Greetings everyone, [I have addressed this email to the LTS mailing list, with the security team in BCC. This is so that replies to this thread that are not of specific concern to the security team do not unnecessarily inundate them.]
**** Prologue As has been discussed on several occasions by now (e.g., on this mailing list, in IRC, and in any of several different LTS meetings/gatherings in the last few months), the LTS Team will be holding a sprint during DebCamp 25, with two primary focus areas: some LTS Team-specific needs and the security tracker. This message outlines various key bits of information. I have tried to keep this is as compact as possible and may have left something out in the process, so please do not hesitate to follow up with any questions or concerns. As I have been delayed in completing the necessary planning and sending out related announcements, I would ask that those who intend to participate please let me know ASAP (according to the guidelines specified below in the "Rules of engagement" section). **** Objective The objective of the DebCamp 25 security tracker sprint is to improve LTS Team tools and processes and along the way make improvements to the security tracker itself, as well as to associated/related tools, services, and documentation. The are many longstanding issues which affect the security tracker, both directly and indirectly. These issues affect the work of the LTS Team; some to a greater extent and others to a lesser extent. However, it is not necessary that things remain as they are. While we do continuously improve the tooling which the LTS Team uses to interact with the security tracker (and occasionally also which the security team uses as well), it seemed beneficial to organize and execute a focused sprint that would help to make substantial improvements in and around the security tracker. In particular, there are some changes which would be much more feasible if completed in a very short time and with the participation of multiple developers. We hope that this will not only result in marked improvements coming out of the sprint but will also create momentum to continue making improvements for some time. **** Issue categories and issue list The issues being targeted for the sprint fall into the following three categories: - Bug fixes and improvements to core elements of the security tracker itself - Bug fixes and improvements to tools and services which utilize the security tracker in some way - Documentation and miscellany which may or may not directly relate to the security tracker Rather than list the issues here in this email, I instead provide a link to planning issue in Salsa: https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/87 Please look at the proposed issue list (the issue description will be kept up to date with the latest canonical listing) and discuss any proposed additions/deletions/other modifications in the comments of that issue. **** Rules of engagement In order to try to keep things relatively organized, I would very much appreciate it if everyone could help by adhering the following rules of engagement. ******** Remember that the Security Team owns the tracker It is vitally important to remember that the Security Team owns the tracker; the LTS Team are guests with some added special privileges. We must take great care that any change does not break an existing workflow. If a change has even the possibility of breaking an existing workflow, then that requires prior coordination with the Security Team. Note that a number of the candidate issues for the Sprint have the possibility of altering the tracker in a way that may result in just that sort of breakage. Potential work of this sort needs to be discussed (in the issue or BTS bug which describes the problem/work); if a response from the Security Team is not made in a timely fashion, PLEASE PLEASE PLEASE do not ping the Security Team about this directly. Rather, get in touch with the coordinators and we will mediate the exchange or find an alternate path. ******** Declare intention to participate If you plan to attend DebCamp and/or plan to participate *during* the designated sprint days, please let me know. If you prefer to let me know via private email, then that is completely fine. Please note that the more detail you can provide, the better; the most important thing being information about what specific days you plan to be present at the DebCamp venue, so that we can ensure adequate workspace for everyone who will be there. ******** Assign or claim issues Because the list of issues targeted for the sprint is very likely to evolve as the event nears (since work may be started before the event itself, or may start between now and then), it is important to assign yourself to any issue(s) you may be working on. For situations where an ownership claim is not feasible (i.e., the Debian BTS), make a comment stating your intent to work on the issue. If you have specific interest in an issue that someone else has already claimed, then get in touch with that person. It may be that the issue could be split into distinct parts, or that there is enough work to support concurrent claims/work on the issue. Please keep this information up to date; if you stop working on something or decide you won't be able to, then release the claim; if an issue is completely resolved, then please make note of that (and let me know so I can update the planning issue); etc. ******** Feel free to start working on issues before the sprint While there is a particular emphasis on a concentrated effort to be executed during the sprint at DebCamp itself, there is no particular reason that work cannot start prior to and continue after the event. If a particular issue is ready for work and you have the spare cycles to begin the work, then please go ahead and do so, updating the status of the issue(s) as work progresses. This is especially true of brainstorming, design, and related sorts of tasks, that if completed in advance will allow for a more fluid pace of work during the sprint. ******** Suggest improvements At this point I have received fairly little input concerning the sprint and the planned work. It is doubtless that I have overlooked things and made mistakes. Please make sure to suggest improvements, modifications to the issue list, etc. Regards, -Roberto -- Roberto C. Sánchez
