I am transitioning my GPG key from an old 1024-bit DSA key to a new 4096-bit RSA key. The old key will continue to be valid for some time but I prefer all new correspondance to be encrypted with the new key. I will be making all signatures going forward with the new key. I have followed the excellent tutorial from Daniel Kahn Gillmor which also explains why this migration is needed. The only step that I did not execute is issuing a new certification for keys I have signed in the past. I did not find any search engine to tell me which key I have signed. Here is the signed transition statement (I have stolen it from Zack): For easier access, I have also published it in text format. You can check it with: To avoid signing/encrypting with the old key who share the same email addresses than the new one, I have saved it, removed it from the keyring and added it again. The new key is now first in both the secret and the public keyrings and will be used whenever the appropriate email address is requested. I now need to gather some signatures for the new key. If this is appropriate for you, please sign the new key if you signed the old one.

Just posted to d-d-a, here are the monthly DPL bits.

---

Dear project members,
here's the periodic report of what has happened in DPL land, this time during May 2012. It's briefer than usual, as this year I've enjoyed the lovely French habit of frequent holidays during the month of May. Highlight First highlight for this month is an invitation to us all. We're now in June and the Wheezy freeze is literally a few days away. The RC bugs count is moving in the right direction, but it's still stellar if we want to ensure a short freeze. And a short freeze is of paramount importance: it'll reduce the time during which we can't implement great plans for the future, increase the "freshness" of software we'll ship with Wheezy, and reduce the inconveniences for those who run the testing suite due to its nice "rolling" feature. So please set out some regular time to do RC bug squashing, by providing patches and doing NMUs. Releasing Wheezy is not something that could be outsourced to the Release Team, it's a collective responsibility that kicks in as soon as our own packages are RC bug free (which they already are, right? The second highlight is more on the internal structure camp. As mentioned last month, I've discussed with the tech-ctte insisting a bit to set up periodic IRC meetings, to ensure outstanding issues get periodically reviewed. At the end of May the first IRC meeting has happened, and has been very productive. See the minutes. Another one has been scheduled, trying to setup a monthly cadence, for the end of June. Many thanks to all tech-ctte members who have took part in and helped with the meeting organization. Communication I've given an interview to iTWire, answering a number of questions about several past and future Debian challenges. Discussions The ongoing discussion to harmonize packaging of multimedia software between the official Debian archive and the unofficial debian-multimedia.org archive (dmo) has progressed. I've tried to help the two groups reaching an agreement on which packages belong where, so that both duplicate packaging efforts and user inconveniences are minimized. That seems not to have worked and dmo maintainers have simply announced that they will move away from the current domain name to a new one that does not include "debian" in its name. Sprints There will be a Debian Science sprint in June, co-located with the broader Debian Science event organized by European Synchrotron Radiation Facility (ESRF) in Grenoble. I've confirmed my attendance for the opening talk of the conference day. ESRF organizers have kindly sponsored travel for all Debian attendees, many thanks to them! Another sprint will happen next week-end in Paris, this time by the i18n/l10n team. I've approved the corresponding tentative budget for travel sponrship for ~2'000 EUR. Other expenses Hardware replacement plans go on. We've ordered SSDs (for ~3'000 CAD) for recently bought machines meant to replace bugs-mirror, bugs-master, and udd. On the "small emergencies" front, we also had to replace failing disks on wagner (1/2 of alioth), for as little as 100 GBP. Miscellanea

• I've helped a bit with the ratification of the Debian diversity statement by seconding it and shortening the discussion period
• on the multimedia front, I've also sought legal advice for the multimedia team, to better understand how to provide a decent multimedia experience for Debian users while respecting the draconian copyright system that exists almost world-wide. There seem to be some solutions in sight for the few missing packages (which I'm still discussing with the respective maintainers), but they'll hardly be ready for Wheezy
• three people replied to my call for help with DPL tasks (thanks!). I'll be shortly contact them to share the list of tasks that can be outsourced to anyone willing to help; then I'll try to setup a calendar of periodic IRC public meetings. There's still time to apply if you are interested (hint hint!)
• on behalf of Debian, SPI has entered in the ISC Forum Membership Agreement, giving access to the Debian security team to security notices for softwares like BIND and DHCP. We previously had a similar agreement for individual maintainers, but it's good to move it at a project level, in order to diminish bus factors

Happy Wheezy freeze,
and RC bugs squashing!

---

PS the boring day-to-day activity log for May is available at master:/srv/leader/news/bits-from-the-DPL.txt.201205

Just posted to d-d-a, here is the monthly report about my DPL activities.

---

Dear project members,
last bits of the past DPL term and first bits of the current term, all in one. Here is a report of what has happened in DPL land last April. Highlight: call for DPL helpers Before the report, though, let me point out that your friendly neighborhood DPL could use some help. As discussed during campaign, there are some intrinsic transparency and scalability limits in the DPL institution, when run by a single person. Before trying something new to fix that, I'd like to give a last try to an old "tactic": calling for help. If you're considering running for DPL or if you're simply interested in the job the DPL does and willing to help with that, please let me know. Ideally, if I find a group of people I'm happy to work with, I'd like to set up periodic IRC meetings with all "DPL helpers" to publicly discuss items in the DPL agenda and share the work-load. Ongoing discussions A big topic of last month has been the proposal by Francesca Ciceri to publish a diversity statement for the Debian Project. After a lively discussion on -project, we reached consensus on a text, and I've been happy to help with that. To finalize statement publication we now need to vote on it with a GR. I've helped drafting a corresponding GR proposal that has already been posted to -vote by Francesca. A final one, looking for seconds, will be posted there soon. Wrapping up March discussions on a revenue sharing agreement with DuckDuckGo, I've announced my intention to finalize the agreement and have done so shortly thereafter. The Iceweasel maintainer has deployed the corresponding search engine query string and other web browser maintainers could do the same, if they want to. In April I've also spent some time to move forward the long running conflict on Python maintenance, reported to the tech-ctte more than 2 years ago. With the help of people on the -python mailing list, I've now submitted to the tech-ctte an up to date list of potential maintenance teams. I hope the tech-ctte now have all the information needed to come to a decision. Speaking of which, I'm also discussing with tech-ctte members the possibility of having periodic ctte meetings; the idea is to ensure that outstanding issues are periodically reassessed, improving the reliability of tech-ctte decision times. I've also discussed at length with members of the pkg-multimedia-maintainers team the relationships with the unofficial debian-multimedia.org (d-m.o) repository, that have been a cause of tension for Debian multimedia users and maintainers for quite some time. On behalf of the team and of the Project I've now reached out to the d-m.o maintainer, hoping to come to some sort of amicable agreement on which packages belong where. Hardware replacement As anticipated in last report, I've started approving hardware purchases to implement the yearly hardware replacement plan prepared by DSA. During April I've approved requests to buy servers to replace the machines running the bugs-master, bugs-mirror, and UDD services. The total expected expenditure is about 15'000 USD. Communication I've delivered my classic Debian "18^W 19 years" talk at UNIVPM, a polytechnic university in center Italy; slides are available. I've then been contacted by people from the European Synchrotoron in Grenoble who, beside having recently migrated their infrastructure to Debian, are looking into organizing a workshop on Debian usage for large science facilities. I've been happy to help out providing a list of potential topics and speakers for the event. Also as anticipated last month, the Debian Project has been present at the OpenStack summit. Loic Dachary has represented Debian at the event and provided a nice report about his experience there. Speaking of which, I've also coordinated a news release about the availability of cloud technologies in Wheezy, taking the chance to point out the relationships between what Debian stands for and the ability to deploy your own private cloud. Sprints April has been a rather calm month on the sprint front, with the notable exception of the I18n team who is organizing a sprint for June in Paris. Miscellanea

• Google Summer of Code (GSoC) has now started and for Debian is already quite a success. Wrt last year we doubled the number of student applications and we jumped from 9 to 15 approved projects. More details about Debian in GSoC have been posted by Ana. I encourage all of you to take the chance of GSoC to bond with students and show them how nice is the Debian community to work with: that's the prime trait we need to exhibit to make sure we'll always have enough volunteers to run the Debian Project.
• The one month notice before opening up LDAP dnsZoneEntry has expired and the field has now been opened by DSA. Practically, this means that the full listing of *.debian.net entries can now be queried publicly via LDAP. If anyone would be so kind to provide a script that does so and produce a nice looking HTML index, we can now publish it somewhere and replace the perennially out of date wiki index

Thanks for reading thus far,
HDH! (Happy Debian Hacking)

---

PS the boring day-to-day activity log for April is available at master:/srv/leader/news/bits-from-the-DPL.txt.201204

Debian, free software, and critical consumption As mentioned in my last report, about a month ago I've been interviewed (in Italian) for la Repubblica, a major general-interest Italian newspaper. Matteo Cortese has kindly contributed an English translation of the interview (thanks!), which I've just made available. If you're a Free Software enthusiast, there is probably nothing new in there for you. But for a different public the story is quite another. In many countries it is still very difficult to find room on general-interest newspapers to explain why Free Software matter to people, and how not caring about it will lead consumers to progressively lose their rights while software become more and more common in the stuff they buy. So many thanks to journalist like Giulia Belardelli who show a genuine interest in these topics and try to bring them "to the masses".

Learning from the Future of Component Repositories ( Pietro Abate, Roberto Di Cosmo, Ralf Treinen and Stefano Zacchiroli ) has been accepted to be presented at CBSE 2012 (26-28 June, Bertinoro, Italy)

Abstract

  An important aspect of the quality assurance of large component repositories
  is the logical coherence of component metadata. We argue that it is possible
  to identify certain classes of such problems by checking relevant properties
  of the possible future repositories into which the current
  repository may evolve. In order to make a complete analysis of all possible
  futures effective however, one needs a way to construct a finite set of
  representatives of this infinite set of potential futures. We define a class
  of properties for which this can be done.
  We illustrate the practical usefulness of the approach with two quality
  assurance applications: (i) establishing the amount of  forced upgrades''
  induced by introducing new versions of existing components in a repository,
  and (ii) identifying outdated components that need to be upgraded in order to
  ever be installable in the future. For both applications we provide
  experience reports obtained on the Debian distribution.

The tools presented in this paper (outdated and challenges) are already in Debian as part of the 'dose-extra' package.

Posted a week ago, already deferred back then, this report is even more deferred now! But as there are people interest in knowing what the "DPL job" is about even among non debian-devel-announce subscribers, here is a blog-conveyed reproduction, for the records.

---

Dear project members,
here is my monthly DPL activity report, this time for last March. It is delayed by a couple of weeks because, myself being both incumbent and candidate DPL, I preferred not to use d-d-a during the voting period unless really needed. Apologies for the delay (or the unneeded paranoia, you name it). As a side effect of the delay, the results of the DPL election are now known. I'd like to thank all the people who took part in the elections: voters, people who asked questions on -vote, the secretary, and obviously Gergely and Wouter, without whom the campaign wouldn't have allowed to discuss relevant aspects of Debian "politics". Thanks for your trust. I'll do my best to match your expectations. ... and just to remind you what you've just asked for, here goes the BigMonthlyBlurb! Highlight: long-term hardware replacement planning The highlight for this month is long term planning of hardware replacement. It's something I've been discussing with DSA for quite a while and on which DSA has worked hard during the recent sprint. As a result, we now have a quite ambitious 5-year hardware replacement plan that will guarantee that all machines in production are under warranty at any given time (with the nice side effect of generally better performances, as they go hand in hand with newer hardware). The current estimated cost per year is 29'000 USD. That does not yet include buildds and porter-boxes, so it is expected to increase a bit to cover all our hardware needs. But we expect it not increase too much, as we tend to get explicit hardware donations to cover arch-specific needs. Given the current state of Debian finances and donation trends, the plan looks sustainable for at least 2-3 years. But this assessment still needs to be refined as soon as, together with the auditors, we'll manage to obtain the history of past Debian transactions, in particular from SPI. We've been waiting for this for about 5 months now, but I'm positive it could become a reality in the next weeks. In the meantime, it is surely safe to start with the plan for the next 1-1.5 years, so I'll give green light to DSA for the first acquisitions as soon as they're ready for it. When implemented, this plan will increase our ability to rely on hardware. But it also means we will need to become a bit more organized about fund-raising. The discussion started with the sprint report has some insights about how to do that. As part of this, we'll also need to share resources (e.g. contact databases, people, etc.) among the yearly DebConf fund-raising initiatives and the initiatives mentioned in the aforementioned discussion. Ongoing discussions

• A couple of important clarifications on how to deal with trademark-encumbered software in the Debian archive have been posted to -project. It seems to me there might be consensus on the overall topic, but we need to write down guidelines for maintainers (and possibly a project position statement?). I could use some help on that front, so if you've followed the discussion and/or have an interest in trademark and free software, please get in touch.
• To put an end to the long and glorious life of DEP-5, I've marked it as ACCEPTED given that it has been "implemented" in February via inclusion in the debian-policy package. You still have some time to port your debian/copyright-s to it before the Wheezy freeze.
• I've been contacted by the DuckDuckGo about a revenue sharing agreement for the inbound traffic they already get from Debian browsers. I've informed -project proposing to accept it and that has spawned a discussion that has won us an LWN article. I haven't yet summarized the thread proposing a way forward; I'll do so shortly.
• as part of a discussion on unofficial "debian" repositories, I've proposed to open up the list of *.debian.net domains. As nobody disagreed, consensus has been quickly reached and the announced change is now imminent. Thanks to Carsten Hey and Gerfried Fuchs for their help in figuring out the details of the last discussion on the matter and DSA for their feedback.

Summer of Code Debian has been accepted as an organization for the Google Summer of Code. At the time these bits go out, the student application deadline has also elapsed. In March I've contributed a few project ideas and chased potential mentors for them, when I thought the project could be important for Debian and the prospective student. I'm happy that one (a dak building block needed for the implementation of PPAs and more) has found both mentors and students. We'll see if any of the corresponding student proposal is retained and how it goes. Communication I've given an interview, about Debian and Free Software in general, to La Repubblica, one of the major newspapers in Italy. The interview is available online, but only in Italian. If some kind (and Italian-speaking) soul would like to translate it into English, I'll be happy to publish the translation as well. (update 22/04/2012: Matteo Cortese has contributed an English translation of the interview, which I'll make available shortly) Legal stuff In order to transfer ownership of the Debian trademark in Japan to SPI, I've contacted the current owners (all Japanese Debian Developers or contributors) to do the needed paperwork. I've been blessed by the help of Kenshi Muto that has taken the matter in his hands. He is now navigating through Japanese trademark procedures, a subject neither myself nor SPI lawyers were familiar with. Thanks also to Jonathan McDowell who has done the needed paperwork, SPI-side. Sprints Plenty of sprints and sprint reports in March!: Debian Med, DSA, DAM/FrontDesk. Everything should also be available from the wiki sprint page where you can find info to organize your team sprint. Assets miscellanea

• I've signed the annual memorandum of understanding with the financial entity that will help us with local expenditures for DebConf12 in Nicaragua. This year is ISIC, with whom we have an important trust path via Norman Garcia Aguilar, member of the DebConf orga team.
• After discussion with auditors, we've resolved to set a 1 year deadline for reimbursement requests. The reason is that it's a PITA to keep track of longer-running requests (yes, they do happen!) and they add uncertainty to our available finances. There can be exceptions, but please help on this front by timely requesting reimbursements after travels or other expenses.

Cheers.

---

PS the boring day-to-day activity log for March is available at master:/srv/leader/news/bits-from-the-DPL.txt.201203

Voting is open in the Debian Project Leader Elections 2012 So now I need to figure out who to vote for. This year I didn t take part in the discussions (all my spare time was bought, basically). The platforms are linked from the Debian Project Leader Elections 2012 page above and the key discussions were:

• Questions to all candidates
  • discouraging discussion styles any cure? I think this is vital. I like Gergely s answer best, but there s not much between his and Wouter s. I m not sure about Stefano s.
  • More votes in Debian? Any idea for improvement? Another vital issue to me, as democracy is a point of principle for me and our co-op. Wouter s answer sucked and there s not much to choose between the others.
  • Finding sponsors for Debian
  • Raising money for Debian I didn t feel that any candidate distinguished themselves on this or the previous question. No financial revolution looks likely.
  • About debian-companies Wouter s answer is pretty much identical to my view so I m disappointed he won t interfere if elected.
  • how informed should a DPL be? I ve a slight preference for Gergely s answer, but all are good again.
  • Debian s trademarks and logos, and their terms of use. Sadly, I suspect this is most likely to divide three good candidates for me (reads) or not. Basically the same positions, with Gergely expressing interest in delegating it to Stefano to finish what s been started.
  • Question to all candidates: In eight years Seems only Stefano has a vision?
• Questions to some candidates
  • Gergely and Wouter: on the need of becoming a DPL It seems they mainly want the freedom and a few style changes, but I feel Wouter makes a bit of a pig s ear of this discussion, seemingly insulting Stefano at one point and even defending the broken Mail-Followup-To because it would help him use reply-all for everything.
  • Gergely and Wouter: the level of independence from other distributions It seems that both want to decide first but share more if we reach the same decision as others.
  • Wouter and Gergely: software monopoly vs diversity both seem pro-choice, as long as it s maintainable.
• Questions to one candidate
  • Stefano Zacchiroli: What would you do different no big changes.
  • DPL practicing
  • Gergely Nagy: enough packaging manpower? This becomes about reforming the mentor/sponsor system, which I feel is needed.
  • Gergely Nagy: how will you search for talent and passion has more good ideas on similar themes.
  • Gergely Nagy: Disappearing? No, won t happen, based on experience.

Thanks to everyone who asked these great questions. So, what do you think?

long life to notmuch-mutt

• Bad news: I've just killed mutt-notmuch
• Good news: mutt-notmuch has been integrated upstream as a notmuch contrib script under the name notmuch-mutt
  (note the word switch, due to uniformity with other tools of the notmuch suite)
• Good news (for Debian users): starting with next notmuch upload there will be a Debian notmuch-mutt package. It will work out of the box with Mutt, without requiring any ~/.muttrc fiddling

As a consequence, no further separate releases of mutt-notmuch will be made. Future releases (of notmuch-mutt) will happen as part of notmuch. In other news, several changes have been implemented in notmuch-mutt wrt mutt-notmuch 0.2:

• move cache dir to ~/.cache/notmuch/mutt/ by default
  (Note: given that, from the point of view of notmuch, the next one will be the first release, no migration code from the previous cache location is present. Please switch to the new version and get rid of ~/.mutt-notmuch* manually.)
• support for XDG basedir, allowing to override the cache dir
• switch to String::ShellQuote for proper shell escaping in all notmuch calls
• system-wide Mutt configuration snippet for /etc/Muttrc.d/ (Debian-specific) or /etc/Muttrc

---

Many thanks to David Bremner (for shepherding my changes in) and to Ben Boeckel (whose desire to package mutt-notmuch in Fedora made me kick Debian bug #628018, this time for real).

As we're doing trends today, I got curious about Debian. I don't particularly care about popularity contests other than popcon, and Debian choices surely aren't driven by them. But hey, curiosity is curiosity, right? So, here are today's w3techs trends for websites using GNU/Linux, with all lines shown: (As thou shall always read methodologies before stats, here is the technologies overview page.) Debian is the top entrant with 30% of the websites using GNU/Linux. What I find interesting is that Debian has jumped at first place in January 2012, significantly after the release of our current stable release, Squeeze, that dates back to February 2011. It is also interesting to see community distros (Debian and CentOS) starkly ahead of commercially backed distros. That is what I find most fascinating about our projects. Whether that will remain the case or not is, for me, one of the big questions of the decade for the self-determination of Free Software communities.

The statistics of the "who wrote Linux x.y.z" series date back to at least 2.6.20. According to my experience talking with users and Free Software enthusiasts, those statistics really make a dent in the public perception of who is giving back upstream. Obviously, one should not take a single upstream, even if it is as important as the Linux kernel, as a measure of how much a given Free Software entity is giving back upstream overall. But users still seem to be fascinated by them. As a result, I have often had to answer the question: why Debian doesn't show up on those statistics?. My answer has always been something along the lines that Debian Developers who maintain Linux kernel packages, the almighty Debian Kernel Team, do that mostly as part of their volunteer engagement in Debian. As a consequence, they do not earmark their contributions as if they worked for a company and they add up to the hobbyist count instead (although you can you can routinely spot individual Debian Kernel Team members among the most active contributors for specific Linux releases). The above is the true and honest answer. But every time I've given it, I couldn't help feeling that the user who asked went home with a "yeah, well" afterthought. If you don't want to take my word of it, fine. Here is what Greg K-H had to say about Debian contributions in a recent blog post about the stable Linux kernel:

I would personally like to thank the Debian kernel developers, specifically Ben Hutchings, Maximilian Attems, Dann Frazier, Bastian Blank, and Moritz Muehlenhoff. They went above and beyond what any "normal" developer would have done, ferreting patches out of the kernel.org releases and the different vendor kernels and bug tracking systems, backporting them to the 2.6.32 kernel, testing, and then forwarding them on to me. Their dedication to their user community is amazing for such a "volunteer" group of developers. I firmly believe that without their help, the 2.6.32 kernel would not have been the success that it was. The users of Red Hat and SuSE products owe them a great debt. Buy them a beer the next time you see them, they more than deserve it.

I'll take good care of following his wise advice. Please do the same.

---

(Thanks to Sylvestre for pointing me to Greg's blog post.)

Released a few hours ago, here is the monthly report of DPL activities for February 2012.

---

Howdy, dear Project Members,
here's another round of updates about what has happened in DPL land, this time during February 2012. Highlights Quit a bit of highlights for this month:

• The first item is not pleasant but important. Early February I've submitted to the attention of the Technical Committee the upload of multi-arch enabled dpkg to the archive. The Technical Committee quickly reached a decision. Shortly afterwards an upload to experimental has happened and discussions on -devel ensued. Please help out with testing.
• Thanks to IBM and OSUOSL we have some new fairly capable (virtual) machines for powerpc* ports. See the announcement for more info. In particular, please note the call for powerpc64 porters. If you're interested in contributing to such a port, please get in touch with DSA.
• Google Summer of Code project is up again. As usual, it is a good chance to get some work done and, more importantly, to let students who are passionate about Free Software discover Debian. I've delegated the task of GSoC admins --- thanks Ana, Gergely, and Sukhbir! A call for project proposals has already been sent out; there isn't much time left, so please hurry up and drop your ideas to the wiki page and contact the soc-coordination mailing list.
• A couple of important discussions have been going on on -project. The first is the old "trademark vs DFSG" discussion. I've posted there results from legal advice that I've sought on the matter, based on your suggestions. Then, I've posted a proposal on how to deal with trademarks issues in the archive.
• The second discussion is about Debian affiliation with OSI. We've been approached by OSI about that, as I've summarized on -project. Helped by the feedback received, I've decided to go ahead with affiliation and I'm now discussing with OSI representative the next steps.
• The long running work on software patent issues in the archive has been concluded publishing a policy on the matter. We now have a contact point and legal advice with whom we can discuss specific issues if/when they arise; hopefully that would help us to discriminate actual issues in the archive (if any) from the vast amount of FUD in the area.

Talks, interviews, and the like

• Following up Debian related talks at FOSDEM, I've been interviewed, together with Lars Wirzenius and Wookey, for The Register.
• I've took part at a FOSDEM panel session on comparing the organization of local user groups, ambassadors, and the like. We've mostly to learn from others in this area, but I've took the change to summarize what we currently have in a slide deck.

Sprints Plenty of sprints related news!

• DSA and the Groupware team will be holding sprints later on in March, while DAM / FrontDesk are having one right now co-located with the BSP in Moenchengladbach
• the video team sent out a report for their sprint back in November
• debbugs (AKA bugs.debian.org) hackers are organizing a sprint to get people interested in contributing to the code base up to speed. If you're, drop a line in the thread

It would be amazing to have an average of one sprint per month for 2012, and we're on good track for it. If you want to help, organize one for your team as documented on the wiki. Legal stuff

• Thanks to SPI, we've established contacts with the owners of debian.eu, domain we believe we legitimately own. As a first step they've set up HTTP redirection from debian.eu to debian.org (instead of a computer hardware shop, as it was before) and we're now discussing actual transfer of domain ownership to a Debian Trusted Organization.
• We've contacted the Japanese trademark office to transfer the "debian" trademark there to SPI. Thanks to the previous owners (all Debian developers or contributors) for agreeing to the move. Now "only" a nasty pile of paperwork remains to be done.

Appointments In addition to the GSoC admins delegation (see above), I've agreed with former secretary Kurt Roeckx to reappoint him as a secretary for another year. Many thanks, Kurt! Miscellaneous

• We have been invited to attend the OpenStack summit in April and have a presence there, free of charge. Loic Dachary, active member of the OpenStack packaging team in Debian, has agreed to go and represent Debian there. Thanks a lot to Stefano Maffulli for the invitation and to Loic for his availability!
• We are in the process of joining as a project, instead of relying on individual maintainers as in the past the ISC forum to get access to embargoed vulnerability information for important pieces of software such as BIND and DHCP. They've kindly offered us membership free of charge. I've submitted a draft of the membership agreement to SPI and I'm waiting for their decision.
• Steady progress on the front of periodic budget reports, thanks to the work of Martin Michlmayr. We've discussed at length during FOSDEM and agreed on procedures to query the state of Debian finances that work for both auditors and the DPL. Martin has also set up a shared ledger repository and already checked in into it a lot of money transactions for the past few years not from all trusted organizations yet, though. Have faith, we'll get there

Happy Debian hacking.

---

PS as usual, the boring day-to-day activity log is available at master:/srv/leader/news/bits-from-the-DPL.*

At FOSDEM, John Sullivan delivered an interesting talk titled Is copyleft being framed? to verify alleged claims on the decline of GPL-d software. (Slides are available.) The crux of the talk is the analysis he performed on the Debian archive to discover the amount of software we distribute that is covered by GPL, LGPL, or AGPL ("GPL-d" for short in the remainder). John's talk steps in an interesting and long running debate (a recent summary of which is available in this ITWire article). The most interesting part is the discrepancy among John's results and Blackduck's, which are often used to argue how the popularity of the GPL license is declining. That might be the case. Or not. The more analyses we do to find it out, the better. The underlying assumption on John's work is that Debian is a representative sample of the Free Software out there, which I think is a reasonable assumption. I find the analysis presented in the talk completely satisfactorily from a purely scientific point of view. The same cannot be said about Blackduck's result: both their methods and data are secret, making it impossible to reproduce their experiments. Highly unscientific. Still, John's results are surprising: as much as 87 percent of Lenny's packages and 93 percent of Squeeze's are GPL-d. That seems a lot. Puzzled about that, John discussed with me the issue before his talk, in search for pitfalls in his methods or data. Finding none, I pointed him to the almighty DktrKranz for some extra review; who found nothing either. To stay on the safe side, even during his talk John called for independent reviews of his results. What could be wrong? The tool used to gather the data is license-count from the debian-policy package. Input data are the debian/copyright files of all Debian source packages. If license-count is not bugged, our debian/copyright files might be. One thing that occurred to me only a few days ago is the habit of declaring a different license for Debian packaging (the files under debian/) than the software being packaged itself. That's a bad habit because it might cause unwanted license mixtures via patches that live under debian/ but I've seen several occurrences of it in the Debian archive. For name and (self-)shame: I've also been guilty of it in the past, when I was young . Is that reason enough to skew results and overestimate GPL-d software? I don't think so, I hope not, but ultimately I don't know. It'd be nice to rule out the possibility entirely. So if anyone is willing to do some sampling of affected debian/copyright files and propose patches for license-count to exclude those "false positives", please shout. (As a bonus point: that would also help to take more sound decision for the typical use case of license-count, i.e. deciding when a license should be added to /usr/share/common-licenses.) Other independent reviews of the results are equally welcome. Note: the above, as well as John's analysis, would be a trivial exercise if DEP-5 were already widely deployed in the Debian archive.

---

Update: add link to John's slides
Update 19/02/2012: Russ Allbery, author of license-count, posted a way more likely cause of data skew in John's analysis: double counting among the different types of copyleft licenses

My mutt-notmuch hack seems to be a quite popular way to integrate Mutt with notmuch. As a nice consequence, my (indexed!) inbox attracts patches from mutt-notmuch users eager to improve it. Collecting some of them, I've just tagged mutt-notmuch 0.2 with the following changes:

• readline support and query history
• support for spaces in mailboxes (use case: gmail+offlineimap)
• a new "tag" action
• normalization of =names to support mutt macros that pass folder names
• do not treat +opt as a valid cmdline option (to ease tagging)

Many thanks to Scott Barker, Christine Spang, David Newgas, and Ryan Kavanagh for the above patches. While I was at it, I've also moved mutt-notmuch repository to Gitorious. Git self-hosting is nice, but either you move to something like gitolite (which I didn't have time to setup and tune ATM) or you're stuck without merge requests which are quite nice. (Why not Github? Because.) If you're using mutt-notmuch you might also be interested in the discussion of libnotmuch support in mutt. I'd love to see that landing in mutt and be able to throw away mutt-notmuch entirely, but that seems a bit premature as of yet.

Fresh from the oven, monthly report of what I've been working on as DPL during January 2012.

---

Dear Developers,
here is another monthly report of what happened in DPL-land, this time for January 2012. There's quite a bit to report about --- including an insane amount of legal-ish stuff --- so please bear with me. Or not. Legal stuff

• Webmaster heroes have decided to tackle the long standing issues of copyright and licensing of the Debian website. I've accepted to help them out in reaching consensus with license choice and I'm happy to report that we've managed to pick a DFSG-free license (BSD-ish) for future contributions. Webmasters will soon contact contributors to re-license old contributions (or get rid of them), so hopefully will have a DFSG-free website RSN. Many thanks go to David Pr vot for successfully tackling such a can of worms.
• I've sought a second legal advice on the constraints that trademarks (might) impose on the work-flow of a distro like Debian. Luckily, it is coherent with one I've sought in the past so I'm now in condition to wrap up the "trademark vs DFSG" thread on -project with the missing legal information. Hopefully, I'll find time to do that sometime next week.
• I've restarted discussions with the Debian France association so that they can become a Debian Trusted Organization (as per Constitution 9.3). Members of the board of the association seem to be interested and I'm positive it could happen fairly soon. The importance of this is that we could use a back-up association in Europe to hold Debian assets, to complement the services that FFIS are already offering us.
• Thanks to the contributions of Benjamin Mako Hill and SPI lawyers, I've now what I consider a final draft of a trademark policy for Debian trademarks. Before proposing it to you, I'm waiting for some feedback from another umbrella organization for Free Software projects, that is working on a trademark policy for all their associated projects. As many Free Software projects are seeking trademark protection these days, I see benefits in having uniform (and sane!) policies. I hope to be able to gather the feedback I still miss this week-end at FOSDEM, and let you know shortly after that. Once this is done, we'll also be able to (finally!) relicense all kinds of Debian logos under a DFSG-free license. On this front, I've also updated http://www.debian.org/trademark with the information needed to contact us about trademark usage; hopefully it'll reduce the burden of answering to such inquiries.
• With the help of Kenshi Muto, Fumitoshi Ukai, Ishikawa Mutsumi, Shuzo Hatta, and Yasuhiro Araki we've started the process to move the Debian trademark in Japan from individuals (who are present or past members of the Debian JP association) to SPI. That would help dealing with these matters, as well as ensure that important Debian assets are held by Debian Trusted Organizations.
• I remind you that we've an ongoing complaint with the current registrant of debian.eu, domain that we believe Debian should legitimately own. Lawyers at SPI has now formally contacted the current owner and hopefully we'll be able to solve the issue amicably in the next months.
• Some of the past legal advice I sought for PPA came handy in a discussion on the legal risks of running a service like mentors.debian.net, hopefully addressing part of the issues in turning that into mentors.debian.org
• Patent policy for the Debian archive is now ready as well and I also have a patch for the website ready to be merged. I'm just waiting for the final blessing from SPI (lawyers) to go ahead and publish it.

Most of the above wouldn't have been possible without the precious help of folks at SFLC working for SPI and Debian. Be sure to thank SFLC for what they're doing for us and many other Free Software projects. Coordination Nobody stepped up to coordinate the artwork collection for Wheezy I've mentioned last month, so I've tried to do a little bit of that myself. The -publicity team is now preparing the call for artwork and hopefully we'll send it out RSN. In case you want to help, there is still a lot of room for that; just show up on the debian-desktop mailing list. Sprints A Debian Med sprint has happened in January, and Andreas Tille has provided a nice and detailed report about it. Some more sprints are forthcoming this spring, how about yours? Money

• We got from SPI a prepaid and rechargeable credit card that we can use for expenses or other kind of guarantees. Many thanks to Michael Schulteiss, SPI treasurer, for his help with that. Using it, we've redeemed 10k$ of credits offered to us by Amazon, that (thanks to ongoing work by Lucas Nussbaum) we're going to use to make our QA rebuilds independent from the underlying computing infrastructure.
• Thanks to the help of Luca Capello, we advanced quite a bit on forming the Debian Event Box kit that should make it easier to set up Debian booth at FOSS events. We bought the machine for it (for about ~755 CHF) and the box to contain it will soon be on its way as well. If you're at FOSDEM, tend to the Debian booth to check it out (and possibly help out with the technical setup).
• We've got quite a bit of donations during the December holidays. I've took the chance to thank donors, discuss what we do with donations and the status of publishing periodic Debian budgets.
• Pinged by Yves-Alexis Perez, I've now properly documented the fact that DDs are welcome to apply for hardware sponsoring, in case the hardware can be used to help/improve their Debian work. As suggested by Yves-Alexis, you can also advocate other DDs for hw sponsoring.
• Given hardware invariably age and that we can afford it, I've prodded DSA to prepare a general hardware replacement plan for our machines. Planning will go on this week-end and FOSDEM (thanks to Martin Zobel-Helas and Faidon Liambotis for their presence here) and I hope to have an approved machine replacement plan well before the end of the current DPL term (although I'm usually optimist...).

Important stuff going on Other important stuff has been going on in various area of the project in January. I'd like to point your attention to a couple of things:

• People active on debian-mentors have proposed an improved work-flow to deal with sponsoring/mentoring requests, based on the usage of a new pseudo package "sponsorship-requests". Thanks to Ansgar Burchardt, Jakub Wilk, Arno T ll, and Gregor Herrmann for working on this.
• Raphael Hertzog has kickstarted work on DEP-2, as a way to rationalize the flow of package-related information that (co-)maintainers get. Discussion about the idea are ongoing on the debian-qa mailing list.

Miscellanea

• Work has further progressed in reaching out to companies with an interest in giving support for, and contributing to Debian. Thanks to Alexander Wirt the technical work is now done and some sort of governance policy has been decided. Further step for me is to announce it properly hoping to reach out to as many interested companies as possible. I hope to finalize that in the next month. (If you're working for such a company and you happen to read this, feel free to reach out to me already.)
• I've completed an old todo item setting up and documenting titanpad.debian.net, service that has been requested for collaborative work during various kinds of online events. Help is welcome to help administering the service (see doc).
• SPI has clarified the role of project representatives and, as a consequence of that, I (as DPL) no longer receive SPI board discussions addressed to board@spi. That is good not only for the sanity of my inbox, but also because it puts all projects affiliated to SPI at the same level of communication within SPI. Thanks to Robert Brockway for his work on this.

In the unlikely case you've read thus far, thanks for your attention! Happy Debian hacking.

---

PS as usual, the boring day-to-day activity log is available at master:/srv/leader/news/bits-from-the-DPL.*

In less then 2 hours I'll leave for the Paris Nord station to catch a train headed to Bruxelles Midi. Plan of the week-end: attend and enjoy FOSDEM 2012!. I haven't submitted any talk for this year FOSDEM edition, but I've been invited (and gladly accepted) to join the round table on working with contributor communities on Sunday. I'm positive it will be a nice occasion to share ideas on how to structure local user groups around the world. Beside that, I plan to attend several talks of the cross-distribution, legal issues devrooms, hang around the Debian booth, as well as discuss many topics with people and friends from all over the Free Software multiverse. Too bad I'm still recovering from a recent minor health issue; I won't be able to get the most out of today's beer event. But I'll attend nonetheless, see you there?

A few days ago Yves-Alexis Perez asked me how many hardware sponsorship request I usually get from Debian Developers, that is how many people ask me to use Debian money to buy material that can improve their work on Debian and indirectly Debian itself. The answer is "too few".
Making it easier for our developers to improve Debian is a worthwhile investment of money donated to Debian. Of course such a use of money should be motivated (i.e. you should be able to justify how the material you're asking for would improve Debian and why it should be Debian paying for it) and transparent (i.e. you should periodically report about what you're doing with material that Debian has bought for you to use). The above two principles are what I've tried to convey in a new section of the sponsoring guidelines wiki page I've been maintaining for a while. Comments and improvements highly welcome! Equally welcome are advocacy messages for hardware sponsoring to other fellow Developers, as suggested by Corsac.

Our Dear Project Leader, Stefano Zacchiroli, regularly mentions the fact that there's an amount of Debian money available for hardware sponsoring of Debian developers, but it seems that not much people benefit from it. Each time I saw one of this reminder, I wonder if I should apply, and the anser is usually no. The fact is that I don't think any new laptop or desktop to do my Debian stuff, and the last time I bought a box (my x201s last summer) it was not really specifically for Debian tasks so I didn't dare to ask (not to mention the fact I bought it because I did have the money to do so). And I think this is mostly the problem. I might be wrong, but I think that most people which could benefit from this just don't dare asking or don't estimate themselves eligible for it. When I saw Ben Hutchings post, where the first thing he says is about how hardware is expensive, I thought hey, he should get some Debian money for buying new hardware: building kernel is really time consuming and having multiple powerful cores, more ram and fast disks/SSDs really helps . Turns out that Ben just didn't really want to spend too much money there, but the case still stands. We also see from time to time people saying they'll be offline for a while because of broken laptop or something like that. Once again, maybe those people wouldn't mind some help from the Debian project, and maybe they just don't think about asking, or they don't dare. So thinking about it a bit more, I think I wouldn't dare asking money for myself, but maybe I could dare asking money for other people (this is a bit like the flattr posts by Rapha l Hertzog, where he incited people to give money to projects he liked). If I'm not alone in this case, maybe those Debian developers who think some of their peers would benefit some hardware could drop them a mail with leader@ on copy, to propose just that. No need for huge publicity on that (in order to not embarass people), though the transparency rules still apply when it comes to Debian money.

Steve McIntyre has been contributing to Debian since 1996, 2 years before I joined! But I quickly stumbled upon Steve: in 1999, he was struggling with getting his debian-cd script to produce 2 ISO images (it was the first time that Debian did no longer fit on a single CD), I helped him by rewriting debian-cd with a robust system to split packages on as many ISO images as required. I remember those times very well because Steve was very supportive of my efforts and it was a real pleasure to get this done. His friendly nature probably also explains why he got elected Debian Project Leader twice! Anyway, enough history, check out his interview to learn more about the great work he s doing nowadays. My questions are in bold, the rest is by Steve. Raphael: Who are you? Steve: I m a professional software engineer, 37, living in Cambridge (England) with my new wife Jo. I studied for the EIST degree at the University of Cambridge, then (like many people here, it seems) I just forgot to go home again afterwards and settled here. I spent more of my study time playing with Linux than working on my degree, so I guess I m lucky that it worked and I found a career in that area! Raphael: How did you start contributing to Debian? Steve: During my time in college, I started hacking on software in my free time, using Slackware as my first Linux distribution from the middle of 1994. After encountering more and more problems with Slackware, I was encouraged by a number of friends to make the jump over to Debian and in October 1996 I did. The installation process back then was much harder than anything people see today, but after a long weekend I finally had my Debian system up and running. I was already one of the main upstream developers for the Mikmod music player at that time, so that very same weekend I applied to be a DD so I could maintain it in Debian too. Back then, the NM process was much simpler: I just mailed a key to Bruce and he set me up with an account almost immediately! I then found that Joey Hess had beaten me to it and already packaged Mikmod. Grrr! Raphael: What s your biggest achievement within Debian? Steve: Without a doubt, my proudest achievement within Debian is being elected Project Leader for 2 years by the other developers. It s a great feeling to have earned the trust of your friends and peers, and also a great responsibility to go and help Debian where needed: talking to the press about Debian, assisting wherever problems crop up, etc. The DPL job is certainly a lot of hard work, and I have nothing but respect for anybody who volunteers for it.

It s a great feeling to have earned the trust of your friends and peers.

Elsewhere, I ve been leading the Debian CD team for years too, both doing most of the maintenance of the debian-cd package and producing and testing the regular installation CDs and DVDs that we ship to the world. Again, this is a time-consuming job but it needs doing and it s worthwhile. Raphael: You re currently employed by ARM. What are you working on and are they supportive of your Debian involvement? Steve: The situation within ARM is very interesting; I m employed in PDSW (Processor Division, SoftWare), a new group founded just a couple of years back to help improve the state of software on ARM. Most of the people in the group are working on Free Software at this stage (e.g. toolchains, browsers, Linux kernel), which is lovely. Some of the engineers have also been seconded into a new non-profit company Linaro, which is a collaboration between ARM and a number of other companies investing in core Linux software and tools for ARM-based CPUs. I m one of the ARM engineers in Linaro, and I m a Technical Architect in the Office of the CTO. My role includes looking at future projects for Linaro to help with (e.g. ARM servers), but for the last few months I ve been concentrating on the new armhf architecture in Debian, Ubuntu and elsewhere. armhf is a new architecture in Debian and Ubuntu terms, but it s not strictly a new type of hardware. Instead, it s a new ABI. We have two reasons for doing this work:

1. It targets the latest version of 32-bit ARM CPUs (v7) and makes better use of the hardware, for better performance. Compare targetting i686 instead of i386, for example. We ll still support the older armel port for the foreseeable future for users with older hardware that can t run armhf.
2. More importantly: we are standardising on the ABI / compiler options / hardware support for future users.

In the past, there has been a huge amount of specialisation (aka fragmentation) in the ARM Linux environment, and that worked OK for specialised devices that only ever ran the software shipped with them. ARM CPUs are now becoming more and more mainstream, so people will expect to be able to install generic software on their machines. That gives a requirement for a standard base platform, and armhf (arm-linux-gnueabihf in GNU triplet terms) is that standard that we are pushing in the community. Debian, Ubuntu, Fedora, Suse and others are all going to use this, making compatibility possible. I ve been working with a small team of people to make armhf happen, helping where needed: putting together build machines; patching Debian packages directly; discussing and fixing toolchain issues with Ubuntu folks; agreeing ABI specifications with people from Fedora; advising people from other distros bootstrapping their new ARM ports. ARM and Linaro are very supportive of this work, and it s been lovely being sponsored to work directly on Free Software like this. It s work that will directly benefit ARM and its partners (of course!), but it s also helping out more generally too: Debian QA work, cross-build support, bootstrapping efforts, multi-arch. More and more of the ARM market is driven by Free Software, and companies are acknowledging that. I should probably also mention that we re hiring ! Raphael: What are your plans for Debian Wheezy? Steve: There are three main tracks here. Obviously, I m interested in seeing armhf release with Wheezy. We ve just been added to Testing last weekend, so that s going well. We ve got over 90% of the archive built now, and we re mopping up the remaining issues. I m the primary maintainer of cdrkit at this point, but I d prefer to have it go away. Xorriso and the associated software in libisoburn is almost capable of replacing all the aging cdrtools-derived software that we have in Debian, The only missing feature that I m aware of is creating the HFS hybrid filesystems that we use for installations on Mac systems. I ve been talking with the upstream folks about this for some time already, and I m hoping we can finish this soon enough that we can get it into Wheezy. Finally, I ve got the ever-growing wishlist of things for debian-cd. We ve got the beginnings of an automated test suite that Mart n Ferrari has written, but it needs integrating and improving. I want to help get regular weekly/daily/release debian-live builds running on the main CD build machine. There s work needed if we want to make good installation media for the new multi-arch world, too. The Emdebian people are asking for help making CD images The list goes on Raphael: The ARM community seems to be very interested in multi-arch. Can you explain why? Steve: There are a number of reasons for ARM people to be interested in multi-arch; two really stand out for me:

• With the historical issues around the plethora of ARM ABIs in the wild, multi-arch will allow us to potentially support multiple ABIs cleanly on one system. That allows users to have (for example) an up-to-date system that makes the most of their current hardware, yet also run legacy programs that might use an older ABI. There s also a new 64-bit architecture coming (ARMv8) which will run older 32-bit software; again, multi-arch makes mixed installation of old and new software reasonable.
• ARM has traditionally been a common target for cross-compilation, and I d expect that to remain the case for a long time to come yet. For a lot of embedded developers, using a big fast i386/amd64 machine to compile is much faster than using a limited-power small ARM CPU. However, setting up sane cross-compilation environments has long been a bugbear for developers. Getting the toolchain and all the cross-architecture libraries to work together correctly can be like black magic. This is potentially the killer app for multi-arch: simply install the libraries for the target architecture directly on your development machine. Install a simple cross-gcc package and (maybe) qemu, and you re all set.

This is potentially the killer app for multi-arch: simply install the libraries for the target architecture [ ], install a simple cross-gcc package [ ] and you re all set.

Raphael: What s the biggest problem of Debian? Steve: For me, Debian s biggest problem has been the same for a long time: we are forever short of enough people to do the work that we re trying to do. That might sound like a weird thing to claim when Debian is one of the largest Free Software projects on the planet, but it s more a statement of just how huge our goals are. Many of the largest things in Debian are developed or controlled by very small teams working very hard, and there s always a risk of losing people due to burnout in those situations.

We are forever short of enough people to do the work that we re trying to do.

Some of the tasks that should be easy given our large membership (e.g. large-scale packaging transitions) can often instead take a very long time. We are fortunate to have more people wanting to join in Debian s work all the time, but we also need to be careful to keep on promoting what we re doing and recruiting new contributors, encouraging them to get more and more involved in core work. Debian gets ever bigger in terms of the size and the number of packages we distribute; we re not currently matching that growth rate elsewhere. Raphael: What motivates you to continue to contribute year after year? Steve: This one is much easier to answer! The thing that first attracted me to Debian was the fact that I could help to develop it, help to decide how things could and should be done within it. Instead of being forced to accept what some corporation decided I could do with my computer, I could change the software to suit my needs and preferences. Alongside that, I could get involved with a strong community of similar people all over the world, all with their own strong opinions about how software should work. I joined in and found it was great fun and very rewarding. That hasn t changed for me in the intervening years, and that s why I m still around. I work on Debian because it helps me to get the OS that I want to use. It seems that lots of people around the world find it useful too, and that s awesome. Raphael: Do you believe that Stefano Zacchiroli will be the first DPL who managed to stay 3 consecutive years on the seat? Would you like him to candidate again? Steve: To be honest, I would be very surprised if Zack stood again for DPL this year. He told me himself that he wasn t planning on it, and I can understand that decision. He s been an awesome DPL in my opinion, and I m glad that he took the job. But: it is also a very difficult and time-consuming task that would be enough to wear down anybody. If Zack does decide to stand again, I would support him 100%. But I know that we also have lots of other good people in Debian who would be ready to take up the challenge next. Raphael: Is there someone in Debian that you admire for their contributions? Steve: There are lots of people I admire in Debian, so many so that I almost don t want to list individuals here for fear of missing people out. But Bdale Garbee has been an inspiration to many of us, for many years. He s technically excellent, a great friend to many of us, an endless source of sage advice and (last but not least) he has some wonderful stories to tell about his experiences over the years. On top of that, he s just cool. Christian Perrier is another exceptional developer, in my eyes he s great at co-ordinating people in translations, working tirelessly to make this very important part of Debian work better and better with every release. He s also a really nice guy and we all love him. I also have to mention Joey Hess here, whether he likes it or not. *grin* He s been responsible for so many good things in Debian over the years, even if he did steal my first package Finally, the teams of people who make sure that Debian is always working: the security team and DSA. The rest of us can choose to take time off from Debian to go and do other things, but these people need to cover things every day. That s a major responsibility, and I salute them for taking on that challenge.

---

Thank you to Steve for the time spent answering my questions. I hope you enjoyed reading his answers as I did. Note that you can find older interviews on http://wiki.debian.org/PeopleBehindDebian.

Subscribe to my newsletter to get my monthly summary of the Debian/Ubuntu news and to not miss further interviews. You can also follow along on Identi.ca, Google+, Twitter and Facebook.

One comment Liked this article? Click here. My blog is Flattr-enabled.

The end of the year is a period of time during which many people sit down and decide to donate some money to initiatives that pursue the public good. I have that habit myself. At the end of 2011 I've decided to donate to Wikipedia, as I consider Wikipedia to be one of the greatest achievements of humanity and I see a lot of value in keeping it running on a purely non-profit basis. (Not to mention that it's already quite annoying to see Jimbo's banners one month per year, go figure what would happen if those banners would suddenly turn into permanent advertisement banners!) You may wonder why I haven't donated to Debian, given my involvement in the project. In fact, that involvement is precisely why I didn't donate to Debian: there is some sort of sanity in keeping a distinction between causes to which I donate my spare time (the case of Debian) and those to which I donate money (the case of Wikipedia), and I like to keep that distinction. As DPL, I've the luxury of being cc:-ed on Debian donation notifications that flow through SPI, and I can also check the flow of donations to other Debian trusted organizations. This year, I've been particularly impressed by the high flow of Debian donations during the end of the year. Thank you, donors, it is thanks to your generosity that we keep many Debian activities going. Using the money people like you regularly donate to Debian we:

• buy hardware and hardware-related services that keep the Debian infrastructure running
• sponsor sprints and other events that allow volunteer developers to get together and work on Debian in fun and productive contexts
• support travel expenses of Debian developers that attend conferences or meetings as representatives of the Debian Project

On a more political note, I'm happy to observe that Debian incomes come almost entirely from private citizens. We do have big corporate sponsors, but their contributions tend to be concentrated as specifically earmarked donations for our annual conference. This is good for them, because they get the fancy banners on the DebConf website and at the conference. But it is also good for Debian, because a donation-based economy (as Debian's, with DebConf exception) is less likely to be influenced by the whims of a few big donors. But with (great) donations comes (great) responsibility. In particular, it comes the need of budget transparency. You can't go out soliciting donations and simply say "thanks, your contribution is appreciated". You need to show donors how their money are used, so that they can judge whether they made the right choice in donating to you or not. Whether they will donate again in the future or not granting long term sustainability to your project usually depends on that. So, if you have donated to Debian or are considering doing so in the future, here are a few of places where you can check what we have been doing with donated money:

• Minutes of SPI monthly meetings, that come with monthly reports of incomes and expenses of all affiliated projects
• the list of sprints, past and forthcoming
• "Bits from the DPL" mails (indexed on the DPL "team" page), that often come with a "money" section highligthing significant expenses for the reporting period
• the DebConf reports, that come with detailed "budgeting" sections of each DebConf edition

Albeit quite detailed, the above is not enough: we should do better on the transparency of Debian budget. For one thing, the above is too scattered: budget transparency should not depend on (potential) donors mixing and matching too many sources of information. Further more, the above is not even complete: SPI is not the only Debian trusted organization, and the accessibility of information about Debian budgets hosted at other organizations varies quite a bit. We've been working on improving this for the past year or so: we're not there yet, but I'm positive we can have detailed and comprehensive budgets encompassing all Debian trusted organizations published in the coming months . Why has it taken so long and what could possibly be so difficult about it? I think the cause of the delay is twofold:

1. The disperse nature of Debian adds some difficulties to regular accounting challenges. Contrary to other FOSS projects I'm aware of, we've many different trusted organizations, each one with its own different way of reporting things. The advantage of such a setup is that we can often avoid the costs of money transfers around the world, costs in which we'd incur had we a single organization holding our assets, say, in the US. Still, having too many organizations is counterproductive. This is why for the past 1.5 years I've been working on consolidating our money assets into as few budgets as possible (avoiding, for instance, to use more than one organization per currency).
2. We tend to be good at recruiting packaging geeks, but not so good at recruiting other kinds of geeks: budget geeks, artwork geeks, journalist geeks, management geeks, etc. But it is upon those other kinds of "geekness" that many activities of "standard" Debian geeks depend. For example: if you want to have a steady flow of new project members, you need to communicate effectively Debian values and make some buzz around them, so that you could hope they get to the right ears. If you want to organize sprints for maintainers to work together you need money donations, and to solicit donations you need a transparent budget. Etc. In the specific case of accounting, we're now lucky enough to have found "standard" Debian geeks who also have a passion for accounting and auditing; but that appaears to be, essentially, a coincidence. If we don't fix the more general problem, I believe our difficulties in recruiting "non-standard" Debian geeks might hurt us quite a bit in the long run.

The French government has published a call for tender for a 2 million euro contract to support Debian and CentOS systems throughout the French public administration. The news is a month old, but the call for bids is open until 9 January 2012. There is more coverage on a EC blog post as well as on Le Monde Informatique (in French). "Customers" of the bid winner will be almost all ministries of the French administration --- from prime minister to justice, from defense to sports, from education to culture --- for a 3-year period. The call requires ability to support most of the "usual suspects" among popular FOSS applications, but explicitly focuses on Debian and CentOS as distributions. It is by far not the first time it has happened, but it is always great for me to see major public administrations choosing community based distros (and Debian in particular ).