Search Results: "Martin Schulze"

16 August 2012

Raphaël Hertzog: Happy Birthday Debian! And memories of an old-timer

For Debian s birthday, Francesca Ciceri of the Debian Publicity team suggested that developers blog about their first experiences with Debian . I found this a good idea so I m going to share my own early experience. It s quite different from what happens nowadays Before speaking of my early Debian experience, I have to set some context. In my youth, I have always been a Windows user and a fan of Bill Gates. That is until I got Internet at home at that point, I got involved in Usenet and made some friends there. One of those made me discover Perl and it has been somewhat of a revelation for me who had only been programming in Visual Basic, Delphi or ObjectPal. Later the same friend explained me that Perl was working much better on Linux and that Debian Linux installs it by default so I should try this one. I had no idea of what Linux was, but given how I loved Perl, I was eager to try his advice. So I got myself a Tri-Linux CD with Debian/RedHat/Slackware on it and started the installation process (which involved preparing boot floppies). But I did not manage to get the graphical interface working despite lots of fiddling with Xfree86 s configuration file. So I ended up installing RedHat and used it for a few months. But since many of the smart guys in my Usenet community were Debian users, I persisted and finally managed to get it to work! After a few months of usage, I was amazed at everything that was available for free and I wanted to give back. I filed my first bug report in July 1998, I created my first Debian packages in August 1998 and I got accepted as an official Debian developer in September 1998 (after a quick chat over the phone with Martin Schulze or James Troup I never understood the name of my interlocutor on the phone and I was so embarassed to have to use my rusty English over the phone that I never asked). That s right, it took me less than 3 months to become a Debian developer (I was 19 years old back then). I learned a lot during those months by reading and interacting with other Debian developers. Many of those went away from Debian in the mean time but some of them are still involved (Joey Hess, Manoj Srivastava, Ian Jackson, Martin Schulze, Steve McIntyre, Bdale Garbee, Adam Heath, John Goerzen, Marco D Itri, Phil Hands, Lars Wirzenius, Santiago Vila, Matthias Klose, Dan Jacobowitz, Michael Meskes, ). My initial Debian work was centered around Perl: I adopted dpkg-ftp (the FTP method for dselect) because it was written in Perl and had lots of outstanding bug reports. But I also got involved in more generic Quality Assurance work and tried to organize the nascent QA team. It was all really a lot of fun, I could take initiatives and it was clear to me that my work was appreciated. I don t know if you find this story interesting but I had some fun time digging through archives to find out the precise dates if you want to learn more about what I did over the following years, I maintain a webpage for this purpose.

One comment Liked this article? Click here. My blog is Flattr-enabled.

6 March 2008

Anthony Towns: The second half...

Continuing from where we left off… The lower bound for me becoming a DD was 8th Feb ‘98 when I applied; for comparison, the upper bound as best I can make out was 23rd Feb, when I would have received this mail through the debian-private list:
Resent-Date: 23 Feb 1998 18:18:57 -0000
From: Martin Schulze 
To: Debian Private 
Subject: New accepted maintainers
Hi folks,
I wish you a pleasant beginning of the week.  Here are the first good
news of the week (probably).
This is the weekly progress report about new-maintainers.  These people
have been accepted as new maintainer for Debian GNU/Linux within the
last week.
Anthony Towns <>
    Anthony is going to package the personal proxy from - we don't have the source... He may adopt the
    transproxy package, too.
I never did adopt transproxy – apparently Adam Heath started fixing bugs in it a few days later anyway, and it was later taken over by Bernd Eckenfels (ifconfig upstream!) who’s maintained it ever since. Obviously I did do other things instead, which brings us back to where we left off…
Geez, this was meant to be briefer...

27 October 2006

Joey Hess: DWN items 1

This is the first in a planned series of weekly posts on what's happening in Debian, which I plan to do to help fill the gap left by Martin Schulze no longer writing DWN. I will post these on Fridays with a dwn tag, and while I don't plan to cover everything that's happening in Debian, like I tried to do when I edited DWN, my hope is that if some other people also do this, we'll cover enough to be useful. On to the news items.. mplayer in sid. The mplayer package has had the longest tenure in NEW of any package ever to be uploaded to Debian. But it's finally been accepted into the archive. Depending on the videos you need to play, you may still need non-free codecs from outside Debian, such as Christian Marillat's repository. Congratulations to mplayer's maintainers and to the ftpmasters for resolving the licencing issues that kept mplayer out of Debian for so long. d-i string freeze and release plans. In preparation for the first release candidate of d-i for etch, a string freeze has been going on for the last two weeks, and changes to the installer are limited to bug fixing. Frans Pop posted details and a timeline for RC1. Note that preparations for RC1 have already broken most beta 3 d-i images. alioth move. Alioth has just moved to a new server. Amoung other changes, moved to the same host as alioth, eliminating some issues caused by splitting them before. decomissioned. This significant Debian mirror was turned off on October 22nd, and anyone still using it should switch to a different mirror.

15 October 2006

Julien Danjou: Total recall (2006)

Directed by jd & adn Genre: Action / Adventure / Sci-Fi / Thriller / Horror / Drama / Humor
Runtime: several weeks
Country: A lot
Language: English
Color: Color (Technicolor, QT, GTK and ncurses) Tagline: They stole their project, now they want it back. Plot Outline: In September 2006, a group of developpers from the Debian planet rise against the corruption leading the government.
User Comments: Great action, great suspense, great cultural satire, and a great mind-bender. Awards: Waiting for nomination. Quotes: Cast overview
Anthony Towns (aj), as the Debian Project Leader Denis Barbier (bouz), as The Recaller
Aurelien Jarno (aurel32), as one Seconder Clint Adams (schizo), as one Seconder
MJ Ray (mjr), as one Seconder Pierre Habouzit (madcoder), as one Seconder
Martin Schulze (joey), as one Seconder Marc Dequ nes (duck), as one Seconder

4 August 2006

Norbert Tretkowski: Security updates in Debian

I really wonder who did the graphic in this article about security updates in Ubuntu, and why Debian is missing in it. The most important point in the referred article is that Debian scores so well compared with the other (freely) available distributions. Thanks a lot to Martin Schulze, Moritz Muehlenhoff and Steve Kemp for their work.

Norbert Tretkowski: Debian doesn't exist

I really wonder who did the graphic in this article about security updates in Ubuntu, and why Debian is missing in it. The most important point in the refered article is that Debian scores so well compared with the other freely available distributions. Thanks a lot to Martin Schulze, Moritz Muehlenhoff and Steve Kemp, the Debian Security-Team.

17 November 2005

Anthony Towns: Afraid of your Neighbour's Disapproval

Continuing on from the SCC stuff, which I should probably get in the habit of calling the mirror split, then… At the same time as I’ve been trying to work out ways to fit the mirror split stuff into the AJ market concept, I’ve been pondering on and off what can be done to improve the security situation. My thinking’s probably still biassed by my long time wish for official security updates to testing, but I’m somewhat inclined to think that if we can figure out a way of integrating the testing security team and the official security team we might end up closer to a solution – at the very least that’d provide us with a decent number of people who can actively help out with security updates that aren’t secet and get a few more people familiar with the technical aspects of how security updates are released, who’ll then have less of a learning curve if they end up being added to the security team proper. And heck, even if that doesn’t work, it at least gives people running testing an easier url to remember for security updates. Of course, integrating the teams isn’t that easy, or it would’ve already been done. So after thinking about it, I had a chat with Joey (aka Martin Schulze, aka the guy who’s issued 317 of the 340 security advisories in the past 12 months) about the problems:
<aj> so, the other thing i wonder is what you think of the testing-security-support split?
<Joey> need more input
<aj> as in separate host, funny domain name, not available on, extra effort to mirror, etc
<aj> i think it sucks :)
<Joey> there are a lot of sucking things…
<aj> it’s true
<aj> so, i figure the reasons for the split are (a) you don’t want to add a bunch of people to team@ and hence vendor-sec, and (b) there’s no way to make it so they can use dak-security without being full team/vendor-sec members; and maybe (c) you don’t want them officially associated with debian security coz they’re newbies
<Joey> a) and b) are true
<Joey> However, with being a push mirror, it would be possible to let it be pushed from a second source into a different directory, such as /testing-security/
<aj> hrm
<Joey> However, that would require all architectures to be supported and not just some.
<Joey> all as in “all that are in testing”
<aj> ah, that’s (c) then – they don’t do enough for the official debian stamp
<Joey> ah ok
Assuming those really are the key factors (which might or might not turn out true, but they seem likely) then that’s something that can be worked on. The first point is completely out of my domain – I’ve never been on vendor-sec, and it’s not likely something that ought to be tweaked much anyway; vendor-sec’s a very closed list by design, and for most security work it’s probably a distraction (testing security as is currently operates without concerning itself with vendor-sec, AIUI); the second points purely technical; and the third point is a combination of technical issues and an issue of training, both of which will be hopefully helped a lot by integrating testing-security and So the easiest point of attack is obviously the second one, since it’s “just” a matter of expanding dak’s featureset. The problem here is embargoed fixes – the security team needs to be able to prepare fixes for vulnerabilities revealed on vendor-sec, but then keep them secret from everyone not on vendor-sec until the publication date. Which is fine, except that dak takes an all or nothing approach to that sort of secrecy: secuirty uploads go into accepted, get built, and then the security team run “amber” to publish the update. But what that means is the accepted directory and its contents can only be visible to people with vendor-sec access, which means only people with vendor-sec access can do security updates. But we do actually have a different queuing mechanism that allows us to keep some things secret, while not hiding everything: thanks to the crypto-in-main transition, the NEW queue acts like that, more or less, only allowing ftpmaster to see the contents of NEW packages until they’ve passed license inspections and the appropriate export notifications have taken place. And actually, we’d already considered extending that sort of behaviour to add an “unapproved” queue that would prevent uploads from entering proposed-updates without the stable release manager’s prior approval. The idea then, would be to have a couple of queues for the security team: an embargoed queue, accessible only to those with vendor-sec access that would store embargoed fixed ‘til they’re ready to be released, and an unembargoed queue for preparation accessible by a wider group, for preparation of fixes that don’t need to be secret. Both queues would need to be autobuilt (and the build logs for embargoed uploads would need to stay restricted, while the build logs for unembargoed uploads would not), which is an added difficulty, since only accepted can be autobuilt presently. But otherwise, it seems basically plausible, both to myself and Joey. Conveniently, Andrew Pollock’s been interested in throwing some money through the AJ Market to see what happens, and since the initial idea we were tossing around fell through due to his move to the US, he’s put up the dosh to make the above happen. Well, strictly the dosh to make me make the above happen, or something. Anyway, I’m already running behind both in implementation and blogging about it, so back to the grindstone… (Okay, perhaps it’s not quite the feature Mark Twain would most like added to dak, but it’s still nifty.)