Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding In December, we put aside 2100 EUR to fund Debian projects. The first project proposal (a tracker.debian.org improvement for the security team) was received and quickly approved by the paid contributors, then we opened a request for bids and the bid winner was announced today (it was easy, we had only one candidate). Hopefully this first project will be completed until our next report. We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article. Debian LTS contributors In December, 12 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 7.0h (out of 14h assigned), thus carrying over 7h to January.
• Ben Hutchings did 16.5h (out of 16h assigned and 9h from November), thus carrying over 8.5h to January.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned), thus carrying over h to January.
• Emilio Pozuelo Monfort did 16.5h (out of 26h assigned), thus carrying over 9.5h to January.
• Holger Levsen did 3.5h coordinating/managing the LTS team.
• Markus Koschany did 26h (out of 26h assigned and 10.75h from November), thus carrying over 10.75 h to January.
• Ola Lundqvist did 9.5h (out of 12h assigned and 11h from November), thus carrying over 11.5h to January.
• Roberto C. S nchez did 18.5h (out of 26h assigned and 2.25h from November) and gave back the remaining 9.75h.
• Sylvain Beucler did 26h (out of 26h assigned).
• Thorsten Alteholz did 26h (out of 26h assigned).
• Utkarsh Gupta did 26h (out of 26h assigned).

Evolution of the situation December was a quiet month as we didn t have a team meeting nor any other unusual activity and we released 43 DLAs. The security tracker currently lists 30 packages with a known CVE and the dla-needed.txt file has 25 packages needing an update. This month we are pleased to welcome Deveryware as new sponsor! Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
• TOSHIBA (for 64 months)
• GitHub (for 54 months)
• Civil Infrastructure Platform (CIP) (for 32 months)
• Gold sponsors:
• Blablacar (for 79 months)
• Roche Diagnostics International AG (for 75 months)
• Linode (for 69 months)
• Babiel GmbH (for 58 months)
• Plat Home (for 57 months)
• University of Oxford (for 14 months)
• Deveryware
• Silver sponsors:
• The Positive Internet Company (for 80 months)
• Domeneshop AS (for 79 months)
• Nantes M tropole (for 73 months)
• Univention GmbH (for 65 months)
• Universit Jean Monnet de St Etienne (for 65 months)
• Ribbon Communications, Inc. (for 59 months)
• Exonet B.V. (for 48 months)
• Leibniz Rechenzentrum (for 42 months)
• CINECA (for 32 months)
• Minist re de l Europe et des Affaires trang res (for 26 months)
• Cloudways Ltd (for 15 months)
• Dinahosting SL (for 13 months)
• Platform.sh (for 8 months)
• Bauer Xcel Media Deutschland KG (for 7 months)
• Moxa Intelligence Co., Ltd.
• Bronze sponsors:
• Seznam.cz, a.s. (for 80 months)
• Evolix (for 79 months)
• Linuxhotel GmbH (for 77 months)
• Intevation GmbH (for 76 months)
• Daevel SARL (for 75 months)
• Bitfolk LTD (for 74 months)
• Megaspace Internet Services GmbH (for 74 months)
• Greenbone Networks GmbH (for 73 months)
• NUMLOG (for 73 months)
• WinGo AG (for 72 months)
• Ecole Centrale de Nantes LHEEA (for 69 months)
• Entr ouvert (for 64 months)
• Adfinis AG (for 61 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 56 months)
• Tesorion (for 56 months)
• GNI MEDIA (for 55 months)
• Bearstech (for 47 months)
• LiHAS (for 47 months)
• People Doc (for 43 months)
• Catalyst IT Ltd (for 41 months)
• Supagro (for 37 months)
• Demarcq SAS (for 35 months)
• Universit Grenoble Alpes (for 22 months)
• TouchWeb SAS (for 14 months)
• SPiN AG (for 10 months)
• CoreFiling (for 6 months)
• Institut des sciences cognitives Marc Jeannerod

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In November, 239.25 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Abhijith PA did 12.0h (out of 12h assigned).
• Adrian Bunk did 13h (out of 22.75h assigned and 19.5h from October) and gave back 6.5h, thus carrying over 22.75h to December.
• Ben Hutchings did 11.5h (out of 16h assigned and 4.5h from October), thus carrying over 9h to December.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did 22.75h (out of 22.75h assigned).
• Holger Levsen did 8.0h coordinating/managing the LTS team.
• Markus Koschany did 12h (out of 22.75h assigned), thus carrying over 10.75h to December.
• Ola Lundqvist did 1h (out of 12h assigned), thus carrying over 11h to December.
• Roberto C. S nchez did 20.5h (out of 22.75h assigned), thus carrying over 2.25h to December.
• Sylvain Beucler did 22.75h (out of 22.75h assigned).
• Thorsten Alteholz did 22.75h (out of 22.75h assigned).
• Utkarsh Gupta did 22.75h (out of 22.75h assigned).

Evolution of the situation In November we held the last LTS team meeting for 2020 on IRC, with the next one coming up at the end of January.
We announced a new formalized initiative for Funding Debian projects with money from Freexian s LTS service.
Finally, we would like to remark once again that we are constantly looking for new contributors. Please contact Holger if you are interested! We re also glad to welcome two new sponsors, Moxa, a device manufacturer, and a French research lab (Institut des Sciences Cognitives Marc Jeannerod). The security tracker currently lists 37 packages with a known CVE and the dla-needed.txt file has 40 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
• TOSHIBA (for 63 months)
• GitHub (for 53 months)
• Civil Infrastructure Platform (CIP) (for 31 months)
• Gold sponsors:
• Blablacar (for 78 months)
• Roche Diagnostics International AG (for 74 months)
• Linode (for 68 months)
• Babiel GmbH (for 57 months)
• Plat Home (for 56 months)
• University of Oxford (for 13 months)
• Silver sponsors:
• The Positive Internet Company (for 79 months)
• Domeneshop AS (for 78 months)
• Nantes M tropole (for 72 months)
• Univention GmbH (for 64 months)
• Universit Jean Monnet de St Etienne (for 64 months)
• Ribbon Communications, Inc. (for 58 months)
• Exonet B.V. (for 47 months)
• Leibniz Rechenzentrum (for 41 months)
• CINECA (for 31 months)
• Minist re de l Europe et des Affaires trang res (for 25 months)
• Cloudways Ltd (for 14 months)
• Dinahosting SL (for 12 months)
• Platform.sh (for 7 months)
• Bauer Xcel Media Deutschland KG (for 6 months)
• Moxa Intelligence Co., Ltd.
• Bronze sponsors:
• Seznam.cz, a.s. (for 79 months)
• Evolix (for 78 months)
• Linuxhotel GmbH (for 76 months)
• Intevation GmbH (for 75 months)
• Daevel SARL (for 74 months)
• Bitfolk LTD (for 73 months)
• Megaspace Internet Services GmbH (for 73 months)
• Greenbone Networks GmbH (for 72 months)
• NUMLOG (for 72 months)
• WinGo AG (for 71 months)
• Ecole Centrale de Nantes LHEEA (for 68 months)
• Entr ouvert (for 63 months)
• Adfinis AG (for 60 months)
• Tesorion (for 55 months)
• GNI MEDIA (for 54 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 54 months)
• Bearstech (for 46 months)
• LiHAS (for 46 months)
• People Doc (for 42 months)
• Catalyst IT Ltd (for 40 months)
• Supagro (for 36 months)
• Demarcq SAS (for 34 months)
• Universit Grenoble Alpes (for 21 months)
• TouchWeb SAS (for 12 months)
• SPiN AG (for 9 months)
• CoreFiling (for 5 months)
• Institut des sciences cognitives Marc Jeannerod

One comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In October, 221.50 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Abhijith PA did 16.0h (out of 14h assigned and 2h from September).
• Adrian Bunk did 7h (out of 20.75h assigned and 5.75h from September), thus carrying over 19.5h to November.
• Ben Hutchings did 11.5h (out of 6.25h assigned and 9.75h from September), thus carrying over 4.5h to November.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did 20.75h (out of 20.75h assigned).
• Holger Levsen did 7.0h coordinating/managing the LTS team.
• Markus Koschany did 20.75h (out of 20.75h assigned).
• Mike Gabriel gave back the 8h he was assigned. See below
• Ola Lundqvist did 10.5h (out of 8h assigned and 2.5h from September).
• Roberto C. S nchez did 13.5h (out of 20.75h assigned) and gave back 7.25h to the pool.
• Sylvain Beucler did 20.75h (out of 20.75h assigned).
• Thorsten Alteholz did 20.75h (out of 20.75h assigned).
• Utkarsh Gupta did 20.75h (out of 20.75h assigned).

Evolution of the situation October was a regular LTS month with a LTS team meeting done via video chat thus there s no log to be shared. After more than five years of contributing to LTS (and ELTS), Mike Gabriel announced that he founded a new company called Frei(e) Software GmbH and thus would leave us to concentrate on this new endeavor. Best of luck with that, Mike! So, once again, this is a good moment to remind that we are constantly looking for new contributors. Please contact Holger if you are interested! The security tracker currently lists 42 packages with a known CVE and the dla-needed.txt file has 39 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
• TOSHIBA (for 62 months)
• GitHub (for 52 months)
• Civil Infrastructure Platform (CIP) (for 30 months)
• Gold sponsors:
• Blablacar (for 77 months)
• Roche Diagnostics International AG (for 73 months)
• Linode (for 67 months)
• Babiel GmbH (for 56 months)
• Plat Home (for 55 months)
• University of Oxford (for 12 months)
• Silver sponsors:
• The Positive Internet Company (for 78 months)
• Domeneshop AS (for 77 months)
• Nantes M tropole (for 71 months)
• Univention GmbH (for 63 months)
• Universit Jean Monnet de St Etienne (for 63 months)
• Ribbon Communications, Inc. (for 57 months)
• Exonet B.V. (for 46 months)
• Leibniz Rechenzentrum (for 40 months)
• CINECA (for 30 months)
• Minist re de l Europe et des Affaires trang res (for 24 months)
• Cloudways Ltd (for 13 months)
• Dinahosting SL (for 11 months)
• Platform.sh (for 6 months)
• Bauer Xcel Media Deutschland KG (for 5 months)
• Bronze sponsors:
• Seznam.cz, a.s. (for 78 months)
• Evolix (for 77 months)
• Linuxhotel GmbH (for 75 months)
• Intevation GmbH (for 74 months)
• Daevel SARL (for 73 months)
• Bitfolk LTD (for 72 months)
• Megaspace Internet Services GmbH (for 72 months)
• Greenbone Networks GmbH (for 71 months)
• NUMLOG (for 71 months)
• WinGo AG (for 70 months)
• Ecole Centrale de Nantes LHEEA (for 66 months)
• Entr ouvert (for 62 months)
• Adfinis AG (for 59 months)
• Tesorion (for 54 months)
• GNI MEDIA (for 53 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 53 months)
• Bearstech (for 45 months)
• LiHAS (for 45 months)
• People Doc (for 41 months)
• Catalyst IT Ltd (for 39 months)
• Supagro (for 35 months)
• Demarcq SAS (for 33 months)
• Universit Grenoble Alpes (for 19 months)
• TouchWeb SAS (for 11 months)
• SPiN AG (for 8 months)
• CoreFiling (for 4 months)

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In September, 208.25 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Abhijith PA did 12.0h (out of 14h assigned), thus carrying over 2h to October.
• Adrian Bunk did 14h (out of 19.75h assigned), thus carrying over 5.75h to October.
• Ben Hutchings did 8.25h (out of 16h assigned and 9.75h from August), but gave back 7.75h, thus carrying over 9.75h to October.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did 19.75h (out of 19.75h assigned).
• Holger Levsen did 5h coordinating/managing the LTS team.
• Markus Koschany did 31.75h (out of 19.75h assigned and 12h from August).
• Ola Lundqvist did 9.5h (out of 12h from August), thus carrying 2.5h to October.
• Roberto C. S nchez did 19.75h (out of 19.75h assigned).
• Sylvain Beucler did 19.75h (out of 19.75h assigned).
• Thorsten Alteholz did 19.75h (out of 19.75h assigned).
• Utkarsh Gupta did 8.75h (out of 19.75h assigned), while he already anticipated the remaining 11h in August.

Evolution of the situation September was a regular LTS month with an IRC meeting. The security tracker currently lists 45 packages with a known CVE and the dla-needed.txt file has 48 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
• TOSHIBA (for 61 months)
• GitHub (for 51 months)
• Civil Infrastructure Platform (CIP) (for 28 months)
• Gold sponsors:
• Blablacar (for 76 months)
• Roche Diagnostics International AG (for 71 months)
• Linode (for 66 months)
• Babiel GmbH (for 55 months)
• Plat Home (for 54 months)
• University of Oxford (for 10 months)
• Silver sponsors:
• The Positive Internet Company (for 77 months)
• Domeneshop AS (for 76 months)
• Nantes M tropole (for 70 months)
• Univention GmbH (for 62 months)
• Universit Jean Monnet de St Etienne (for 62 months)
• Ribbon Communications, Inc. (for 55 months)
• Exonet B.V. (for 45 months)
• Leibniz Rechenzentrum (for 39 months)
• CINECA (for 29 months)
• Minist re de l Europe et des Affaires trang res (for 23 months)
• Cloudways Ltd (for 12 months)
• Dinahosting SL (for 10 months)
• Bauer Xcel Media Deutschland KG (for 4 months)
• Platform.sh (for 4 months)
• Bronze sponsors:
• Seznam.cz, a.s. (for 77 months)
• Evolix (for 76 months)
• Linuxhotel GmbH (for 74 months)
• Intevation GmbH (for 73 months)
• Daevel SARL (for 72 months)
• Bitfolk LTD (for 71 months)
• Megaspace Internet Services GmbH (for 71 months)
• Greenbone Networks GmbH (for 70 months)
• NUMLOG (for 70 months)
• WinGo AG (for 69 months)
• Ecole Centrale de Nantes LHEEA (for 65 months)
• Entr ouvert (for 60 months)
• Adfinis AG (for 58 months)
• GNI MEDIA (for 52 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 52 months)
• Tesorion (for 52 months)
• Bearstech (for 44 months)
• LiHAS (for 44 months)
• People Doc (for 40 months)
• Catalyst IT Ltd (for 38 months)
• Supagro (for 34 months)
• Demarcq SAS (for 32 months)
• Universit Grenoble Alpes (for 18 months)
• TouchWeb SAS (for 10 months)
• SPiN AG (for 7 months)
• CoreFiling (for 3 months)

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In August, 237.25 work hours have been dispatched among 14 paid contributors. Their reports are available:

• Abhijith PA did 10.0h (out of 10h assigned).
• Adrian Bunk did 31h (out of 21.75h assigned and 9.25h from July).
• Ben Hutchings did 6.25h (out of 16h assigned), thus carrying over 9.75h to September.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did 21.75h (out of 21.75h assigned).
• Holger Levsen did 7h coordinating/managing the LTS team.
• Markus Koschany did 20h (out of 21.75h assigned and 10.25h from July), thus carrying over 12h to September.
• Mike Gabriel did 16.0h (out of 8h assigned and 8h from July).
• Ola Lundqvist did 6.9h (out of 8h assigned and 16h from July), and gave back 5.1h, thus carrying over 12h to September.
• Roberto C. S nchez did 21.75h (out of 21.75h assigned).
• Sylvain Beucler did 21.75h (out of 21.75h assigned).
• Thorsten Alteholz did 21.75h (out of 21.75h assigned).
• Utkarsh Gupta did 32.75h (out of 21.75h assigned and anticipating 11h from September).

Evolution of the situation August was a regular LTS month once again, even though it was only our 2nd month with Stretch LTS.
At the end of August some of us participated in DebConf 20 online where we held our monthly team meeting. A video is available.
As of now this video is also the only public resource about the LTS survey we held in July, though a written summary is expected to be released soon. The security tracker currently lists 56 packages with a known CVE and the dla-needed.txt file has 55 packages needing an update. Thanks to our sponsors Sponsors that recently joined are in bold.

• Platinum sponsors:
• TOSHIBA (for 60 months)
• GitHub (for 50 months)
• Civil Infrastructure Platform (CIP) (for 27 months)
• Gold sponsors:
• Blablacar (for 75 months)
• Roche Diagnostics International AG (for 70 months)
• Linode (for 65 months)
• Babiel GmbH (for 54 months)
• Plat Home (for 53 months)
• University of Oxford (for 9 months)
• Silver sponsors:
• The Positive Internet Company (for 76 months)
• Domeneshop AS (for 75 months)
• Nantes M tropole (for 69 months)
• Univention GmbH (for 61 months)
• Universit Jean Monnet de St Etienne (for 61 months)
• Ribbon Communications, Inc. (for 54 months)
• Exonet B.V. (for 44 months)
• Leibniz Rechenzentrum (for 38 months)
• CINECA (for 28 months)
• Minist re de l Europe et des Affaires trang res (for 22 months)
• Cloudways Ltd (for 11 months)
• Dinahosting SL (for 9 months)
• Bauer Xcel Media Deutschland KG (for 3 months)
• Platform.sh (for 3 months)
• Bronze sponsors:
• Seznam.cz, a.s. (for 76 months)
• Evolix (for 75 months)
• Linuxhotel GmbH (for 73 months)
• Intevation GmbH (for 72 months)
• Daevel SARL (for 71 months)
• Bitfolk LTD (for 70 months)
• Megaspace Internet Services GmbH (for 70 months)
• Greenbone Networks GmbH (for 69 months)
• NUMLOG (for 69 months)
• WinGo AG (for 68 months)
• Ecole Centrale de Nantes LHEEA (for 64 months)
• Entr ouvert (for 59 months)
• Adfinis AG (for 57 months)
• GNI MEDIA (for 51 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 51 months)
• Tesorion (for 51 months)
• Bearstech (for 43 months)
• LiHAS (for 43 months)
• People Doc (for 39 months)
• Catalyst IT Ltd (for 37 months)
• Supagro (for 33 months)
• Demarcq SAS (for 31 months)
• Universit Grenoble Alpes (for 17 months)
• TouchWeb SAS (for 9 months)
• SPiN AG (for 6 months)
• CoreFiling

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, albeit a bit later due to vacation, here comes a report about the work of paid contributors to Debian LTS. Individual reports In July, 249.25 work hours have been dispatched among 14 paid contributors. Their reports are available:

• Abhijith PA did 18.0h (out of 14h assigned and 6h from June), and gave back 2h to the pool.
• Adrian Bunk did 16.0h (out of 25.25h assigned), thus carrying over 9.25h to August.
• Ben Hutchings did 5h (out of 20h assigned), and gave back the remaining 15h.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did 60h (out of 5.75h assigned and 54.25h from June).
• Holger Levsen spent 10h (out of 10h assigned) for managing LTS and ELTS contributors.
• Markus Koschany did 15h (out of 25.25h assigned), thus carrying over 10.25h to August.
• Mike Gabriel did nothing (out of 8h assigned), thus is carrying over 8h for August.
• Ola Lundqvist did 3h (out of 12h assigned and 7h from June), thus carrying over 16h to August.
• Roberto C. S nchez did 26.5h (out of 25.25h assigned and 1.25h from June).
• Sylvain Beucler did 25.25h (out of 25.25h assigned).
• Thorsten Alteholz did 25.25h (out of 25.25h assigned).
• Utkarsh Gupta did 25.25h (out of 25.25h assigned).

Evolution of the situation July was our first month of Stretch LTS! Given this is our fourth LTS release we anticipated a smooth transition and it seems everything indeed went very well. Many thanks to the members of the Debian ftpmaster-, security, release- and publicity- teams who helped us make this happen!
Stretch LTS begun on July 18th 2020 after the 13th and final Stretch point release. and is currently scheduled to end on June 30th 2022. Last month, we asked you to participate in a survey and we got 1764 submissions, which is pretty awesome. Thank you very much for participating!. Right now we are still busy crunching the results, but we already shared some early analysis during the Debconf LTS bof this week. The security tracker currently lists 54 packages with a known CVE and the dla-needed.txt file has 52 packages needing an update. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 59 months)
• GitHub (for 50 months)
• Civil Infrastructure Platform (CIP) (for 27 months)
• Gold sponsors:
• Blablacar (for 74 months)
• Roche Diagnostics International AG (for 70 months)
• Linode (for 64 months)
• Babiel GmbH (for 53 months)
• Plat Home (for 53 months)
• University of Oxford (for 9 months)
• Silver sponsors:
• The Positive Internet Company (for 75 months)
• Domeneshop AS (for 74 months)
• Nantes M tropole (for 68 months)
• Univention GmbH (for 60 months)
• Universit Jean Monnet de St Etienne (for 60 months)
• Ribbon Communications, Inc. (for 54 months)
• Exonet B.V. (for 44 months)
• Leibniz Rechenzentrum (for 38 months)
• CINECA (for 27 months)
• Minist re de l Europe et des Affaires trang res (for 21 months)
• Cloudways Ltd (for 11 months)
• Dinahosting SL (for 9 months)
• Bauer Xcel Media Deutschland KG (for 3 months)
• Platform.sh (for 3 months)
• Bronze sponsors:
• Evolix (for 75 months)
• Seznam.cz, a.s. (for 75 months)
• Linuxhotel GmbH (for 72 months)
• Intevation GmbH (for 71 months)
• Daevel SARL (for 70 months)
• Bitfolk LTD (for 69 months)
• Megaspace Internet Services GmbH (for 69 months)
• Greenbone Networks GmbH (for 68 months)
• NUMLOG (for 68 months)
• WinGo AG (for 68 months)
• Ecole Centrale de Nantes LHEEA (for 64 months)
• Entr ouvert (for 59 months)
• Adfinis AG (for 56 months)
• GNI MEDIA (for 51 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 51 months)
• Tesorion (for 51 months)
• Bearstech (for 42 months)
• LiHAS (for 42 months)
• People Doc (for 39 months)
• Catalyst IT Ltd (for 37 months)
• Supagro (for 32 months)
• Demarcq SAS (for 31 months)
• Universit Grenoble Alpes (for 17 months)
• TouchWeb SAS (for 9 months)
• SPiN AG (for 6 months)
• CoreFiling

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In June, 202.00 work hours have been dispatched among 12 paid contributors. Their reports are available:

• Abhijith PA did 8h (out of 14h assigned), thus carrying over 6h to July.
• Ben Hutchings did 20h (out of 20h assigned).
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did 4h from his backlog of 58.25h from May, thus carrying over 54.25h to July.
• Markus Koschany did 60h (out of 48.25h backlog from May and 11.75h extra hours manually assigned).
• Mike Gabriel did 8h (out of 8h assigned).
• Ola Lundqvist did 12.5h (out of 12h assigned and 7.5h from May), thus carrying over 7h to July.
• Roberto C. S nchez did 28.75h (out of 30h assigned), thus carrying over 1.25h to July.
• Sylvain Beucler did 30h (out of 30h assigned).
• Thorsten Alteholz did 30h (out of 30h assigned).
• Utkarsh Gupta did 30h (out of 30h assigned).

Evolution of the situation June was the last month of Jessie LTS which ended on 2020-06-20. If you still need to run Jessie somewhere, please read the post about keeping Debian 8 Jessie alive for longer than 5 years.
So, as (Jessie) LTS is dead, long live the new LTS, Stretch LTS! Stretch has received its last point release, so regular LTS operations can now continue.
Accompanying this, for the first time, we have prepared a small survey about our users and contributors, who they are and why they are using LTS. Filling out the survey should take less than 10 minutes. We would really appreciate if you could participate in the survey online! On July 27th 2020 we will close the survey, so please don t hesitate and participate now! After that, there will be a followup with the results. The security tracker for Stretch LTS currently lists 29 packages with a known CVE and the dla-needed.txt file has 44 packages needing an update in Stretch LTS. Thanks to our sponsors New sponsors are in bold. We welcome CoreFiling this month!

• Platinum sponsors:
• TOSHIBA (for 58 months)
• GitHub (for 48 months)
• Civil Infrastructure Platform (CIP) (for 26 months)
• Gold sponsors:
• Blablacar (for 73 months)
• Roche Diagnostics International AG (for 69 months)
• Linode (for 63 months)
• Babiel GmbH (for 52 months)
• Plat Home (for 51 months)
• University of Oxford (for 8 months)
• Silver sponsors:
• The Positive Internet Company (for 74 months)
• Domeneshop AS (for 73 months)
• Nantes M tropole (for 67 months)
• Univention GmbH (for 59 months)
• Universit Jean Monnet de St Etienne (for 59 months)
• Ribbon Communications, Inc. (for 53 months)
• Exonet B.V. (for 42 months)
• Leibniz Rechenzentrum (for 36 months)
• CINECA (for 26 months)
• Minist re de l Europe et des Affaires trang res (for 20 months)
• Cloudways Ltd (for 9 months)
• Dinahosting SL (for 7 months)
• Platform.sh
• Bauer Xcel Media Deutschland KG
• Bronze sponsors:
• Seznam.cz, a.s. (for 74 months)
• Evolix (for 73 months)
• Linuxhotel GmbH (for 71 months)
• Intevation GmbH (for 70 months)
• Daevel SARL (for 69 months)
• Bitfolk LTD (for 68 months)
• Megaspace Internet Services GmbH (for 68 months)
• Greenbone Networks GmbH (for 67 months)
• NUMLOG (for 67 months)
• WinGo AG (for 66 months)
• Ecole Centrale de Nantes LHEEA (for 63 months)
• Entr ouvert (for 58 months)
• Adfinis AG (for 55 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 50 months)
• Tesorion (for 50 months)
• GNI MEDIA (for 49 months)
• Bearstech (for 41 months)
• LiHAS (for 41 months)
• People Doc (for 37 months)
• Catalyst IT Ltd (for 36 months)
• Supagro (for 31 months)
• Demarcq SAS (for 29 months)
• Universit Grenoble Alpes (for 16 months)
• TouchWeb SAS (for 8 months)
• SPiN AG (for 4 months)
• CoreFiling

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In May, 198 work hours have been dispatched among 14 paid contributors. Their reports are available:

• Abhijith PA did 18.0h (out of 14h assigned and 4h from April).
• Anton Gladky gave back the assigned 10h and declared himself inactive.
• Ben Hutchings did 19.75h (out of 17.25h assigned and 2.5h from April).
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 17.25h (out of 17.25h assigned).
• Dylan A ssi gave back the assigned 6h and declared himself inactive.
• Emilio Pozuelo Monfort did not manage to work LTS in May and now reported 5h work in April (out of 17.25h assigned plus 46h from April), thus is carrying over 58.25h for June.
• Markus Koschany did 25.0h (out of 17.25h assigned and 56h from April), thus carrying over 48.25h to June.
• Mike Gabriel did 14.50h (out of 8h assigned and 6.5h from April).
• Ola Lundqvist did 11.5h (out of 12h assigned and 7h from April), thus carrying over 7.5h to June.
• Roberto C. S nchez did 17.25h (out of 17.25h assigned).
• Sylvain Beucler did 17.25h (out of 17.25h assigned).
• Thorsten Alteholz did 17.25h (out of 17.25h assigned).
• Utkarsh Gupta did 17.25h (out of 17.25h assigned).

Evolution of the situation In May 2020 we had our second (virtual) contributors meeting on IRC, Logs and minutes are available online. Then we also moved our ToDo from the Debian wiki to the issue tracker on salsa.debian.org.
Sadly three contributors went inactive in May: Adrian Bunk, Anton Gladky and Dylan A ssi. And while there are currently still enough active contributors to shoulder the existing work, we like to use this opportunity that we are always looking for new contributors. Please mail Holger if you are interested.
Finally, we like to remind you for a last time, that the end of Jessie LTS is coming in less than a month!
In case you missed it (or missed to act), please read this post about keeping Debian 8 Jessie alive for longer than 5 years. If you expect to have Debian 8 servers/devices running after June 30th 2020, and would like to have security updates for them, please get in touch with Freexian. The security tracker currently lists 6 packages with a known CVE and the dla-needed.txt file has 30 packages needing an update. Thanks to our sponsors New sponsors are in bold. With the upcoming start of Jessie ELTS, we are welcoming a few new sponsors and others should join soon.

• Platinum sponsors:
• TOSHIBA (for 57 months)
• GitHub (for 47 months)
• Civil Infrastructure Platform (CIP) (for 25 months)
• Gold sponsors:
• Blablacar (for 72 months)
• Roche Diagnostics International AG (for 68 months)
• Linode (for 62 months)
• Babiel GmbH (for 51 months)
• Plat Home (for 50 months)
• University of Oxford (for 7 months)
• Silver sponsors:
• The Positive Internet Company (for 73 months)
• Domeneshop AS (for 72 months)
• Nantes M tropole (for 66 months)
• Univention GmbH (for 58 months)
• Universit Jean Monnet de St Etienne (for 58 months)
• Ribbon Communications, Inc. (for 52 months)
• Exonet B.V. (for 41 months)
• Leibniz Rechenzentrum (for 36 months)
• CINECA (for 25 months)
• Minist re de l Europe et des Affaires trang res (for 19 months)
• Cloudways Ltd (for 8 months)
• Dinahosting SL (for 6 months)
• Platform.sh
• Bauer Xcel Media Deutschland KG
• Bronze sponsors:
• Evolix (for 73 months)
• Seznam.cz, a.s. (for 73 months)
• MyTux (for 72 months)
• Linuxhotel GmbH (for 70 months)
• Intevation GmbH (for 69 months)
• Daevel SARL (for 68 months)
• Bitfolk LTD (for 67 months)
• Megaspace Internet Services GmbH (for 67 months)
• Greenbone Networks GmbH (for 66 months)
• NUMLOG (for 66 months)
• WinGo AG (for 65 months)
• Ecole Centrale de Nantes LHEEA (for 62 months)
• Sig-I/O (for 59 months)
• Entr ouvert (for 57 months)
• Adfinis AG (for 54 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 49 months)
• Tesorion (for 49 months)
• GNI MEDIA (for 48 months)
• Bearstech (for 40 months)
• LiHAS (for 40 months)
• People Doc (for 36 months)
• Catalyst IT Ltd (for 35 months)
• Supagro (for 30 months)
• Demarcq SAS (for 29 months)
• Universit Grenoble Alpes (for 15 months)
• TouchWeb SAS (for 7 months)
• SPiN AG (for 3 months)

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In April, 284.5 work hours have been dispatched among 14 paid contributors. Their reports are available:

• Abhijith PA did 10.0h (out of 14h assigned), thus carrying over 4h to May.
• Adrian Bunk did nothing (out of 28.75h assigned), thus is carrying over 28.75h for May.
• Ben Hutchings did 26h (out of 20h assigned and 8.5h from March), thus carrying over 2.5h to May.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Dylan A ssi did 6h (out of 6h assigned).
• Emilio Pozuelo Monfort did not report back about their work so we assume they did nothing (out of 28.75h assigned plus 17.25h from March), thus is carrying over 46h for May.
• Markus Koschany did 11.5h (out of 28.75h assigned and 38.75h from March), thus carrying over 56h to May.
• Mike Gabriel did 1.5h (out of 8h assigned), thus carrying over 6.5h to May.
• Ola Lundqvist did 13.5h (out of 12h assigned and 8.5h from March), thus carrying over 7h to May.
• Roberto C. S nchez did 28.75h (out of 28.75h assigned).
• Sylvain Beucler did 28.75h (out of 28.75h assigned).
• Thorsten Alteholz did 28.75h (out of 28.75h assigned).
• Utkarsh Gupta did 24h (out of 24h assigned).

Evolution of the situation In April we dispatched more hours than ever and another was new too, we had our first (virtual) contributors meeting on IRC! Logs and minutes are available and we plan to continue doing IRC meetings every other month.
Sadly one contributor decided to go inactive in April, Hugo Lefeuvre.
Finally, we like to remind you, that the end of Jessie LTS is coming in less than two months!
In case you missed it (or missed to act), please read this post about keeping Debian 8 Jessie alive for longer than 5 years. If you expect to have Debian 8 servers/devices running after June 30th 2020, and would like to have security updates for them, please get in touch with Freexian. The security tracker currently lists 4 packages with a known CVE and the dla-needed.txt file has 25 packages needing an update. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 56 months)
• GitHub (for 46 months)
• Civil Infrastructure Platform (CIP) (for 24 months)
• Gold sponsors:
• Blablacar (for 71 months)
• Roche Diagnostics International AG (for 67 months)
• Linode (for 61 months)
• Babiel GmbH (for 50 months)
• Plat Home (for 49 months)
• University of Oxford (for 6 months)
• Silver sponsors:
• The Positive Internet Company (for 72 months)
• Domeneshop AS (for 71 months)
• Nantes M tropole (for 65 months)
• Univention GmbH (for 57 months)
• Universit Jean Monnet de St Etienne (for 57 months)
• Ribbon Communications, Inc. (for 51 months)
• Exonet B.V. (for 40 months)
• Leibniz Rechenzentrum (for 34 months)
• CINECA (for 24 months)
• Minist re de l Europe et des Affaires trang res (for 18 months)
• Cloudways Ltd (for 7 months)
• Dinahosting SL (for 5 months)
• Bronze sponsors:
• Seznam.cz, a.s. (for 72 months)
• Evolix (for 71 months)
• MyTux (for 71 months)
• Linuxhotel GmbH (for 69 months)
• Intevation GmbH (for 68 months)
• Daevel SARL (for 67 months)
• Bitfolk LTD (for 66 months)
• Megaspace Internet Services GmbH (for 66 months)
• Greenbone Networks GmbH (for 65 months)
• NUMLOG (for 65 months)
• WinGo AG (for 64 months)
• Ecole Centrale de Nantes LHEEA (for 61 months)
• Sig-I/O (for 58 months)
• Entr ouvert (for 56 months)
• Adfinis SyGroup AG (for 53 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 48 months)
• Tesorion (for 48 months)
• GNI MEDIA (for 47 months)
• Bearstech (for 39 months)
• LiHAS (for 39 months)
• People Doc (for 35 months)
• Catalyst IT Ltd (for 33 months)
• Supagro (for 29 months)
• Demarcq SAS (for 27 months)
• Universit Grenoble Alpes (for 14 months)
• TouchWeb SAS (for 6 months)
• SPiN AG

No comment Liked this article? Click here. My blog is Flattr-enabled.

Because posting private keys on the Internet is a bad idea, some people like to redact their private keys, so that it looks kinda-sorta like a private key, but it isn t actually giving away anything secret. Unfortunately, due to the way that private keys are represented, it is easy to redact a key in such a way that it doesn t actually redact anything at all. RSA private keys are particularly bad at this, but the problem can (potentially) apply to other keys as well. I ll show you a bit of Inside Baseball with key formats, and then demonstrate the practical implications. Finally, we ll go through a practical worked example from an actual not-really-redacted key I recently stumbled across in my travels.

The Private Lives of Private Keys Here is what a typical private key looks like, when you come across it:

-----BEGIN RSA PRIVATE KEY-----
MGICAQACEQCxjdTmecltJEz2PLMpS4BXAgMBAAECEDKtuwD17gpagnASq1zQTYEC
CQDVTYVsjjF7IQIJANUYZsIjRsR3AgkAkahDUXL0RSECCB78r2SnsJC9AghaOK3F
sKoELg==
-----END RSA PRIVATE KEY-----

Obviously, there s some hidden meaning in there computers don t encrypt things by shouting BEGIN RSA PRIVATE KEY! , after all. What is between the BEGIN/END lines above is, in fact, a base64-encoded DER format ASN.1 structure representing a PKCS#1 private key. In simple terms, it s a list of numbers very important numbers. The list of numbers is, in order:

• A version number (0);
• The public modulus , commonly referred to as n ;
• The public exponent , or e (which is almost always 65,537, for various unimportant reasons);
• The private exponent , or d ;
• The two private primes , or p and q ;
• Two exponents, which are known as dmp1 and dmq1 ; and
• A coefficient, known as iqmp .

Why Is This a Problem? The thing is, only three of those numbers are actually required in a private key. The rest, whilst useful to allow the RSA encryption and decryption to be more efficient, aren t necessary. The three absolutely required values are e, p, and q. Of the other numbers, most of them are at least about the same size as each of p and q. So of the total data in an RSA key, less than a quarter of the data is required. Let me show you with the above toy key, by breaking it down piece by piece¹:

• MGI DER for this is a sequence
• CAQ version (0)
• CxjdTmecltJEz2PLMpS4BX n
• AgMBAA e
• ECEDKtuwD17gpagnASq1zQTY d
• ECCQDVTYVsjjF7IQ p
• IJANUYZsIjRsR3 q
• AgkAkahDUXL0RS dmp1
• ECCB78r2SnsJC9 dmq1
• AghaOK3FsKoELg== iqmp

Remember that in order to reconstruct all of these values, all I need are e, p, and q and e is pretty much always 65,537. So I could redact almost all of this key, and still give all the important, private bits of this key. Let me show you:

-----BEGIN RSA PRIVATE KEY-----
..............................................................EC
CQDVTYVsjjF7IQIJANUYZsIjRsR3....................................
........
-----END RSA PRIVATE KEY-----

Now, I doubt that anyone is going to redact a key precisely like this but then again, this isn t a typical RSA key. They usually look a lot more like this:

-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAu6Inch7+mWtKn+leB9uCG3MaJIxRyvC/5KTz2fR+h+GOhqj4
SZJobiVB4FrE5FgC7AnlH6qeRi9MI0s6dt5UWZ5oNIeWSaOOeNO+EJDUkSVf67wj
SNGXlSjGAkPZ0nRJiDjhuPvQmdW53hOaBLk5udxPEQbenpXAzbLJ7wH5ouLQ3nQw
HwpwDNQhF6zRO8WoscpDVThOAM+s4PS7EiK8ZR4hu2toon8Ynadlm95V45wR0VlW
zywgbkZCKa1IMrDCscB6CglQ10M3Xzya3iTzDtQxYMVqhDrA7uBYRxA0y1sER+Rb
yhEh03xz3AWemJVLCQuU06r+FABXJuY/QuAVvQIDAQABAoIBAFqwWVhzWqNUlFEO
PoCVvCEAVRZtK+tmyZj9kU87ORz8DCNR8A+/T/JM17ZUqO2lDGSBs9jGYpGRsr8s
USm69BIM2ljpX95fyzDjRu5C0jsFUYNi/7rmctmJR4s4uENcKV5J/++k5oI0Jw4L
c1ntHNWUgjK8m0UTJIlHbQq0bbAoFEcfdZxd3W+SzRG3jND3gifqKxBG04YDwloy
tu+bPV2jEih6p8tykew5OJwtJ3XsSZnqJMwcvDciVbwYNiJ6pUvGq6Z9kumOavm9
XU26m4cWipuK0URWbHWQA7SjbktqEpxsFrn5bYhJ9qXgLUh/I1+WhB2GEf3hQF5A
pDTN4oECgYEA7Kp6lE7ugFBDC09sKAhoQWrVSiFpZG4Z1gsL9z5YmZU/vZf0Su0n
9J2/k5B1GghvSwkTqpDZLXgNz8eIX0WCsS1xpzOuORSNvS1DWuzyATIG2cExuRiB
jYWIJUeCpa5p2PdlZmBrnD/hJ4oNk4oAVpf+HisfDSN7HBpN+TJfcAUCgYEAyvY7
Y4hQfHIdcfF3A9eeCGazIYbwVyfoGu70S/BZb2NoNEPymqsz7NOfwZQkL4O7R3Wl
Rm0vrWT8T5ykEUgT+2ruZVXYSQCKUOl18acbAy0eZ81wGBljZc9VWBrP1rHviVWd
OVDRZNjz6nd6ZMrJvxRa24TvxZbJMmO1cgSW1FkCgYAoWBd1WM9HiGclcnCZknVT
UYbykCeLO0mkN1Xe2/32kH7BLzox26PIC2wxF5seyPlP7Ugw92hOW/zewsD4nLze
v0R0oFa+3EYdTa4BvgqzMXgBfvGfABJ1saG32SzoWYcpuWLLxPwTMsCLIPmXgRr1
qAtl0SwF7Vp7O/C23mNukQKBgB89DOEB7xloWv3Zo27U9f7nB7UmVsGjY8cZdkJl
6O4LB9PbjXCe3ywZWmJqEbO6e83A3sJbNdZjT65VNq9uP50X1T+FmfeKfL99X2jl
RnQTsrVZWmJrLfBSnBkmb0zlMDAcHEnhFYmHFuvEnfL7f1fIoz9cU6c+0RLPY/L7
n9dpAoGAXih17mcmtnV+Ce+lBWzGWw9P4kVDSIxzGxd8gprrGKLa3Q9VuOrLdt58
++UzNUaBN6VYAe4jgxGfZfh+IaSlMouwOjDgE/qzgY8QsjBubzmABR/KWCYiRqkj
qpWCgo1FC1Gn94gh/+dW2Q8+NjYtXWNqQcjRP4AKTBnPktEvdMA=
-----END RSA PRIVATE KEY-----

People typically redact keys by deleting whole lines, and usually replacing them with [...] and the like. But only about 345 of those 1588 characters (excluding the header and footer) are required to construct the entire key. You can redact about 4/5ths of that giant blob of stuff, and your private parts (or at least, those of your key) are still left uncomfortably exposed.

But Wait! There s More! Remember how I said that everything in the key other than e, p, and q could be derived from those three numbers? Let s talk about one of those numbers: n. This is known as the public modulus (because, along with e, it is also present in the public key). It is very easy to calculate: n = p * q. It is also very early in the key (the second number, in fact). Since n = p * q, it follows that q = n / p. Thus, as long as the key is intact up to p, you can derive q by simple division.

Real World Redaction At this point, I d like to introduce an acquaintance of mine: Mr. Johan Finn. He is the proud owner of the GitHub repo johanfinn/scripts. For a while, his repo contained a script that contained a poorly-redacted private key. He since deleted it, by making a new commit, but of course because git never really deletes anything, it s still available. Of course, Mr. Finn may delete the repo, or force-push a new history without that commit, so here is the redacted private key, with a bit of the surrounding shell script, for our illustrative pleasure:

#Add private key to .ssh folder
cd /home/johan/.ssh/
echo  "-----BEGIN RSA PRIVATE KEY-----
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
 
MIIJKgIBAAKCAgEAxEVih1JGb8gu/Fm4AZh+ZwJw/pjzzliWrg4mICFt1g7SmIE2
TCQMKABdwd11wOFKCPc/UzRH/fHuQcvWrpbOSdqev/zKff9iedKw/YygkMeIRaXB
fYELqvUAOJ8PPfDm70st9GJRhjGgo5+L3cJB2gfgeiDNHzaFvapRSU0oMGQX+kI9
ezsjDAn+0Pp+r3h/u1QpLSH4moRFGF4omNydI+3iTGB98/EzuNhRBHRNq4oBV5SG
Pq/A1bem2ninnoEaQ+OPESxYzDz3Jy9jV0W/6LvtJ844m+XX69H5fqq5dy55z6DW
sGKn78ULPVZPsYH5Y7C+CM6GAn4nYCpau0t52sqsY5epXdeYx4Dc+Wm0CjXrUDEe
Egl4loPKDxJkQqQ/MQiz6Le/UK9vEmnWn1TRXK3ekzNV4NgDfJANBQobOpwt8WVB
rbsC0ON7n680RQnl7PltK9P1AQW5vHsahkoixk/BhcwhkrkZGyDIl9g8Q/Euyoq3
eivKPLz7/rhDE7C1BzFy7v8AjC3w7i9QeHcWOZFAXo5hiDasIAkljDOsdfD4tP5/
wSO6E6pjL3kJ+RH2FCHd7ciQb+IcuXbku64ln8gab4p8jLa/mcMI+V3eWYnZ82Yu
axsa85hAe4wb60cp/rCJo7ihhDTTvGooqtTisOv2nSvCYpcW9qbL6cGjAXECAwEA
AQKCAgEAjz6wnWDP5Y9ts2FrqUZ5ooamnzpUXlpLhrbu3m5ncl4ZF5LfH+QDN0Kl
KvONmHsUhJynC/vROybSJBU4Fu4bms1DJY3C39h/L7g00qhLG7901pgWMpn3QQtU
4P49qpBii20MGhuTsmQQALtV4kB/vTgYfinoawpo67cdYmk8lqzGzzB/HKxZdNTq
s+zOfxRr7PWMo9LyVRuKLjGyYXZJ/coFaobWBi8Y96Rw5NZZRYQQXLIalC/Dhndm
AHckpstEtx2i8f6yxEUOgPvV/gD7Akn92RpqOGW0g/kYpXjGqZQy9PVHGy61sInY
HSkcOspIkJiS6WyJY9JcvJPM6ns4b84GE9qoUlWVF3RWJk1dqYCw5hz4U8LFyxsF
R6WhYiImvjxBLpab55rSqbGkzjI2z+ucDZyl1gqIv9U6qceVsgRyuqdfVN4deU22
LzO5IEDhnGdFqg9KQY7u8zm686Ejs64T1sh0y4GOmGsSg+P6nsqkdlXH8C+Cf03F
lqPFg8WQC7ojl/S8dPmkT5tcJh3BPwIWuvbtVjFOGQc8x0lb+NwK8h2Nsn6LNazS
0H90adh/IyYX4sBMokrpxAi+gMAWiyJHIHLeH2itNKtAQd3qQowbrWNswJSgJzsT
JuJ7uqRKAFkE6nCeAkuj/6KHHMPsfCAffVdyGaWqhoxmPOrnVgECggEBAOrCCwiC
XxwUgjOfOKx68siFJLfHf4vPo42LZOkAQq5aUmcWHbJVXmoxLYSczyAROopY0wd6
Dx8rqnpO7OtZsdJMeBSHbMVKoBZ77hiCQlrljcj12moFaEAButLCdZFsZW4zF/sx
kWIAaPH9vc4MvHHyvyNoB3yQRdevu57X7xGf9UxWuPil/jvdbt9toaraUT6rUBWU
GYPNKaLFsQzKsFWAzp5RGpASkhuiBJ0Qx3cfLyirjrKqTipe3o3gh/5RSHQ6VAhz
gdUG7WszNWk8FDCL6RTWzPOrbUyJo/wz1kblsL3vhV7ldEKFHeEjsDGroW2VUFlS
asAHNvM4/uYcOSECggEBANYH0427qZtLVuL97htXW9kCAT75xbMwgRskAH4nJDlZ
IggDErmzBhtrHgR+9X09iL47jr7dUcrVNPHzK/WXALFSKzXhkG/yAgmt3r14WgJ6
5y7010LlPFrzaNEyO/S4ISuBLt4cinjJsrFpoo0WI8jXeM5ddG6ncxdurKXMymY7
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::.::
:::::::::::::::::::::::::::.::::::::::::::::::::::::::::::::::::
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLlL
 
 
 
YYYYYYYYYYYYYYYYYYYYYyYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
gff0GJCOMZ65pMSy3A3cSAtjlKnb4fWzuHD5CFbusN4WhCT/tNxGNSpzvxd8GIDs
nY7exs9L230oCCpedVgcbayHCbkChEfoPzL1e1jXjgCwCTgt8GjeEFqc1gXNEaUn
O8AJ4VlR8fRszHm6yR0ZUBdY7UJddxQiYOzt0S1RLlECggEAbdcs4mZdqf3OjejJ
06oTPs9NRtAJVZlppSi7pmmAyaNpOuKWMoLPElDAQ3Q7VX26LlExLCZoPOVpdqDH
KbdmBEfTR4e11Pn9vYdu9/i6o10U4hpmf4TYKlqk10g1Sj21l8JATj/7Diey8scO
sAI1iftSg3aBSj8W7rxCxSezrENzuqw5D95a/he1cMUTB6XuravqZK5O4eR0vrxR
AvMzXk5OXrUEALUvt84u6m6XZZ0pq5XZxq74s8p/x1JvTwcpJ3jDKNEixlHfdHEZ
ZIu/xpcwD5gRfVGQamdcWvzGHZYLBFO1y5kAtL8kI9tW7WaouWVLmv99AyxdAaCB
Y5mBAQKCAQEAzU7AnorPzYndlOzkxRFtp6MGsvRBsvvqPLCyUFEXrHNV872O7tdO
GmsMZl+q+TJXw7O54FjJJvqSSS1sk68AGRirHop7VQce8U36BmI2ZX6j2SVAgIkI
9m3btCCt5rfiCatn2+Qg6HECmrCsHw6H0RbwaXS4RZUXD/k4X+sslBitOb7K+Y+N
Bacq6QxxjlIqQdKKPs4P2PNHEAey+kEJJGEQ7bTkNxCZ21kgi1Sc5L8U/IGy0BMC
PvJxssLdaWILyp3Ws8Q4RAoC5c0ZP0W2j+5NSbi3jsDFi0Y6/2GRdY1HAZX4twem
Q0NCedq1JNatP1gsb6bcnVHFDEGsj/35oQKCAQEAgmWMuSrojR/fjJzvke6Wvbox
FRnPk+6YRzuYhAP/YPxSRYyB5at++5Q1qr7QWn7NFozFIVFFT8CBU36ktWQ39MGm
cJ5SGyN9nAbbuWA6e+/u059R7QL+6f64xHRAGyLT3gOb1G0N6h7VqFT25q5Tq0rc
Lf/CvLKoudjv+sQ5GKBPT18+zxmwJ8YUWAsXUyrqoFWY/Tvo5yLxaC0W2gh3+Ppi
EDqe4RRJ3VKuKfZxHn5VLxgtBFN96Gy0+Htm5tiMKOZMYAkHiL+vrVZAX0hIEuRZ
JJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJ
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
-----END RSA PRIVATE KEY-----" >> id_rsa

Now, if you try to reconstruct this key by removing the obvious garbage lines (the ones that are all repeated characters, some of which aren t even valid base64 characters), it still isn t a key at least, openssl pkey doesn t want anything to do with it. The key is very much still in there, though, as we shall soon see. Using a gem I wrote and a quick bit of Ruby, we can extract a complete private key. The irb session looks something like this:

>> require "derparse"
>> b64 = <<EOF
MIIJKgIBAAKCAgEAxEVih1JGb8gu/Fm4AZh+ZwJw/pjzzliWrg4mICFt1g7SmIE2
TCQMKABdwd11wOFKCPc/UzRH/fHuQcvWrpbOSdqev/zKff9iedKw/YygkMeIRaXB
fYELqvUAOJ8PPfDm70st9GJRhjGgo5+L3cJB2gfgeiDNHzaFvapRSU0oMGQX+kI9
ezsjDAn+0Pp+r3h/u1QpLSH4moRFGF4omNydI+3iTGB98/EzuNhRBHRNq4oBV5SG
Pq/A1bem2ninnoEaQ+OPESxYzDz3Jy9jV0W/6LvtJ844m+XX69H5fqq5dy55z6DW
sGKn78ULPVZPsYH5Y7C+CM6GAn4nYCpau0t52sqsY5epXdeYx4Dc+Wm0CjXrUDEe
Egl4loPKDxJkQqQ/MQiz6Le/UK9vEmnWn1TRXK3ekzNV4NgDfJANBQobOpwt8WVB
rbsC0ON7n680RQnl7PltK9P1AQW5vHsahkoixk/BhcwhkrkZGyDIl9g8Q/Euyoq3
eivKPLz7/rhDE7C1BzFy7v8AjC3w7i9QeHcWOZFAXo5hiDasIAkljDOsdfD4tP5/
wSO6E6pjL3kJ+RH2FCHd7ciQb+IcuXbku64ln8gab4p8jLa/mcMI+V3eWYnZ82Yu
axsa85hAe4wb60cp/rCJo7ihhDTTvGooqtTisOv2nSvCYpcW9qbL6cGjAXECAwEA
AQKCAgEAjz6wnWDP5Y9ts2FrqUZ5ooamnzpUXlpLhrbu3m5ncl4ZF5LfH+QDN0Kl
KvONmHsUhJynC/vROybSJBU4Fu4bms1DJY3C39h/L7g00qhLG7901pgWMpn3QQtU
4P49qpBii20MGhuTsmQQALtV4kB/vTgYfinoawpo67cdYmk8lqzGzzB/HKxZdNTq
s+zOfxRr7PWMo9LyVRuKLjGyYXZJ/coFaobWBi8Y96Rw5NZZRYQQXLIalC/Dhndm
AHckpstEtx2i8f6yxEUOgPvV/gD7Akn92RpqOGW0g/kYpXjGqZQy9PVHGy61sInY
HSkcOspIkJiS6WyJY9JcvJPM6ns4b84GE9qoUlWVF3RWJk1dqYCw5hz4U8LFyxsF
R6WhYiImvjxBLpab55rSqbGkzjI2z+ucDZyl1gqIv9U6qceVsgRyuqdfVN4deU22
LzO5IEDhnGdFqg9KQY7u8zm686Ejs64T1sh0y4GOmGsSg+P6nsqkdlXH8C+Cf03F
lqPFg8WQC7ojl/S8dPmkT5tcJh3BPwIWuvbtVjFOGQc8x0lb+NwK8h2Nsn6LNazS
0H90adh/IyYX4sBMokrpxAi+gMAWiyJHIHLeH2itNKtAQd3qQowbrWNswJSgJzsT
JuJ7uqRKAFkE6nCeAkuj/6KHHMPsfCAffVdyGaWqhoxmPOrnVgECggEBAOrCCwiC
XxwUgjOfOKx68siFJLfHf4vPo42LZOkAQq5aUmcWHbJVXmoxLYSczyAROopY0wd6
Dx8rqnpO7OtZsdJMeBSHbMVKoBZ77hiCQlrljcj12moFaEAButLCdZFsZW4zF/sx
kWIAaPH9vc4MvHHyvyNoB3yQRdevu57X7xGf9UxWuPil/jvdbt9toaraUT6rUBWU
GYPNKaLFsQzKsFWAzp5RGpASkhuiBJ0Qx3cfLyirjrKqTipe3o3gh/5RSHQ6VAhz
gdUG7WszNWk8FDCL6RTWzPOrbUyJo/wz1kblsL3vhV7ldEKFHeEjsDGroW2VUFlS
asAHNvM4/uYcOSECggEBANYH0427qZtLVuL97htXW9kCAT75xbMwgRskAH4nJDlZ
IggDErmzBhtrHgR+9X09iL47jr7dUcrVNPHzK/WXALFSKzXhkG/yAgmt3r14WgJ6
5y7010LlPFrzaNEyO/S4ISuBLt4cinjJsrFpoo0WI8jXeM5ddG6ncxdurKXMymY7
EOF
>> b64 += <<EOF
gff0GJCOMZ65pMSy3A3cSAtjlKnb4fWzuHD5CFbusN4WhCT/tNxGNSpzvxd8GIDs
nY7exs9L230oCCpedVgcbayHCbkChEfoPzL1e1jXjgCwCTgt8GjeEFqc1gXNEaUn
O8AJ4VlR8fRszHm6yR0ZUBdY7UJddxQiYOzt0S1RLlECggEAbdcs4mZdqf3OjejJ
06oTPs9NRtAJVZlppSi7pmmAyaNpOuKWMoLPElDAQ3Q7VX26LlExLCZoPOVpdqDH
KbdmBEfTR4e11Pn9vYdu9/i6o10U4hpmf4TYKlqk10g1Sj21l8JATj/7Diey8scO
sAI1iftSg3aBSj8W7rxCxSezrENzuqw5D95a/he1cMUTB6XuravqZK5O4eR0vrxR
AvMzXk5OXrUEALUvt84u6m6XZZ0pq5XZxq74s8p/x1JvTwcpJ3jDKNEixlHfdHEZ
ZIu/xpcwD5gRfVGQamdcWvzGHZYLBFO1y5kAtL8kI9tW7WaouWVLmv99AyxdAaCB
Y5mBAQKCAQEAzU7AnorPzYndlOzkxRFtp6MGsvRBsvvqPLCyUFEXrHNV872O7tdO
GmsMZl+q+TJXw7O54FjJJvqSSS1sk68AGRirHop7VQce8U36BmI2ZX6j2SVAgIkI
9m3btCCt5rfiCatn2+Qg6HECmrCsHw6H0RbwaXS4RZUXD/k4X+sslBitOb7K+Y+N
Bacq6QxxjlIqQdKKPs4P2PNHEAey+kEJJGEQ7bTkNxCZ21kgi1Sc5L8U/IGy0BMC
PvJxssLdaWILyp3Ws8Q4RAoC5c0ZP0W2j+5NSbi3jsDFi0Y6/2GRdY1HAZX4twem
Q0NCedq1JNatP1gsb6bcnVHFDEGsj/35oQKCAQEAgmWMuSrojR/fjJzvke6Wvbox
FRnPk+6YRzuYhAP/YPxSRYyB5at++5Q1qr7QWn7NFozFIVFFT8CBU36ktWQ39MGm
cJ5SGyN9nAbbuWA6e+/u059R7QL+6f64xHRAGyLT3gOb1G0N6h7VqFT25q5Tq0rc
Lf/CvLKoudjv+sQ5GKBPT18+zxmwJ8YUWAsXUyrqoFWY/Tvo5yLxaC0W2gh3+Ppi
EDqe4RRJ3VKuKfZxHn5VLxgtBFN96Gy0+Htm5tiMKOZMYAkHiL+vrVZAX0hIEuRZ
EOF
>> der = b64.unpack("m").first
>> c = DerParse.new(der).first_node.first_child
>> version = c.value
=> 0
>> c = c.next_node
>> n = c.value
=> 80071596234464993385068908004931... # (etc)
>> c = c.next_node
>> e = c.value
=> 65537
>> c = c.next_node
>> d = c.value
=> 58438813486895877116761996105770... # (etc)
>> c = c.next_node
>> p = c.value
=> 29635449580247160226960937109864... # (etc)
>> c = c.next_node
>> q = c.value
=> 27018856595256414771163410576410... # (etc)

What I ve done, in case you don t speak Ruby, is take the two chunks of plausible-looking base64 data, chuck them together into a variable named b64, unbase64 it into a variable named der, pass that into a new DerParse instance, and then walk the DER value tree until I got all the values I need. Interestingly, the q value actually traverses the split in the two chunks, which means that there s always the possibility that there are lines missing from the key. However, since p and q are supposed to be prime, we can sanity check them to see if corruption is likely to have occurred:

>> require "openssl"
>> OpenSSL::BN.new(p).prime?
=> true
>> OpenSSL::BN.new(q).prime?
=> true

Excellent! The chances of a corrupted file producing valid-but-incorrect prime numbers isn t huge, so we can be fairly confident that we ve got the real p and q. Now, with the help of another one of my creations we can use e, p, and q to create a fully-operational battle key:

>> require "openssl/pkey/rsa"
>> k = OpenSSL::PKey::RSA.from_factors(p, q, e)
=> #<OpenSSL::PKey::RSA:0x0000559d5903cd38>
>> k.valid?
=> true
>> k.verify(OpenSSL::Digest::SHA256.new, k.sign(OpenSSL::Digest::SHA256.new, "bob"), "bob")
=> true

and there you have it. One fairly redacted-looking private key brought back to life by maths and far too much free time. Sorry Mr. Finn, I hope you re not still using that key on anything Internet-facing.

What About Other Key Types? EC keys are very different beasts, but they have much the same problems as RSA keys. A typical EC key contains both private and public data, and the public portion is twice the size so only about 1/3 of the data in the key is private material. It is quite plausible that you can redact an EC key and leave all the actually private bits exposed.

What Do We Do About It? In short: don t ever try and redact real private keys. For documentation purposes, just put KEY GOES HERE in the appropriate spot, or something like that. Store your secrets somewhere that isn t a public (or even private!) git repo. Generating a dummy private key and sticking it in there isn t a great idea, for different reasons: people have this odd habit of reusing demo keys in real life. There s no need to encourage that sort of thing.

---

1. Technically the pieces aren t 100% aligned with the underlying DER, because of how base64 works. I felt it was easier to understand if I stuck to chopping up the base64, rather than decoding into DER and then chopping up the DER.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In March, 252 work hours have been dispatched among 14 paid contributors. Their reports are available:

• Abhijith PA did 16.0h (out of 14h assigned and 2h from February).
• Ben Hutchings did 12.25h (out of 20h assigned and 0.75h from February), thus carrying over 8.5h to April.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Dylan A ssi did 6h (out of 6h assigned).
• Emilio Pozuelo Monfort did 19.5h (out of 30h assigned and 6.75h from February), thus carrying over 17.25h to April.
• Hugo Lefeuvre gave back the 12h he got assigned.
• Markus Koschany did 10h (out of 30h assigned and 18.75h from February), thus carrying over 38.75h to April.
• Mike Gabriel did 10.25h (out of 8h assigned and 2.25h from February).
• Ola Lundqvist did 6h (out of 12h assigned and 2.5h from February), thus carrying over 8.5h to April.
• Roberto C. S nchez did 6.25h (out of 8h assigned), and gave back the remaining 1.75h.
• Sylvain Beucler did 30h (out of 30h assigned).
• Thorsten Alteholz did 30h (out of 30h assigned).
• Utkarsh Gupta did 24h (out of 24h assigned).

Evolution of the situation March was a strange month for many people all over the globe. Here we ll just express our hopes that you are and will be well! LTS gained a new contributor in March, Anton Gladky, however he then decided to become active later this year. Similarly Hugo Lefeuvre notified us that he ll be inactive in April. In case you missed it (or missed to act), please read this post about keeping Debian 8 Jessie alive for longer than 5 years. If you expect to have Debian 8 servers/devices running after June 30th 2020, and would like to have security updates for them, please get in touch with Freexian. Hurry up: the end of Jessie LTS is coming in less than three months! The security tracker currently lists 25 packages with a known CVE and the dla-needed.txt file has 23 packages needing an update. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 55 months)
• GitHub (for 45 months)
• Civil Infrastructure Platform (CIP) (for 22 months)
• Gold sponsors:
• Blablacar (for 70 months)
• Roche Diagnostics International AG (for 65 months)
• Linode (for 59 months)
• Babiel GmbH (for 49 months)
• Plat Home (for 48 months)
• University of Oxford (for 4 months)
• Silver sponsors:
• The Positive Internet Company (for 71 months)
• Domeneshop AS (for 70 months)
• Nantes M tropole (for 64 months)
• Univention GmbH (for 56 months)
• Universit Jean Monnet de St Etienne (for 56 months)
• Ribbon Communications, Inc. (for 49 months)
• Exonet B.V. (for 39 months)
• Leibniz Rechenzentrum (for 33 months)
• CINECA (for 23 months)
• Minist re de l Europe et des Affaires trang res (for 17 months)
• Cloudways Ltd (for 6 months)
• Dinahosting SL (for 4 months)
• Bronze sponsors:
• Seznam.cz, a.s. (for 71 months)
• Evolix (for 70 months)
• MyTux (for 70 months)
• Intevation GmbH (for 67 months)
• Linuxhotel GmbH (for 67 months)
• Daevel SARL (for 66 months)
• Bitfolk LTD (for 65 months)
• Megaspace Internet Services GmbH (for 65 months)
• Greenbone Networks GmbH (for 64 months)
• NUMLOG (for 64 months)
• WinGo AG (for 63 months)
• Ecole Centrale de Nantes LHEEA (for 59 months)
• Sig-I/O (for 57 months)
• Entr ouvert (for 54 months)
• Adfinis SyGroup AG (for 52 months)
• GNI MEDIA (for 46 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 46 months)
• Tesorion (for 46 months)
• Bearstech (for 38 months)
• LiHAS (for 38 months)
• People Doc (for 34 months)
• Catalyst IT Ltd (for 32 months)
• Supagro (for 28 months)
• Demarcq SAS (for 26 months)
• TrapX Security (for 23 months)
• Universit Grenoble Alpes (for 12 months)
• TouchWeb SAS (for 4 months)
• SPiN AG

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In February, 226 work hours have been dispatched among 14 paid contributors. Their reports are available:

• Abhijith PA gave back 12 out of his assigned 14h, thus he is carrying over 2h for March.
• Ben Hutchings did 19.25h (out of 20h assigned), thus carrying over 0.75h to March.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Dylan A ssi did 5.5h (out of 4h assigned and 1.5h from January).
• Emilio Pozuelo Monfort did 29h (out of 20h assigned and 15.75h from January), thus carrying over 6.75h to March.
• Hugo Lefeuvre gave back the 12h he got assigned.
• Markus Koschany did 10h (out of 20h assigned and 8.75h from January), thus carrying over 18.75h to March.
• Mike Gabriel did 5.75h (out of 20h assigned) and gave 12h back to the pool, thus he is carrying over 2.25h to March.
• Ola Lundqvist did 10h (out of 8h assigned and 4.5h from January), thus carrying over 2.5h to March.
• Roberto C. S nchez did 20.25h (out of 20h assigned and 13h from January) and gave back 12.75h to the pool.
• Sylvain Beucler did 20h (out of 20h assigned).
• Thorsten Alteholz did 20h (out of 20h assigned).
• Utkarsh Gupta did 20h (out of 20h assigned).

Evolution of the situation February began as rather calm month and the fact that more contributors have given back unused hours is an indicator of this calmness and also an indicator that contributing to LTS has become more of a routine now, which is good. In the second half of February Holger Levsen (from LTS) and Salvatore Bonaccorso (from the Debian Security Team) met at SnowCamp in Italy and discussed tensions and possible improvements from and for Debian LTS. The security tracker currently lists 25 packages with a known CVE and the dla-needed.txt file has 21 packages needing an update. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 54 months)
• GitHub (for 44 months)
• Civil Infrastructure Platform (CIP) (for 22 months)
• Gold sponsors:
• Blablacar (for 69 months)
• Roche Diagnostics International AG (for 65 months)
• Linode (for 59 months)
• Babiel GmbH (for 48 months)
• Plat Home (for 47 months)
• University of Oxford (for 4 months)
• Silver sponsors:
• The Positive Internet Company (for 70 months)
• Domeneshop AS (for 69 months)
• Nantes M tropole (for 63 months)
• Univention GmbH (for 55 months)
• Universit Jean Monnet de St Etienne (for 55 months)
• Ribbon Communications, Inc. (for 49 months)
• Exonet B.V. (for 38 months)
• Leibniz Rechenzentrum (for 32 months)
• CINECA (for 22 months)
• Minist re de l Europe et des Affaires trang res (for 16 months)
• Cloudways Ltd (for 5 months)
• Dinahosting SL (for 3 months)
• Bronze sponsors:
• Seznam.cz, a.s. (for 70 months)
• Evolix (for 69 months)
• MyTux (for 69 months)
• Linuxhotel GmbH (for 67 months)
• Intevation GmbH (for 66 months)
• Daevel SARL (for 65 months)
• Bitfolk LTD (for 64 months)
• Megaspace Internet Services GmbH (for 64 months)
• Greenbone Networks GmbH (for 63 months)
• NUMLOG (for 63 months)
• WinGo AG (for 62 months)
• Ecole Centrale de Nantes LHEEA (for 59 months)
• Sig-I/O (for 56 months)
• Entr ouvert (for 54 months)
• Adfinis SyGroup AG (for 51 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 46 months)
• Tesorion (for 46 months)
• GNI MEDIA (for 45 months)
• Bearstech (for 37 months)
• LiHAS (for 37 months)
• People Doc (for 33 months)
• Catalyst IT Ltd (for 32 months)
• Supagro (for 27 months)
• Demarcq SAS (for 25 months)
• TrapX Security (for 22 months)
• Universit Grenoble Alpes (for 12 months)
• TouchWeb SAS (for 4 months)
• SPiN AG

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In October, about 197 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Antoine Beaupr did 21h (out of 16h allocated + 8.75h remaining, thus keeping 3.75h for November).
• Ben Hutchings did 20 hours (out of 15h allocated + 9 extra hours, thus keeping 4 extra hours for November).
• Brian May did 10 hours.
• Chris Lamb did 18 hours.
• Emilio Pozuelo Monfort did 7 hours (out of 20.75 hours allocated + 1.5 hours remaining, thus keeping 15.25 hours for November).
• Guido G nther did 6.5 hours (out of 11h allocated + 1 extra hour, thus keeping 5.5h for November).
• Hugo Lefeuvre did 20h.
• Lucas Kanashiro did 2 hours (out of 5h allocated, thus keeping 3 hours for November).
• Markus Koschany did 19 hours (out of 20.75h allocated, thus keeping 1.75 extra hours for November).
• Ola Lundqvist did 7.5h (out of 7h allocated + 0.5 extra hours).
• Rapha l Hertzog did 13.5 hours (out of 12h allocated + 1.5 extra hours).
• Roberto C. Sanchez did 11 hours (out of 20.75 hours allocated + 14.75 hours remaining, thus keeping 24.50 extra hours for November, he will give back remaining hours at the end of the month).
• Thorsten Alteholz did 20.75 hours.

Evolution of the situation The number of sponsored hours increased slightly to 183 hours per month. With the increasing number of security issues to deal with, and with the number of open issues not really going down, I decided to bump the funding target to what amounts to 1.5 full-time position. The security tracker currently lists 50 packages with a known CVE and the dla-needed.txt file 36 (we re a bit behind in CVE triaging apparently). Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 25 months)
• GitHub (for 16 months)
• Gold sponsors:
• The Positive Internet (for 41 months)
• Blablacar (for 40 months)
• Linode (for 30 months)
• Babiel GmbH (for 19 months)
• Plat Home (for 19 months)
• Silver sponsors:
• Domeneshop AS (for 40 months)
• Universit Lille 3 (for 40 months)
• Trollweb Solutions (for 38 months)
• Nantes M tropole (for 35 months)
• Dalenys (for 31 months)
• Univention GmbH (for 26 months)
• Universit Jean Monnet de St Etienne (for 26 months)
• Sonus Networks (for 20 months)
• maxcluster GmbH (for 14 months)
• Exonet B.V. (for 10 months)
• Leibniz Rechenzentrum (for 4 months)
• Vente-privee.com
• Bronze sponsors:
• David Ayers IntarS Austria (for 41 months)
• Evolix (for 41 months)
• Offensive Security (for 41 months)
• Seznam.cz, a.s. (for 41 months)
• Freeside Internet Service (for 40 months)
• MyTux (for 40 months)
• Intevation GmbH (for 38 months)
• Linuxhotel GmbH (for 38 months)
• Daevel SARL (for 36 months)
• Bitfolk LTD (for 35 months)
• Megaspace Internet Services GmbH (for 35 months)
• NUMLOG (for 35 months)
• Greenbone Networks GmbH (for 34 months)
• WinGo AG (for 34 months)
• Ecole Centrale de Nantes LHEEA (for 30 months)
• Sig-I/O (for 28 months)
• Entr ouvert (for 25 months)
• Adfinis SyGroup AG (for 23 months)
• GNI MEDIA (for 17 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 17 months)
• Quarantainenet BV (for 17 months)
• RHX Srl (for 14 months)
• Bearstech (for 8 months)
• LiHAS (for 8 months)
• People Doc (for 5 months)
• Catalyst IT Ltd (for 3 months)

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In August, about 170 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Antoine Beaupr did 7h (out of 15.75h allocated, thus keeping 8.75h for October).
• Ben Hutchings did 12 hours (out of 15h allocated + 6 extra hours, thus keeping 9 extra hours for October).
• Brian May did 10 hours.
• Chris Lamb did 15.75 hours.
• Emilio Pozuelo Monfort did 27 hours (out of 15.75 hours allocated + 12.75 hours remaining, thus keeping 1.5 hours for October).
• Guido G nther did 10 hours (out of 11h allocated, thus keeping one hour for October).
• Hugo Lefeuvre did 15h.
• Lucas Kanashiro did 5 hours.
• Markus Koschany did 15.75 hours.
• Ola Lundqvist did 13.5h (out of 7h allocated + 7 extra hours, thus keeping 0.5 extra hours for October).
• Rapha l Hertzog did 10.5 hours (out of 12h allocated, thus keeping 1.5 hours for October).
• Roberto C. Sanchez did 10 hours (out of 15.75 hours allocated + 9 hours remaining, thus keeping 14.75 extra hours for October).
• Thorsten Alteholz did 15.75 hours.

Evolution of the situation The number of sponsored hours is the same as last month. But we have a new sponsor in the pipe. The security tracker currently lists 52 packages with a known CVE and the dla-needed.txt file 49. The number of packages with open issues decreased slightly compared to last month but we re not yet back to the usual situation. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 24 months)
• GitHub (for 15 months)
• Gold sponsors:
• The Positive Internet (for 40 months)
• Blablacar (for 39 months)
• Linode (for 29 months)
• Babiel GmbH (for 18 months)
• Plat Home (for 18 months)
• Silver sponsors:
• Domeneshop AS (for 40 months)
• Universit Lille 3 (for 39 months)
• Trollweb Solutions (for 37 months)
• Nantes M tropole (for 34 months)
• Dalenys (for 30 months)
• Univention GmbH (for 25 months)
• Universit Jean Monnet de St Etienne (for 25 months)
• Sonus Networks (for 19 months)
• maxcluster GmbH (for 13 months)
• Exonet B.V. (for 9 months)
• Leibniz Rechenzentrum (for 3 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 40 months)
• Evolix (for 40 months)
• Offensive Security (for 40 months)
• Seznam.cz, a.s. (for 40 months)
• Freeside Internet Service (for 39 months)
• MyTux (for 39 months)
• Intevation GmbH (for 37 months)
• Linuxhotel GmbH (for 37 months)
• Daevel SARL (for 36 months)
• Bitfolk LTD (for 34 months)
• Megaspace Internet Services GmbH (for 34 months)
• NUMLOG (for 34 months)
• Greenbone Networks GmbH (for 33 months)
• WinGo AG (for 33 months)
• Ecole Centrale de Nantes LHEEA (for 29 months)
• Sig-I/O (for 27 months)
• Entr ouvert (for 24 months)
• Adfinis SyGroup AG (for 22 months)
• GNI MEDIA (for 16 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 16 months)
• Quarantainenet BV (for 16 months)
• RHX Srl (for 13 months)
• Bearstech (for 8 months)
• LiHAS (for 7 months)
• People Doc (for 4 months)
• Catalyst IT Ltd

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In August, about 189 work hours have been dispatched among 12 paid contributors. Their reports are available:

• Antoine Beaupr did 16h.
• Ben Hutchings did 10 hours (out of 15h allocated + 1 extra hour, thus keeping 6 extra hour for September).
• Chris Lamb did 18 hours.
• Emilio Pozuelo Monfort did 20.5 hours (out of 20.25 hours allocated + 13 hours remaining, thus keeping 12.75 hours for September).
• Guido G nther did 10 hours.
• Hugo Lefeuvre did 14h (out of 2h allocated + 12 extra hours).
• Lucas Kanashiro did 20.25 hours.
• Markus Koschany did 20.25 hours.
• Ola Lundqvist did 9h (out of 14h allocated + 16 extra hours, he gave back 14 hours, thus keeping 7 extra hours for September).
• Rapha l Hertzog did 12 hours.
• Roberto C. Sanchez did 27.25 hours (out of 20.25 hours allocated + 16 hours remaining, thus keeping 9 extra hours for September).
• Thorsten Alteholz did 20.25 hours.

Evolution of the situation The number of sponsored hours is the same as last month. The security tracker currently lists 59 packages with a known CVE and the dla-needed.txt file 60. The number of packages with open issues decreased slightly compared to last month but we re not yet back to the usual situation. The number of CVE to fix per package tends to increase due to the increased usage of fuzzers. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 22 months)
• GitHub (for 13 months)
• Gold sponsors:
• The Positive Internet (for 38 months)
• Blablacar (for 37 months)
• Linode (for 27 months)
• Babiel GmbH (for 16 months)
• Plat Home (for 16 months)
• Silver sponsors:
• Domeneshop AS (for 37 months)
• Universit Lille 3 (for 37 months)
• Trollweb Solutions (for 35 months)
• Nantes M tropole (for 32 months)
• Dalenys (for 28 months)
• Univention GmbH (for 23 months)
• Universit Jean Monnet de St Etienne (for 23 months)
• Sonus Networks (for 17 months)
• UR Communications BV (for 12 months)
• maxcluster GmbH (for 11 months)
• Exonet B.V. (for 7 months)
• Leibniz Rechenzentrum
• Bronze sponsors:
• David Ayers IntarS Austria (for 38 months)
• Evolix (for 38 months)
• Offensive Security (for 38 months)
• Seznam.cz, a.s. (for 38 months)
• Freeside Internet Service (for 37 months)
• MyTux (for 37 months)
• Intevation GmbH (for 35 months)
• Linuxhotel GmbH (for 35 months)
• Daevel SARL (for 33 months)
• Bitfolk LTD (for 32 months)
• Megaspace Internet Services GmbH (for 32 months)
• NUMLOG (for 32 months)
• Greenbone Networks GmbH (for 31 months)
• WinGo AG (for 31 months)
• Ecole Centrale de Nantes LHEEA (for 27 months)
• Sig-I/O (for 24 months)
• Entr ouvert (for 22 months)
• Adfinis SyGroup AG (for 19 months)
• GNI MEDIA (for 14 months)
• Quarantainenet BV (for 14 months)
• RHX Srl (for 11 months)
• Bearstech (for 5 months)
• LiHAS (for 5 months)
• People Doc
• Catalyst IT Ltd

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In July, about 181 work hours have been dispatched among 11 paid contributors. Their reports are available:

• Antoine Beaupr did 20h (out of 16h allocated + 4 extra hours).
• Ben Hutchings did 14 hours (out of 15h allocated, thus keeping 1 extra hour for August).
• Chris Lamb did 18 hours.
• Emilio Pozuelo Monfort did 18.5 hours (out of 23.5 hours allocated + 8 hours remaining, thus keeping 13 hours for August).
• Guido G nther did 10 hours.
• Hugo Lefeuvre did nothing due to personal problems (out of 2h allocated + 10 extra hours, thus keeping 12 extra hours for August).
• Markus Koschany did 23.5 hours.
• Ola Lundqvist did not publish his report yet (out of 14h allocated + 2 extra hours).
• Rapha l Hertzog did 7 hours (out of 12 hours allocated but he gave back his remaining hours).
• Roberto C. Sanchez did 19.5 hours (out of 23.5 hours allocated + 12 hours remaining, thus keeping 16 extra hours for August).
• Thorsten Alteholz did 23.5 hours.

Evolution of the situation The number of sponsored hours increased slightly with two new sponsors: Leibniz Rechenzentrum (silver sponsor) and Catalyst IT Ltd (bronze sponsor). The security tracker currently lists 74 packages with a known CVE and the dla-needed.txt file 64. The number of packages with open issues increased of almost 50% compared to last month. Hopefully this backlog will get cleared up when the unused hours will actually be done. In any case, this evolution is worth watching. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 22 months)
• GitHub (for 13 months)
• Gold sponsors:
• The Positive Internet (for 38 months)
• Blablacar (for 37 months)
• Linode (for 27 months)
• Babiel GmbH (for 16 months)
• Plat Home (for 16 months)
• Silver sponsors:
• Domeneshop AS (for 37 months)
• Universit Lille 3 (for 37 months)
• Trollweb Solutions (for 35 months)
• Nantes M tropole (for 32 months)
• Dalenys (for 28 months)
• Univention GmbH (for 23 months)
• Universit Jean Monnet de St Etienne (for 23 months)
• Sonus Networks (for 17 months)
• UR Communications BV (for 12 months)
• maxcluster GmbH (for 11 months)
• Exonet B.V. (for 7 months)
• Leibniz Rechenzentrum
• Bronze sponsors:
• David Ayers IntarS Austria (for 38 months)
• Evolix (for 38 months)
• Offensive Security (for 38 months)
• Seznam.cz, a.s. (for 38 months)
• Freeside Internet Service (for 37 months)
• MyTux (for 37 months)
• Intevation GmbH (for 35 months)
• Linuxhotel GmbH (for 35 months)
• Daevel SARL (for 33 months)
• Bitfolk LTD (for 32 months)
• Megaspace Internet Services GmbH (for 32 months)
• NUMLOG (for 32 months)
• Greenbone Networks GmbH (for 31 months)
• WinGo AG (for 31 months)
• Ecole Centrale de Nantes LHEEA (for 27 months)
• Sig-I/O (for 24 months)
• Entr ouvert (for 22 months)
• Adfinis SyGroup AG (for 19 months)
• GNI MEDIA (for 14 months)
• Quarantainenet BV (for 14 months)
• RHX Srl (for 11 months)
• Bearstech (for 5 months)
• LiHAS (for 5 months)
• People Doc
• Catalyst IT Ltd

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In May, about 161 work hours have been dispatched among 11 paid contributors. Their reports are available:

• Antoine Beaupr did 12h (out of 16h allocated, thus keeping 4 extra hours for July).
• Ben Hutchings did 20 hours (out of 15h allocated + 5 extra hours).
• Chris Lamb did 16 hours.
• Emilio Pozuelo Monfort did 11 hours (out of 16 hours allocated + 3 hours remaining, thus keeping 8 hours for July).
• Guido G nther did 9 hours.
• Hugo Lefeuvre did 5 hours (out of 15h allocated, thus keeping 10 extra hours for July).
• Markus Koschany did 16 hours.
• Ola Lundqvist did 12 hours (out of 14h allocated, thus keeping 2 extra hours for July).
• Rapha l Hertzog did 12 hours.
• Roberto C. Sanchez did 6.5 hours (out of 16 hours allocated + 2.5 hour remaining, thus keeping 12 extra hours for July).
• Thorsten Alteholz did 16 hours.

Evolution of the situation The number of sponsored hours increased slightly with one new bronze sponsor and another silver sponsor is in the process of joining. The security tracker currently lists 49 packages with a known CVE and the dla-needed.txt file 54. The number of open issues is close to last month. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 21 months)
• GitHub (for 11 months)
• Gold sponsors:
• The Positive Internet (for 37 months)
• Blablacar (for 36 months)
• Linode (for 26 months)
• Babiel GmbH (for 15 months)
• Plat Home (for 14 months)
• Silver sponsors:
• Domeneshop AS (for 36 months)
• Universit Lille 3 (for 36 months)
• Trollweb Solutions (for 34 months)
• Nantes M tropole (for 30 months)
• Dalenys (for 27 months)
• Univention GmbH (for 22 months)
• Universit Jean Monnet de St Etienne (for 22 months)
• Sonus Networks (for 16 months)
• UR Communications BV (for 10 months)
• maxcluster GmbH (for 10 months)
• Exonet B.V. (for 6 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 37 months)
• Evolix (for 37 months)
• Offensive Security (for 37 months)
• Seznam.cz, a.s. (for 37 months)
• Freeside Internet Service (for 36 months)
• MyTux (for 36 months)
• Linuxhotel GmbH (for 34 months)
• Intevation GmbH (for 33 months)
• Daevel SARL (for 32 months)
• Bitfolk LTD (for 31 months)
• Megaspace Internet Services GmbH (for 31 months)
• Greenbone Networks GmbH (for 30 months)
• NUMLOG (for 30 months)
• WinGo AG (for 29 months)
• Ecole Centrale de Nantes LHEEA (for 26 months)
• Sig-I/O (for 23 months)
• Entr ouvert (for 21 months)
• Adfinis SyGroup AG (for 18 months)
• Quarantainenet BV (for 13 months)
• GNI MEDIA (for 12 months)
• RHX Srl (for 10 months)
• Bearstech (for 4 months)
• LiHAS (for 4 months)
• People Doc

One comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In May, about 182 work hours have been dispatched among 11 paid contributors. Their reports are available:

• Ben Hutchings did 13 hours (out of 15h allocated + 3 extra hours, thus keeping 5 extra hours for June).
• Brian May did 10 hours.
• Chris Lamb did 18 hours.
• Emilio Pozuelo Monfort did 23 hours (out of 24 hours allocated + 2 hours remaining, thus keeping 3 hours for June).
• Guido G nther did 8 hours.
• Hugo Lefeuvre did 15 hours.
• Jonas Meurer gave back his remaining hours from last month.
• Markus Koschany did 27.25 hours.
• Ola Lundqvist did 12 hours (out of 6h allocated + 6 remaining hours).
• Rapha l Hertzog did 12 hours.
• Roberto C. Sanchez did 22 hours (out of 20 hours allocated + 4.5 hour remaining, thus keeping 2.5 extra hours for June).
• Thorsten Alteholz did 27.25 hours.

Evolution of the situation The number of sponsored hours did not change and we are thus still a little behind our objective. The security tracker currently lists 44 packages with a known CVE and the dla-needed.txt file 42. The number of open issues is close to last month. Thanks to our sponsors New sponsors are in bold (none this month unfortunately).

• Platinum sponsors:
• TOSHIBA (for 20 months)
• GitHub (for 11 months)
• Gold sponsors:
• The Positive Internet (for 36 months)
• Blablacar (for 35 months)
• Linode (for 25 months)
• Babiel GmbH (for 14 months)
• Plat Home (for 14 months)
• Silver sponsors:
• Domeneshop AS (for 35 months)
• Universit Lille 3 (for 35 months)
• Trollweb Solutions (for 33 months)
• Nantes M tropole (for 29 months)
• Dalenys (for 26 months)
• Univention GmbH (for 21 months)
• Universit Jean Monnet de St Etienne (for 21 months)
• Sonus Networks (for 15 months)
• UR Communications BV (for 9 months)
• maxcluster GmbH (for 9 months)
• Exonet B.V. (for 5 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 36 months)
• Evolix (for 36 months)
• Offensive Security (for 36 months)
• Seznam.cz, a.s. (for 36 months)
• Freeside Internet Service (for 35 months)
• MyTux (for 35 months)
• Linuxhotel GmbH (for 33 months)
• Intevation GmbH (for 32 months)
• Daevel SARL (for 31 months)
• Bitfolk LTD (for 30 months)
• Megaspace Internet Services GmbH (for 30 months)
• Greenbone Networks GmbH (for 29 months)
• NUMLOG (for 29 months)
• WinGo AG (for 28 months)
• Ecole Centrale de Nantes LHEEA (for 25 months)
• Sig-I/O (for 22 months)
• Entr ouvert (for 20 months)
• Adfinis SyGroup AG (for 17 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 12 months)
• Quarantainenet BV (for 12 months)
• GNI MEDIA (for 11 months)
• RHX Srl (for 9 months)
• Bearstech (for 3 months)
• LiHAS (for 3 months)

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In April, about 190 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Antoine Beaupr did 19.5 hours (out of 16h allocated + 5.5 remaining hours, thus keeping 2 extra hours for May).
• Ben Hutchings did 12 hours (out of 15h allocated, thus keeping 3 extra hours for May).
• Brian May did 10 hours.
• Chris Lamb did 18 hours.
• Emilio Pozuelo Monfort did 17.5 hours (out of 16 hours allocated + 3.5 hours remaining, thus keeping 2 hours for May).
• Guido G nther did 12 hours (out of 8 hours allocated + 4 hours remaining).
• Hugo Lefeuvre did 15.5 hours (out of 6 hours allocated + 9.5 hours remaining).
• Jonas Meurer did nothing (out of 4 hours allocated + 3.5 hours remaining, thus keeping 7.5 hours for May).
• Markus Koschany did 23.75 hours.
• Ola Lundqvist did 14 hours (out of 20h allocated, thus keeping 6 extra hours for May).
• Rapha l Hertzog did 11.25 hours (out of 10 hours allocated + 1.25 hours remaining).
• Roberto C. Sanchez did 16.5 hours (out of 20 hours allocated + 1 hour remaining, thus keeping 4.5 extra hours for May).
• Thorsten Alteholz did 23.75 hours.

Evolution of the situation The number of sponsored hours decreased slightly and we re now again a little behind our objective. The security tracker currently lists 54 packages with a known CVE and the dla-needed.txt file 37. The number of open issues is comparable to last month. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 19 months)
• GitHub (for 10 months)
• Gold sponsors:
• The Positive Internet (for 35 months)
• Blablacar (for 34 months)
• Linode (for 24 months)
• Babiel GmbH (for 13 months)
• Plat Home (for 13 months)
• Silver sponsors:
• Domeneshop AS (for 34 months)
• Universit Lille 3 (for 34 months)
• Trollweb Solutions (for 32 months)
• Nantes M tropole (for 28 months)
• Dalenys (for 25 months)
• Univention GmbH (for 20 months)
• Universit Jean Monnet de St Etienne (for 20 months)
• Sonus Networks (for 14 months)
• UR Communications BV (for 9 months)
• maxcluster GmbH (for 8 months)
• Exonet B.V. (for 4 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 35 months)
• Evolix (for 35 months)
• Offensive Security (for 35 months)
• Seznam.cz, a.s. (for 35 months)
• Freeside Internet Service (for 34 months)
• MyTux (for 34 months)
• Linuxhotel GmbH (for 32 months)
• Intevation GmbH (for 31 months)
• Daevel SARL (for 30 months)
• Bitfolk LTD (for 29 months)
• Megaspace Internet Services GmbH (for 29 months)
• Greenbone Networks GmbH (for 28 months)
• NUMLOG (for 28 months)
• WinGo AG (for 28 months)
• Ecole Centrale de Nantes LHEEA (for 24 months)
• Sig-I/O (for 21 months)
• Entr ouvert (for 19 months)
• Adfinis SyGroup AG (for 16 months)
• GNI MEDIA (for 11 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 11 months)
• Quarantainenet BV (for 11 months)
• RHX Srl (for 8 months)
• Bearstech
• LiHAS

No comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In March, about 190 work hours have been dispatched among 14 paid contributors. Their reports are available:

• Antoine Beaupr did 19 hours (out of 14.75h allocated + 10 remaining hours, thus keeping 5.75 extra hours for April).
• Balint Reczey did nothing (out of 14.75 hours allocated + 2.5 hours remaining) and gave back all his unused hours. He took on a new job and will stop his work as LTS paid contributor.
• Ben Hutchings did 14.75 hours.
• Brian May did 10 hours.
• Chris Lamb did 14.75 hours.
• Emilio Pozuelo Monfort did 11.75 hours (out of 14.75 hours allocated + 0.5 hours remaining, thus keeping 3.5 hours for April).
• Guido G nther did 4 hours (out of 8 hours allocated, thus keeping 4 extra hours for April).
• Hugo Lefeuvre did 4 hours (out of 13.5 hours allocated, thus keeping 9.5 extra hours for April).
• Jonas Meurer did 11.25 hours (out of 14.75 hours allocated, thus keeping 3.5 extra hours for April).
• Markus Koschany did 14.75 hours.
• Ola Lundqvist did 23.75 hours (out of 14.75h allocated + 9 hours remaining).
• Rapha l Hertzog did 15 hours (out of 10 hours allocated + 6.25 hours remaining, thus keeping 1.25 hours for April).
• Roberto C. Sanchez did 21.5 hours (out of 14.75 hours allocated + 7.75 hours remaining, thus keeping 1 extra hour for April).
• Thorsten Alteholz did 14.75 hours.

Evolution of the situation The number of sponsored hours has been unchanged but will likely decrease slightly next month as one sponsor will not renew his support (because they have switched to CentOS). The security tracker currently lists 52 packages with a known CVE and the dla-needed.txt file 40. The number of open issues continued its slight increase not worrisome yet but we need to keep an eye on this situation. Thanks to our sponsors New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 18 months)
• GitHub (for 9 months)
• Gold sponsors:
• The Positive Internet (for 34 months)
• Blablacar (for 33 months)
• Linode LLC (for 23 months)
• Babiel GmbH (for 12 months)
• Plat Home (for 12 months)
• Silver sponsors:
• Domeneshop AS (for 33 months)
• Universit Lille 3 (for 33 months)
• Trollweb Solutions (for 31 months)
• Nantes M tropole (for 27 months)
• University of Luxembourg (for 25 months)
• Dalenys (for 24 months)
• Univention GmbH (for 19 months)
• Universit Jean Monnet de St Etienne (for 19 months)
• Sonus Networks (for 13 months)
• UR Communications BV (for 7 months)
• maxcluster GmbH (for 7 months)
• Exonet B.V. (for 3 months)
• Bronze sponsors:
• David Ayers IntarS Austria (for 34 months)
• Evolix (for 34 months)
• Offensive Security (for 34 months)
• Seznam.cz, a.s. (for 34 months)
• Freeside Internet Service (for 33 months)
• MyTux (for 33 months)
• Linuxhotel GmbH (for 31 months)
• Intevation GmbH (for 30 months)
• Daevel SARL (for 29 months)
• Bitfolk LTD (for 28 months)
• Megaspace Internet Services GmbH (for 28 months)
• Greenbone Networks GmbH (for 27 months)
• NUMLOG (for 27 months)
• WinGo AG (for 26 months)
• Ecole Centrale de Nantes LHEEA (for 23 months)
• Sig-I/O (for 20 months)
• Entr ouvert (for 18 months)
• Adfinis SyGroup AG (for 15 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 10 months)
• Quarantainenet BV (for 10 months)
• GNI MEDIA (for 9 months)
• RHX Srl (for 7 months)
• Bearstech
• LiHAS

No comment Liked this article? Click here. My blog is Flattr-enabled.