On Fri, May 31, 2019 at 5:32 AM Holger Levsen wrote: > LTS is accepted by the Debian community.
I'm not entirely sure this fully represents the range of feelings about the LTS efforts. There are a few things that are possibly concerning: Freexian is essentially the only available-to-hire provider of services for Debian LTS, as the Freeside link doesn't lead anywhere useful. This means that Freexian essentially does not have any competition in the provision of these services. Individuals or companies who don't like Freexian's offering do not have any other choices, short of going to the general Debian consultants list, who may or may not have the needed skills and would take time to search through. https://wiki.debian.org/LTS/Funding The funding breakdown for the LTS team appears to be 48% Freexian, 31% volunteer/unknown, 21% other companies. I don't have any data on the proportion of LTS work done by each of these groups, but I get the feeling that the majority of LTS uploads are done by Freexian folks. This means that if Freexian decides to end its provision of services for Debian LTS, then the level of work done for LTS would go down significantly. Were this to happen, it would either significantly damage the image of Debian due to having to end the LTS effort or require us to do work which we have had a hard time finding volunteers for in the past. https://wiki.debian.org/LTS/Team There is strong coupling between Debian and Freexian in the language on the Debian LTS pages and the Freexian pages. This is free advertising for Freexian's LTS services and representing Freexian's LTS services as "blessed" by Debian or somehow "official", which could be objected to by other companies who might decide to provide security support services. It may be prudent to remove or alter the language on the Debian LTS pages. https://wiki.debian.org/LTS/Funding As far as I can tell, the sole communication between the LTS team and the list of individuals/organisations doing consulting around Debian is a mail attempting to recruit folks to work for Freexian. As far as I can tell, there has been no suggestion that individuals/organisations doing consulting around Debian add themselves to the list of organisations available to hire to work on LTS. This means that the individuals/organisations doing consulting around Debian miss out on the opportunities to work on LTS. https://www.debian.org/consultants/ https://lists.debian.org/msgid-search/20160502094142.ga19...@home.ouaza.com Freexian doesn't fund LTS contributors who are not DDs/DMs: this eliminates skilled developers from outside Debian who could contribute to LTS via Freexian and eventually work on Debian more generally. This seems to have prevented at least one former Debian member who was interested in Freexian's offer from contributing. It might also make LTS funding seem like a reward for Debian insiders. https://www.freexian.com/services/debian-lts-details.html#join https://lists.debian.org/msgid-search/calqvjpbwcpvr82jrmxmcwuga_mn7wot425-qftvpqpb7aa7...@mail.gmail.com The structure of using existing Debian contributors and funnelling most of the funding to them through one company reduces incentives for companies wanting security support to direct their employees to work on Debian security support. This means that our contributor base stays more static and reduces the chance that new folks will join us. An alternate model where each of the companies currently sponsoring Freexian LTS services instead directed their employees to spend some hours on Debian security support seems more likely to lead to new people getting involved. -- bye, pabs https://wiki.debian.org/PaulWise
