Archive Page 3

Debian LTS Work August 2015

This was my fourth month as a Freexian sponsored LTS contributor. I was assigned 4 hours which was enough for me to release a fix for screen and review CVEs for libvpx and determine that they did not apply to squeeze-lts. The screen update is covered under DLA 305-1.


Why we care about administrivia (some of it, anyway)

We have enough debate about are things required by policy in Debian that, in my opinion we sometimes lose track of why things are a good idea to begin with. I just had a conversation via GitHub with a potential upstream developer (I’m looking into packaging something he developed) that reminded me about some of the reasons some of the non-code we try to ship are a good idea.

This is a Python based project. References to (manifest) translate to “extra files to put in the tarball” and references to sdist mean the source tarball.

UPSTREAM: Thanks for the pull request. Is there any place where I can find more information about this manifest file, and why it’s important to have one?

ME: There are two files (LICENSE and CHANGELOG) that it would be good to have in the sdist, each for their own reason:
We want LICENSE because since Debian distributes both source and binary we want a copy of the exact license for the code in our source distribution so the the requirements are clear and self-contained. I think this is a good general practice anyway.
We want CHANGELOG so we can ship it in the package documentation to enable users to see what has changed over time with the package. is just a way to add files to the sdist (it’s the normal way in distutils). I’m not that versed in setuptools myself, but I do know there are other ways to do it. What’s important (at least from our point of view) isn’t the file itself, but the added files it would add to the sdist.

If the isn’t shipped with the sdist, then a downstream distributor that modified the package might get a different result. I believe it’s a good general practice to include all the components of a package build system when you ship it.

That’s probably way more information than you wanted …

Debian LTS Work July 2015

This was my third month as a Freexian sponsored LTS contributor. I was assigned 4 hours which was enough for me to release a fix for python-tornado.  This is covered under DLA 279-1.  I also looked at the recent round of security updates for Postfix to see if we should publish an update for postfix 2.7 (which is no longer supported upstream). I haven’t decided for sure since all of the changes are configuration changes that administrators can make on their own and so it’s not clear the risks of breaking working configurations are outweighed on oldoldstable with the benefits of disabling insecure protocols.

Plasma 5 (KDE) In Testing

A few days ago, fellow Qt/KDE team member Lisandro gave an update on the situation with migration to Plasma 5 in Debian Testing (AKA Stretch).  It’s changed again.  All of Plasma 5 is now in Testing.  The upgrade probably won’t be entirely smooth, which we’ll work on that after the gcc5 transition is done, but it will be much better than the half KDE4 SC half Kf5/Plasma 5 situation we’ve had for the last several days.

The issues with starting kwin should be resolved once users upgrade to Plasma 5.  To use the current kwin with KDE SC 4, you will need to add a symlink from /usr/bin/kwin to /usr/bin/kwin_x11.  That will be included in the next upload after gcc5.

Systemsettings and plasma-nm now work.

In my initial testing, I didn’t see anything major that was broken.  One user reported an issue with sddm starting automatically, but it worked fine for me.  During the upgrade you should get a debconf prompt asking if you want to use kdm or sddm.  Pick sddm.

When I tried to dist-upgrade, apt wanted to remove task-kde-desktop.  I let it remove it and some other packages and then in a second step did apt-get install task-kde-desktop.  That pulled it back in successfully along with adding and removing a reasonably large stack of packages.  Obviously we need to make that work better before Stretch is released, but as long as you don’t restart KDE in between those two steps it should be fine.  Lastely, I used apt-get autoremove to clear out a lot of no longer needed KDE4 things (when it asks if you want to stop the running kdm, say no).

Here are a few notes on terminology and what I understand of the future plans:

What used to be called KDE is now three different things (in part because KDE is now the community of people, not the software):

KDE Frameworks 5 (Kf5): This is a group of several dozen small libraries that as a group, roughly equate to what used to be kdelibs.

Plasma (Workspaces) 5: This is the desktop that we’ve just transitioned to.

Applications: These are a mix of kdelibs and Kf5 based applications.  Currently in Testing there are some of both and this will evolve over time based on upstream development.  As an example, the Kf5 based version of konsole is in Unstable and should transition to Testing shortly.

Finally, thanks to Maximiliano Curia (maxy on IRC) for doing virtually all of the packaging of Kf5, Plasma 5, and applications.  He did the heavy lifting, the rest of us just nibbled around the edges to keep it moving towards testing.

Debian LTS Work June 2015

This was my second month as a Freexian sponsored LTS contributor. I was assigned 4 hours which was enough for me to update libclamunrar to the latest version we have, 0.98.5. This aligns libclamunrar with last month’s clamav update and resolved a potentially concerning double free error. This is consistent with the way clamav and its components are updated for Debian supported releases through proposed-updates. This is covered under DLA 250-1.  This update took longer than expected due to time spent wrestling with the git repository for the packaging, but that’s resolved now, so if future updates are needed, it should be much easier.

Debian LTS Work May 2015

This was my first month as a Freexian sponsored LTS contributor.  I was assigned 4 hours which was enough for me to update clamav to the current upstream version, 0.98.7.  This resolves a stack of CVEs and enables LTS users to take advantage of the latest anti-virus signatures and features clamav offers.  This is consistent with the way clamav is updated for Debian supported releases through proposed-updates.  This is covered under DLA 233-1.

I think I may be done …

I don’t have a lot more to say about the Ubuntu Community Council’s decision, backed up by the SABDFL, to, in secret, with no consultation with the rest of the leadership of the Kubuntu community (i.e. the Kubuntu Council) remove Jonathan Riddell than I’ve already said to them in the series of emails I’ve just made public.

Since I got involved in Ubuntu development in 2006, I’ve known we had a SABDFL.  I’ve never particularly liked it, but I understood it.  SABDFL created and funded both Canonical and Ubuntu.  His sand box, his rules.  Fair enough.  What I didn’t know until this week though was that we had more than one.

I invite people to re-read the Code of Conduct and consider how that relates to how the Ubuntu Community Council has handled their dispute with Jonathan Riddell.  I think their actions in no way comport to either the letter or spirit of the CoC.  I had held out some hope that this secret trial and expulsion decision was not supported by the SABDFL and that he would intervene to help de-escalate the situation so we could reach a reasonable resolution and move forward as a community.

Unfortunately, he didn’t.  What he said was, “The CC is entitled to choose who they will recognise as their counterparts and representatives in sub-communities like Kubuntu.”  The CC is entitled to choose.  So in addition to a SABDFL, we have a CC that can for whatever reason determine anyone is unsuitable to be in a leadership position.  I mention this specifically as a warning to others in leadership positions in Ubuntu.  You are very specifically not free to criticize the CC.  I’m sure they will push back and claim the issue isn’t the criticism, but the way it was done.  That may or may not be true, only they know, but I do know that there was no consultation done with the Kubuntu Council to try and resolve this.  Since they operate in secret, there’s no way to know when one is near or over whatever arbitrary line they choose to draw.

I don’t know what Jonathan did or did not do.  The CC have declined to provide any information to support their rather extreme accusations.  As far as I can tell (for example), regarding the accusation that Canonical employees have trouble working with him, I haven’t been able to find any despite several days of asking people who work for Canonical that I know work with him.  I suspect I know where to find the Canonical employees in question based on one of the replies in the extended discussion between CC and KC members, “It’s been stressful to everyone on the CC, particularly our members who work for Canonical and are powerless in this situation”.  It would be nice if they were adult enough to actually say specifically who they are and not hide behind anonymity in making this accusation.  Personally, I think this probably says more about the appropriateness of having Canonical employees on the CC than it does about anything Jonathan may have done wrong.

In the end, I don’t think it matters much what he did or not do.  For me, the primary point is about the CC’s complete failure to follow the CoC and the SABDFL approval of that.  Almost exactly six years ago, I wrote a blog post talking about being here for the freedom, Back home from UDS Karmic.  I still am.  In retrospect, I think I was a fool to expect freedom in a dictatorship.

Except in the unlikely event this somehow all gets undone, I plan to wind down my involvement with Ubuntu and move fully to Debian (where I’ve also been involved in development for some time).  I still have Ubuntu systems to support and they will take time to migrate.  Additionally, the CoC requires me to “Step down considerately”.  I’m not going to just dump everything so an appropriate transition won’t be fast.  It might not be a bad idea though that if you’re thinking I’m going to do something that isn’t finished, check with me and make sure I still plan on it, since my motivation level for Ubuntu work has about hit bottom.

This is not the Ubuntu project I joined in 2006.  I would like to have that one back, but it’s not my call.  I don’t think I will ever feel comfortable in what it’s become.  I’ll most regret leaving behind a lot of great people I’ve worked with.  Fortunately, many of them are active in Debian too, so I’ll still see them there.