That's all folks ...
Sadly, nothing too much to report.I delivered a very quick three slides lightning talk on Accessibility, WCAG [Web Content Accessibility Guidelines] version 2.2 and a request for Debian to do better

WCAG 2.2: WCAG 2.2 AbstractDebian-accessibility mailing list link: debian-accessibilityI watched the other lightning talks but then left at 1500 - missing three good talks - to drive home at least partly in daylight.

A great four days - the chance to put some names to faces and to recharge in Debian spaces.

Thanks to all involved and especially ...
Thanks to Cambridge Debian folk for helping arrange evening meals, lifts and so on and especially to those who also happen be ARM employees who were badging us in and out through the four days

Thanks to those who staffed Front Desk on both days and, especially, also to the ARM security guards who let us into site at 0745 on all four days and to Mark who did the weekend shift inside the building for Saturday and Sunday.

Thanks to ARM for excellent facilities, food, coffee, hosting us and coffee, to Codethink for sponsoring - and a lecture from Sudip and some interesting hardware - and Pexip for Pexip sponsorship (and employee attendance).

Here's to the next opportunity, whenever that may be.

Quick recap of slides and safety information for the day from Steve McIntyre
Now into the Release Team questions following a release team overview.A roomful of people all asking questions which are focused and provoke more questions - how unlike a Debian session :)May just have talked myself into giving a lightning talk this afternoon :)Now about to have a talk about from Sudip about OpenQA, kernel testing and automation

Here s my (twelfth) monthly update about the activities I ve done in the F/L/OSS world.

Debian

This was my 21st month of contributing to Debian. I became a DM in late March last year and a DD last Christmas! \o/ I ve been busy with my undergraduation stuff but I still squeezed out some time for the regular Debian work. Here are the following things I did in Debian this month:

Uploads and bug fixes:

• rails (2:6.0.3.3+dfsg-1) - Fixing CVE-2020-15169/bug #970040.
• ruby-openid-connect (1.1.8-1) - New upstream version, v1.1.8.
• ruby-mini-magick (4.10.1-1) - Fixing FTBFS, bug #966936.
• ruby-open-graph-reader (0.7.0+dfsg-1) - New upstream version, v0.7.0.
• ruby-string-direction (1.2.2-1) - New upstream version, v1.2.2.
• ruby-jquery-rails (4.3.5-1) - New upstream version, v4.3.5.
• ruby-leaflet-rails (1.6.0+dfsg-1) - New upstream version, v1.6.0.
• ruby-jquery-rails (4.3.5-2) - Fixing FTBFS, bug #956604.
• ruby-rubocop-packaging (0.5.0-1) - Add support for auto-correct.

Other $things:

• Attended the Debian Ruby team meeting. Logs here.
• Mentoring for newcomers.
• FTP Trainee reviewing.
• Moderation of -project mailing list.
• Sponsored trace-cmd for Sudip, ruby-asset-sync for Nilesh, and mariadb-mysql-kbs for William.

---

RuboCop::Packaging - Helping the Debian Ruby team! \o/ This Google Summer of Code, I worked on writing a linter that could flag offenses for lines of code that are very troublesome for Debian maintainers while trying to package and maintain Ruby libraries and applications! Whilst the GSoC period is over, I ve been working on improving that tool and have extended that linter to now auto-correct these offenses by itself! \o/
You can now just use the -A flag and you re done! Boom! The ultimate game-changer! Here s a quick demo for this feature: A few quick updates on RuboCop::Packaging:

• Has 4 cops, solving 4 different issues.
• 3 of them support auto-correction. Just use the -A flag.
• 5 releases so far, latest being v0.5.0.
• GitHub Repository: https://github.com/utkarsh2102/rubocop-packaging/
• Release notes: https://github.com/utkarsh2102/rubocop-packaging/releases/
• Documentation: https://docs.rubocop.org/rubocop-packaging/
• Style guide: https://packaging.rubystyle.guide/
• Being used by over 55 projects! \o/

I ve also spent a considerable amount of time in raising awareness about this and in more general sense, about downstream maintenance.
As a result, I raised a bunch of PRs which got really good response. I got all of the 20 PRs merged upstream, fixing these issues.

---

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success. And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support). This was my twelfth month as a Debian LTS and third month as a Debian ELTS paid contributor.
I was assigned 19.75 hours for LTS and 15.00 hours for ELTS and worked on the following things:
(for LTS, I over-worked for 11 hours last month on the survey so only had 8.75 hours this month!)

LTS CVE Fixes and Announcements:

• Issued DLA 2362-1, fixing CVE-2020-11984, for uwsgi.
  For Debian 9 Stretch, these problems have been fixed in version 2.0.14+20161117-3+deb9u3.
• Issued DLA 2363-1, fixing CVE-2020-17446, for asyncpg.
  For Debian 9 Stretch, these problems have been fixed in version 0.8.4-1+deb9u1.
• Started working on ruby-kaminari, ruby-rack-cors, and ruby-json-jwt.

ELTS CVE Fixes and Announcements:

• Issued ELA 274-1, fixing CVE-2020-11984, for uwsgi.
  For Debian 8 Jessie, these problems have been fixed in version 2.0.7-1+deb8u3.
• Issued ELA 275-1, fixing CVE-2020-14363, for libx11.
  For Debian 8 Jessie, these problems have been fixed in version 2:1.6.2-3+deb8u4.
• Issued ELA 278-1, fixing CVE-2020-8184, for ruby-rack.
  For Debian 8 Jessie, these problems have been fixed in version 1.5.2-3+deb8u4.
• Also worked on updating the version of clamAV from v0.101.5 to v0.102.4.
  This was a bit tricky package to work on since it involved an ABI/API change and was more or less a transition. Super thanks to Emilio for his invaluable help and him taking over the package, finishing, and uploading it in the end.

Other (E)LTS Work:

• Front-desk duty from 31-08 to 06-09 and from 28-09 onward for both LTS and ELTS.
• Triaged apache2, cryptsetup, nasm, node-bl, plinth, qemu, rsync, ruby-doorkeeper, and uwsgi.
• Marked CVE-2020-15094/symfony as not-affected for Stretch.
• Marked CVE-2020- 9490,11993 /apache2 as ignored for Stretch.
• Marked CVE-2020-8244/node-bl as no-dsa for Stretch.
• Marked CVE-2020-24978/nasm as no-dsa for Stretch.
• Marked CVE-2020-25073/plinth as no-dsa for Stretch.
• Marked CVE-2020-15094/symfony as not-affected for Jessie.
• Marked CVE-2020-14382/cryptsetup as not-affected for Jessie.
• Marked CVE-2020-14387/rsync as not-affected for Jessie.
• Auto EOL ed ark, collabtive, linux, nasm, node-bl, and thunderbird for Jessie.
• Use mktemp instead of tempfile in bin/auto-add-end-of-life.sh.
• Attended the fifth LTS meeting. Logs here.
• General discussion on LTS private and public mailing list.

---

Until next time.
:wq for today.

The following contributors got their Debian Developer accounts in the last two months:

• Richard Laager (rlaager)
• Thiago Andrade Marques (andrade)
• Vincent Prat (vivi)
• Michael Robin Crusoe (crusoe)
• Jordan Justen (jljusten)
• Anuradha Weeraman (anuradha)
• Bernelle Verster (indiebio)
• Gabriel F. T. Gomes (gabriel)
• Kurt Kremitzki (kkremitzki)
• Nicolas Mora (babelouest)
• Birger Schacht (birger)
• Sudip Mukherjee (sudip)

The following contributors were added as Debian Maintainers in the last two months:

• Marco Trevisan
• Dennis Braun
• Stephane Neveu
• Seunghun Han
• Alexander Johan Georg Kj ll
• Friedrich Beckmann
• Diego M. Rodriguez
• Nilesh Patra
• Hiroshi Yokota

Congratulations!

Here s my (eighth) monthly update about the activities I ve done in the F/L/OSS world.

Debian

This month marks my 15 months of contributing to Debian. And 6th month as a DD! \o/ Whilst I love doing Debian stuff, I have started spending more time on the programming side now. And I hope to keep it this for some time now.
Of course, I ll keep doing the Debian stuff, but just lesser in amount. Anyway, the following are the things I did in May.

Uploads:

• ruby-aggregate (0.2.3-1) - got patches merged upstream.
• ruby-whenever (1.0.0-1) - new upstream version + take over maintenance.
• polybar (3.4.3-1) - fix GCC 10 compilation.
• ruby-dbus (0.16.0-1) - new upstream version + fix FTBFS (temporarily).
• ruby-rack (2.1.1-5) - use Dir.entries instead of Dir[glob]. Fixes CVE-2020-8161.
• ruby-espeak (1.0.4-2) - fix FTBFS (#952587).
• ruby-libnotify (0.9.4-1) - NEW (#961577). Needed by batalert.
• batalert (0.3.0-1) - NEW (#961580).
• golang-github-zyedidia-tcell (1.4.5-1) - fix tcell ID for micro.
• micro (2.0.4-1) - new release features + change in build path.

Other $things:

• Hosted Ruby team meeting. Logs here.
• Attended Debian Perl Sprints. Report here.
• Sponsored git-repo-updater and mplcursors for Sudip.
• Mentoring for newcomers.
• FTP Trainee reviewing.
• Moderation of -project mailing list.
• Got selected for GSoC 20 for Debian!

---

Experimenting and improving Ruby libraries FTW!

I have been very heavily involved with the Debian Ruby team for over an year now.
Thanks to Antonio Terceiro (and GSoC), I ve started experimenting and taking more interest in upstream development and improvement of these libraries. This has the sole purpose of learning. It has gotten fun since I ve started doing Ruby.
And I hope it stays this way. This month, I opened some issues and proposed a few pull requests. They are:

• Issue #802 against whenever for Ruby2.7 test failures.
• Issue #8 against aggregate asking upstream for a release on rubygems.
• Issue #104 against irb for asking more about Array.join("\n").
• Issue #1391 against mail asking upstream to cut a new release.
• Issue #1655 against rack reporting test failures in the CVE fix.
• Issue #84 against ruby-dbus for help with Debian bug #836296.
• Issue #85 against ruby-dbus asking if they still use rDoc for doc generation.
• PR #9 against aggregate for dropping git from gemspec.
• PR #804 against whenever for dropping git from gemspec.
• Packaged ruby-cmath as it was split from Ruby2.7; cf: (#961213).

---

Debian LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success. This was my eighth month as a Debian LTS paid contributor. I was assigned 17.25 hours and worked on the following things:

CVE Fixes and Announcements:

• Issued DLA 2191-1, fixing CVE-2020-10683, for dom4j.
  For Debian 8 Jessie , this problem has been fixed in version 1.6.1+dfsg.3-2+deb8u2.
• Issued DLA 2192-1, fixing CVE-2020-10663, for ruby2.1.
  For Debian 8 Jessie , this problem has been fixed in version 2.1.5-2+deb8u10.
• Issued DLA 2208-1, fixing CVE-2020-11026, CVE-2020-11027, CVE-2020-11028, and CVE-2020-11029, for wordpress.
  For Debian 8 Jessie , these problems have been fixed in version 4.1.30+dfsg-0+deb8u1.
• Issued DLA 2210-1, fixing CVE-2020-3810, for apt.
  This update was prepared by the maintainer, Julian. I just took care of the paperwork.
  For Debian 8 Jessie , this problem has been fixed in version 1.0.9.8.6.

Other LTS Work:

• Triaged tika, freerdp, and apache2.
• Mark CVE-2020-12105/openconnect as no-dsa not-affected for Jessie.
• Mark CVE-2020-9489/tika as no-dsa ignored for Jessie.
• Mark CVE-2020-11025/wordpres as not-affected for Jessie.
• Add fix for Add fix for CVE-2019-18823/condor.
• Requested CVE for bug#60251 against apache2.
• Raised issue #947 against sympa reporting an incomplete patch for CVE-2020-10936.
• Created the LTS Survey on the self-hosted LimeSurvey instance.
• Attended the second LTS meeting. Logs here.
• General discussion on LTS private and public mailing list.

---

Other(s)

Sometimes it gets hard to categorize work/things into a particular category.
That s why I am writing all of those things inside this category.
This includes two sub-categories and they are as follows.

Personal: This month I could get the following things done:

• Wrote and published my first Ruby gem/library/tool on RubyGems!
  It s open-sourced and the repository is here.
  Bug reports and pull requests are welcomed!
• Wrote a small Ruby script (available here) to install Ruby gems from Gemfile(.lock).
  Needed this when I hit a bug while using ruby-standalone, which Antonio fixed pretty quickly!
• Had a coffee chat with John Coghlan!
  Tweet here.

Open Source: Again, this contains all the things that I couldn t categorize earlier.
Opened several issues and did a PR review:

• Issue #15434 against phantomjs, asking to look into CVE-2019-17221. Still no action :/
• Issue #947 against sympa, reporting an incomplete patch for CVE-2020-10936.
• Issue #2102 against polybar, mentioning that the build is not reproducible.
• Issue #5521 against libgit2, mentioning that the build is not reproducible.
• Reviewed PR #5523 for polybar, which was a fix for the above issue.

---

Until next time.
:wq for today.

The following contributors got their Debian Developer accounts in the last two months:

• Gard Spreemann (gspr)
• Jonathan Bustillos (jathan)
• Scott Talbert (swt2c)

The following contributors were added as Debian Maintainers in the last two months:

• Thiago Andrade Marques
• William Grzybowski
• Sudip Mukherjee
• Birger Schacht
• Michael Robin Crusoe
• Lars Tangvald
• Alberto Molina Coballes
• Emmanuel Arias
• Hsieh-Tseng Shen
• Jamie Strandboge

Congratulations!