years now, and I had been
looking for a way to contribute back to the project for some time
already. I even did some work on a non-packaging Debian project. That
being said, I never managed to deliver much, really.So, the very existence of outreach programs as this one is, in my humble
opinion, crucial. In my case, the funding I got through the GSoC program
was instrumental in being able to allocate time for this endeavor, and
to finally get started contributing to Debian. Plus, it has had a very
positive impact on me; in many ways, some of which I am only starting to
discover now that the project is ending.When I put things into perspective, this project is very important for
me. Actually, it is nothing but the first step within a long-term
journey: becoming a Debian member. Hopefully, I would like to be able to
apply for Debian membership by the end of this year.
Questions?Thank you very much for your time reading this! I look forward to
hearing (or reading) your feedback. Please come and meet with the Debian
Clojure Team Moreover, I will be in the Clojure BoF on DebConf2021.
Moreover, do not hesitate to send me an email.
Data
Task Status
Required Tasks:
T1: Setting up a full Debian packaging development environment
and learning the basics of Debian packaging.
Successfully completed the first part during the Application
period.
Successfully completed the second part during the Coding
periods.
T2: Identifying and packaging the missing dependencies to
package clojure-cli.
Successfully completed as of the end of Coding II.
T3: Packaging clojure-cli.
90% done as of the end of Coding II.
T4: Updating clojure to use clojure-cli.
To be completed after GSoC.
T5: Updating the Clojure Packaging Guide with information on how
to use the new clojure-cli scripts.
Improved existing documentation. To be completed after GSoC.
Optional Tasks:
T6: Writing Lintian tags to make Clojure packaging in Debian
more robust.
To be completed after GSoC.
T7: Working to automate Clojure unit testing in autopkgtests
using autodep8.
To be completed after GSoC.
T8: Updating older Clojure packages not built using leiningen or
clojure-cli.
tools-gitlibs-clojure -- Clojure API for programatically
accessing git libraries. ITP:
#905543in
NEW.
ITP: tools-deps-alpha-clojure -- functional API for dependency
management and classpath creation
https://bugs.debian.org/891136 Needs to be uploaded by
Louis-Philippe.
In-Progress packages:
ITP: clojure-cli -- upstream CLI entrypoints for Clojure
https://bugs.debian.org/891141 90% done - Package completed.
I only need to finish implementing the transition from existing
clojure scripts. To be completed after GSoC.
NOTE: this blog post is based on my "Clojure CLI Tools in Debian" GSoC 2021 project Partial Evaluation Report.Hi, everybody!For those who don't know me, my name is Leandro Doctors (allentiak on IRC), and I'm the Debian Clojure Team's GSoC 2021 intern. My mentor is Louis-Philippe V ronneau[*] (pollo on IRC). My co-mentor is Utkarsh Gupta (utkarsh2102 on IRC). My 'no-mentor' :) is Elana Hashman (ehashman on IRC).In this message, I will summarize what I've been up to during the Coding I period (June 7th - July 16th).TL;DR: my updated data-xml-clojure package was accepted[1] in experimental on Wednesday night :-)[1] https://tracker.debian.org/news/1244465/accepted-data-xml-clojure-020alpha6-1-source-into-experimental/Now, let's tell the full story.During the first days of the "Coding I" phase, I did some research on the clj dependencies. And after the precious feedback from Louis-Philippe, Elana, Utkarsh, and Alex Miller (the upstream developer of clj, among many other libraries), I came up with the following packaging strategy.
update org.clojure:data.xml (data-xml-clojure) to 0.2.0-beta6.
consider updating libjsch-agent-proxy-java, jgit, libtools-cli-clojure (all of them already in Debian).
consider packaging com.cognitec.aws:* packages.
According to my original proposal, I should have completed all four tasks during Coding I.
Looking back, the main lesson from these past weeks is a known classic: my timeline was too optimistic: I definitely underestimated the difficulty of the packaging process. Out of the four tasks, I only finished the first one.There were many challenges I had to overcome in order to update the library from version 0.0.8 to 0.2.0-alpha6:This what I did:First, I patched the source code so:
we avoid needlessly packaging data-codec-clojure (not currently in Debian).
we can ignore Clojure-Script-related dependencies.
Then, I completely overhauled the packaging code (this is, what goes inside debian/).
added support for automatically tracking newer releases.
the package now builds with Leiningen, instead of plain Java.
it now actually supports autopkgtest (the existing test was trivial).
All this improved the quality of the package.I also improved the Clojure Packaging Tutorial[2] to make the process easier to follow.[2] https://wiki.debian.org/Clojure/PackagingTutorialLooking back, it is almost as if I had started packaging the library from scratch...But, more that what I produced, I think the most important part of all this is what I learned during these weeks.As it was the first time I ever packaged anything in Debian, I had to learn the basics, bump by bump. (And, oh my, I surely did bump quite a few times!)
Basic packaging workflow.
Setup sbuild[3] to make it work with gbp[4] (when I had rebuilt bidi-clojure from scratch, I had used plain sbuild.)
Learn how to patch upstream files with quilt[5] (actually, via the dquilt frontend). This was the first really difficult task to do, since it took me quite some time to grasp it. Looking back, I think I was simply scared of breaking something :)
Understanding debian/ files.
Understanding debian/tests (autopkgtest) files. This was particularly difficult, since the doc wasn't clear about it. So I then improved the Clojure Packaging Tutorial[2] to make the process easier to follow.
[2] https://wiki.debian.org/Clojure/PackagingTutorial[3] https://wiki.debian.org/sbuild[4] https://manpages.debian.org/unstable/git-buildpackage/gbp.1.en.html[5] https://wiki.debian.org/UsingQuiltDefinitely, all this was worth it. After all, my updated data-xml-clojure package was accepted[1] in experimental on Wednesday :-)[1] https://tracker.debian.org/news/1244465/accepted-data-xml-clojure-020alpha6-1-source-into-experimental/Now that I've learned the basics of packaging bumped enough to get my package accepted, I'm hopeful I can ramp up and catch up with (at least most of) my original schedule during Coding II.tools-gitlibs-clojure, you're next :-)Thank you very much Louis-Philippe, Elana, and Utkarsh (plus a special mention to Alex) for your precious support during the last few weeks!
NOTE: this blog post is based on my "Clojure CLI Tools in Debian" GSoC 2021 project Partial Evaluation Report.Hi, everybody!For those who don't know me, my name is Leandro Doctors (allentiak on IRC), and I'm the Debian Clojure Team's GSoC 2021 intern. My mentor is Louis-Philippe V ronneau[*] (pollo on IRC). My co-mentor is Utkarsh Gupta (utkarsh2102 on IRC). My 'no-mentor' :) is Elana Hashman (ehashman on IRC).In this message, I will summarize what I've been up to during the Coding I period (June 7th - July 16th).TL;DR: my updated data-xml-clojure package was accepted[1] in experimental on Wednesday night :-)[1] https://tracker.debian.org/news/1244465/accepted-data-xml-clojure-020alpha6-1-source-into-experimental/Now, let's tell the full story.During the first days of the "Coding I" phase, I did some research on the clj dependencies. And after the precious feedback from Louis-Philippe, Elana, Utkarsh, and Alex Miller (the upstream developer of clj, among many other libraries), I came up with the following packaging strategy.
update org.clojure:data.xml (data-xml-clojure) to 0.2.0-beta6.
consider updating libjsch-agent-proxy-java, jgit, libtools-cli-clojure (all of them already in Debian).
consider packaging com.cognitec.aws:* packages.
According to my original proposal, I should have completed all four tasks during Coding I.
Looking back, the main lesson from these past weeks is a known classic: my timeline was too optimistic: I definitely underestimated the difficulty of the packaging process. Out of the four tasks, I only finished the first one.There were many challenges I had to overcome in order to update the library from version 0.0.8 to 0.2.0-alpha6:This what I did:First, I patched the source code so:
we avoid needlessly packaging data-codec-clojure (not currently in Debian).
we can ignore Clojure-Script-related dependencies.
Then, I completely overhauled the packaging code (this is, what goes inside debian/).
added support for automatically tracking newer releases.
the package now builds with Leiningen, instead of plain Java.
it now actually supports autopkgtest (the existing test was trivial).
All this improved the quality of the package.I also improved the Clojure Packaging Tutorial[2] to make the process easier to follow.[2] https://wiki.debian.org/Clojure/PackagingTutorialLooking back, it is almost as if I had started packaging the library from scratch...But, more that what I produced, I think the most important part of all this is what I learned during these weeks.As it was the first time I ever packaged anything in Debian, I had to learn the basics, bump by bump. (And, oh my, I surely did bump quite a few times!)
Basic packaging workflow.
Setup sbuild[3] to make it work with gbp[4] (when I had rebuilt bidi-clojure from scratch, I had used plain sbuild.)
Learn how to patch upstream files with quilt[5] (actually, via the dquilt frontend). This was the first really difficult task to do, since it took me quite some time to grasp it. Looking back, I think I was simply scared of breaking something :)
Understanding debian/ files.
Understanding debian/tests (autopkgtest) files. This was particularly difficult, since the doc wasn't clear about it. So I then improved the Clojure Packaging Tutorial[2] to make the process easier to follow.
[2] https://wiki.debian.org/Clojure/PackagingTutorial[3] https://wiki.debian.org/sbuild[4] https://manpages.debian.org/unstable/git-buildpackage/gbp.1.en.html[5] https://wiki.debian.org/UsingQuiltDefinitely, all this was worth it. After all, my updated data-xml-clojure package was accepted[1] in experimental on Wednesday :-)[1] https://tracker.debian.org/news/1244465/accepted-data-xml-clojure-020alpha6-1-source-into-experimental/Now that I've learned the basics of packaging bumped enough to get my package accepted, I'm hopeful I can ramp up and catch up with (at least most of) my original schedule during Coding II.tools-gitlibs-clojure, you're next :-)Thank you very much Louis-Philippe, Elana, and Utkarsh (plus a special mention to Alex) for your precious support during the last few weeks!
Like each month, have a look at the work funded by Freexian s Debian LTS offering.
Debian project funding
In June, we put aside 5775 EUR to fund Debian projects for which we re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article.
Debian LTS contributors
In June, 12 contributors have been paid to work on Debian LTS, their reports are available:
Abhijith PA did 18.0h (out of 14h assigned and 19h from May), thus carrying over 15h to July.
Utkarsh Gupta did not report back about their work so we assume they did nothing (out of 40h assigned), thus is carrying over 40h for July.
Evolution of the situation
In June we released 30 DLAs. As already written last month we are looking for a Debian LTS project manager and team coordinator. Finally, we would like to remark once again that we are constantly looking for new contributors. Please contact Holger if you are interested!
The security tracker currently lists 41 packages with a known CVE and the dla-needed.txt file has 23 packages needing an update.
Thanks to our sponsors
Sponsors that joined recently are in bold.
Like each month, have a look at the work funded by Freexian s Debian LTS offering.
Debian project funding
In May, we again put aside 2100 EUR to fund Debian projects. There was no proposals for new projects received, thus we re looking forward to receive more projects from various Debian teams! Please do not hesitate to submit a proposal, if there is a project that could benefit from the funding!
We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article.
Debian LTS contributors
In May, 12 contributors have been paid to work on Debian LTS, their reports are available:
Abhijith PA did 7.0h (out of 14h assigned and 12h from April), thus carrying over 19h to June.
Evolution of the situation
In May we released 33 DLAs and mostly skipped our public IRC meeting and the end of the month. In June we ll have another team meeting using video as lined out on our LTS meeting page. Also, two months ago we announced that Holger would step back from his coordinator role and today we are announcing that he is back for the time being, until a new coordinator is found. Finally, we would like to remark once again that we are constantly looking for new contributors. Please contact Holger if you are interested!
The security tracker currently lists 41 packages with a known CVE and the dla-needed.txt file has 21 packages needing an update.
Thanks to our sponsors
Sponsors that joined recently are in bold.
Here s my (twentieth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This was my 29th month of actively contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
Interesting month, surprisingly. Lots of things happening and lots of moving parts; becoming the new normal , I believe.
Anyhow, working on Ubuntu full-time has its own advantage and one of them is being able to work on Debian stuff!
So whilst I couldn t upload a lot of packages because of the freeze, here s what I worked on:
Mentoring for newcomers and assisting people in BSP.
Moderation of -project mailing list.
Ubuntu
This was my 4th month of actively contributing to Ubuntu.
Now that I ve joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/
This month, by all means, was dedicated mostly to PHP 8.0, transitioning from PHP 7.4 to 8.0.
Naturally, it had so many moving parts and moments of utmost frustration, shared w/ Bryce. :D
So even though I can t upload anything, I worked on the following stuff & asked for sponsorship.
But before, I d like to take a moment to stress how kind and awesome Gianfranco Costamagna,
a.k.a. LocutusOfBorg is! He s been sponsoring a
bunch of my things & helping with re-triggers, et al. Thanks a bunch, Gianfranco; beers on me
whenever we meet!
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my twentieth month as a Debian LTS and eleventh month as a Debian ELTS paid contributor.
I was assigned 29.75 hours for LTS and 40.00 hours for ELTS and worked on the following things:
LTS CVE Fixes and Announcements:
Issued DLA 2654-1, fixing CVE-2021-29472, for composer.
For Debian 9 stretch, these problems have been fixed in version 1.2.2-1+deb9u1.
Issued DLA 2662-1, fixing CVE-2021-32027 and CVE-2021-32028, for postgresql-9.6.
For Debian 9 stretch, these problems have been fixed in version 9.6.22-0+deb9u1. This update for done by the maintainer, Christoph Berg. I just took care of announcing and publishing the update.
Uploaded ruby-rack-cors to buster-security, fixing CVE-2019-18978.
For Debian 10 buster, these problems have been fixed in version 1.0.2-1+deb10u1.
Like each month, have a look at the work funded by Freexian s Debian LTS offering.
Debian project funding
In April, we put aside 5775 EUR to fund Debian projects. There was no proposals for new projects received, thus we re looking forward to receive more projects from various Debian teams! Please do not hesitate to submit a proposal, if there is a project that could benefit from the funding!
Debian LTS contributors
In April, 11 contributors have been paid to work on Debian LTS, their reports are available:
Abhijith PA did 14.0h (out of 14h assigned and 12h from March), thus carrying over 12h to May.
Evolution of the situation
In April we released 33 DLAs and held a LTS team meeting using video conferencing.
The security tracker currently lists 53 packages with a known CVE and the dla-needed.txt file has 26 packages needing an update.
We are please to welcome VyOS as a new gold sponsor!
Thanks to our sponsors
Sponsors that joined recently are in bold.
