Re: Gobby notes from diversity/inclusion BOF/workshop, Cambridge
On Sat, Nov 12, 2016 at 02:23:35PM +, Ian Jackson wrote: >... > Robust discussion is important but the time to stop is *before*, not after, > it's become personal. Is it possible to have a 'personality moderator' role in > Debian which could be used to help calm down argument? >... "personal" by the standards of which culture? As one example, polite/rude are partially the other way round in Germany and the UK, just like yes/no often have a swapped meaning in the UK. Worth reading: http://www.bbc.com/news/uk-politics-37799805 A quote from that article: "In Germany ... not saying what you mean is not forgiven. It's seen as dishonest, confused and ineffective." I am German. If you say "yes" when you mean "no", depending on the circumstances this is something I might consider a personal insult - and after that I might permanently consider you a dishonest person that cannot be trusted. I am pretty sure there are also lots of things I say or do that are completely normal and not rude in my culture, but might come across as rude to people in the UK or elsewhere. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Realizing Good Ideas with Debian Money
On Wed, May 29, 2019 at 07:49:25AM -0400, Sam Hartman wrote: > > [moving a discussion from -devel to -project where it belongs] > > > "Mo" == Mo Zhou writes: > > Mo> Hi, > Mo> On 2019-05-29 08:38, Raphael Hertzog wrote: > >> Use the $300,000 on our bank accounts? > > So, there were two $300k donations in the last year. > One of these was earmarked for a DSA equipment upgrade. > DSA has a couple of options to pursue, but it's possible they may > actually spend $400k on an equipment refresh. > > $200k doesn't really go that far in terms of big infrastructure projects > like bikeshed or similar. > > I'm looking for someone who would be willing to guide a discussion of > the Money issues Martin brought up in his campaign. I don't have time > to guide that effor myself. Real thought needs to be put into it; it > will be at least as much work as the discussions I'm leading on > packaging practices and git if done correctly. > > However it could be very valuable for the project. The information required for an informed discussion on this topic is missing. What is really missing in Debian is an annual report from the treasurer team covering all trusted organizations, listing the accounts of all income and expenses as well as the reserves. Some people are suggesting to spend 6 digit US$ amounts on whatever they consider important, while other people are spending their precious Debian time on getting mere 4 or 5 digit amounts of sponsorship for a DebConf or MiniDebConf. I don't see how these could both make sense at the same time. Just from looking at the SPI part I would say that Debian has some reserves that could be used if needed, but new substantial recurring commitments would not be reasonable since the long-term situation is that there are usually < US$ 100k per year in both regular income and expenses (excluding Debconf earmarks). Other trusted organizations might show a similar or a completely different picture - it is impossible to start the budgetary discussion you are asking for without the status quo of the Debian finances as a basis. > --Sam cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Realizing Good Ideas with Debian Money
On Fri, May 31, 2019 at 05:29:42PM -0400, Sam Hartman wrote: > >>>>> "Adrian" == Adrian Bunk writes: > > I agree that's missing. > > I don't think that is the important information needed to drive the > discussions I'm hoping someone will drive. > > Instead I'm more interested in seeing discussions at a high level. > > Talking about the issues involved in paying people to do work. > What the options are, collecting people's concerns etc. > > I actually think the first round of that can be done without significant > access to numbers. > > That said, I'd sure like that anual report (actually I'd love it > quarterly) you speak of above. > I'm not volunteering. Are you? My biggest high level concern is the income side, since this is the most difficult part and will likely also be the most controversial one. If I am driving this discussion the first round will be about the income side only, to get the numbers what is actually realistic at the expense side. Many divisive discussions at the expense side might then not even be necessary since they could anyways not get financed. > --Sam cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Realizing Good Ideas with Debian Money
On Fri, May 31, 2019 at 09:04:24PM +, Luca Filipozzi wrote: >... > When we last crunched the numbers, maintaining a 5y refresh (to stay in > warranty, etc.) would require $75k-100k/yr. We've avoided that level of > annual expenditure because we are keeping hardware longer than 5y and > we've had amazing hardware [donations][1]. >... For me this implies that Debian should aim at having at least US$500k reserves, to be prepared if there is no large donation coming for a future refresh. > Luca Filipozzi cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Realizing Good Ideas with Debian Money
On Fri, May 31, 2019 at 04:07:54PM -0700, Russ Allbery wrote: > Adrian Bunk writes: > > > My biggest high level concern is the income side, since this is the most > > difficult part and will likely also be the most controversial one. > > I could well be entirely wrong, but the part that I would expect to be the > most controversial is that, once Debian starts spending project money to > pay people to do work that other people in the project are doing for free, > the project is doing a form of picking winners and losers. Perhaps I am wrong on that, but I am associating the term "picking winners and losers" as an ideological statement used by US Republicans and Libertarians. For most people outside the US the underlying "government is bad" philosophy doesn't make any sense. > We're deciding > as a project that some people's work is valuable enough to pay for and (by > omission if nothing else) other people's work is not, and for all the good > intentions that we have going in, there are so many ways for this to go > poorly. I would say "work most people would never do unpaid". My personal experience with real-life self-organizing projects is that the hardest part is usually finding volunteers who clean the toilets daily. There are areas like DSA or security support that are essential, but not the "package the cool latest software" kind of work where volunteers are easy to find. >... > I assume the above is the sort of thing that Sam is referring to when he > says that we need to have a higher-level discussion if we're going to > pursue this idea. One higher level topic is the point from my first email that the overall handling of money in the project should be balanced and many of the problems are mitigated if additional money is not spent only on salaries. "Debian pays much for A but they want me to pay for B out of my own pocket" can be a problem - I wouldn't pay travel costs for Debian events out of my own pocket as long as Debian is spending money for the salaries of Outreachy interns since it would feel as if I were financing these salaries by paying for the travel costs myself. If being a DD automatically comes with the benefit of travel costs to a DebConf or MiniDebConf always being paid by Debian, then there would likely be a higher acceptance for salaries being paid. If salaries are being paid, then there should also be a proper budget reserved for people organizing events like a MiniDebConf so that they don't have to spend much time finding sponsors. But this direction of higher-level discussion only makes sense if there is a realistic prospect of a reliable long-term money source generating at least US$ 1m per year - there are completely different discussions depending on whether the additional money available to be spent each year would be US$ 0.1m, US$ 1m or US$ 10m. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Realizing Good Ideas with Debian Money
On Fri, May 31, 2019 at 11:46:02PM -0600, Eldon Koyle wrote: > On Fri, May 31, 2019 at 5:08 PM Russ Allbery wrote: > > > > Adrian Bunk writes: > > > > > My biggest high level concern is the income side, since this is the most > > > difficult part and will likely also be the most controversial one. > > > > I could well be entirely wrong, but the part that I would expect to be the > > most controversial is that, once Debian starts spending project money to > > pay people to do work that other people in the project are doing for free, > > the project is doing a form of picking winners and losers. We're deciding > > as a project that some people's work is valuable enough to pay for and (by > > omission if nothing else) other people's work is not, and for all the good > > intentions that we have going in, there are so many ways for this to go > > poorly. > > I think this is a very real concern. What if payment was structured as task > bounties rather than hiring full-time employees? Then the payment becomes > an acknowledgement that a task is undesirable or time consuming, rather > than a status symbol. Bounties can be useful for developing features. Bounties are not really useful for continuous tasks to keep the project runnning, like DPL or system administration. > Eldon Koyle cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Realizing Good Ideas with Debian Money
On Sat, Jun 01, 2019 at 09:09:26AM -0400, Sam Hartman wrote: > >>>>> "Adrian" == Adrian Bunk writes: > > >> > >> Talking about the issues involved in paying people to do work. > >> What the options are, collecting people's concerns etc. > >> > >> I actually think the first round of that can be done without > >> significant access to numbers. > >> > >> That said, I'd sure like that anual report (actually I'd love it > >> quarterly) you speak of above. I'm not volunteering. Are you? > > Adrian> My biggest high level concern is the income side, since this > Adrian> is the most difficult part and will likely also be the most > Adrian> controversial one. > > > Ah, I was actually asking if you wanted to volunteer to work on the > reports since you seemed to value them. I was only one quarter serious: > if you did want to do that work, I'd be thrilled, but I didn't really > expect it. Ah, seems I misunderstood that. Yes, I could work on the reports if you tell me how to get access to the data from the trusted organizations. >From SPI I get the reports, but for the other I have no clue. > I think it's actually impossible for a non-profit to reduce income from > expenses. > > It's a lot easier to do fund raising when you can explain why you want > the money. > I think it's no accident that when people learned our sysadmin team no > longer had hardware donors and was considering how expensive continuing > their current strategy was, we got two very large donations, one of them > intended to make that possible. > > Yeah, unless you want debt (which we almost certainly do not), income > needs to lead expenses. > But when people see you spending their money for purposes they believe > in, it's easier for them to give you more. When they understand your > needs they give more. >... This works well for one-time investments, but less so for ongoing expenses like salaries. It reminds me of NGOs that get drowned in more money than they can spend earmarked for a catastrophe that is in the news, but struggle to get enough money for running their headquarter. > --Sam cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Realizing Good Ideas with Debian Money
On Tue, Jun 04, 2019 at 09:24:59AM -0500, Gunnar Wolf wrote: > Philip Hands dijo [Tue, Jun 04, 2019 at 10:51:10AM +0200]: > > It occurs to me that we could establish some sort of hardship fund to > > make sure that someone who's current situation falls below some minimum > > that we could define, they would be able to apply for funding. > > > > For example, I recently bought some refurbished Lenovo X230 laptops for > > GBP 85.00 each, mostly because that seemed cheap enough that I'd be > > annoyed if my own X230 breaks and I'd not taken advantage of that deal. > > Also, my daughters clearly need laptops. > > > > If there's any DD/DM who's current hardware is more ancient than that, > > then if they'd like to upgrade, but cannot afford to, it seems to me > > that for a small outlay from Debian they might well be enabled to be > > much more productive. > > That's something I would clearly agree to. And it's a very different > issue from paying to perform a given task - It's reaching out and > helping those that can better contribute with the project. Besides, in > the example you present, they would be quite smaller expenses for the > project than what I would expect for a finish-a-hard-task gig. In general this is a reasonable approach, but it might turn out to be hard to define what is actually needed and by whom. > > We've also occasionally had people who've been part of the project fall > > on hard times, and I think that having the ability to quickly provide > > benevolent funding to someone who's e.g. been rendered homeless somehow, > > would also be something that we should try to make possible. > > > > Obviously, this might well bump into rules about what non-profit > > organisations can do, so the details would need to be carefully worked > > out. > > This could also work, provided it's done on an equitative basis and > not based on current/recent performance - having it as a > kind-of-safety-net. With some care so that's not a mechanism that can > be abused. And, yes, making sure it's a legal way to spend our money > (but I don't see why wouldn't it). IMHO this would be a very bad idea. There are many DDs in the US, a country that has a combination of very high healthcare costs and not universal healthcare coverage. What if a DD needs a life-saving procedure that costs a 6 digit amount not covered by any insurance? What if the child of a DD needs a life-saving procedure that costs a 6 digit amount not covered by any insurance? Or what if a DD lives in a country where a military conflict starts? E.g. the situation in Venezuela could quickly detoriate to something several orders of magnitude worse than being homeless in a first world country. Debian cannot be a safety net for everything that might go wrong in real life (but individual members of Debian might be willing to help). And legally it would likely also be problematic to spend money on healthcare bills or flying a family out of a country. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: RFC: endorse debian-mentors as entrance to our infrastructure projects
On Sun, Jun 09, 2019 at 12:55:14PM +0200, Jonas Meurer wrote: > Hi, Hi Jonas, >... > So here's the idea we came up with: We could explicitely broaden the > scope of debian-mentors to include any questions regarding Debian > infrastructure software. > That basicly would mean to explicitely mention "questions on > infrastruc-ture projects" in our docs about debian-mentors. > Additionally, when the infrastructure teams don't have time to mentor > new contributors, they could point them to debian-mentors. > > My hope is that having debian-mentors as an endorsed entry point for > diving into Debian infrastructure would lower the entry barrier > significantly for new contributors who'd like to dive into our > infrastructure software projects. > > What do you think about this proposal? who will provide the answers to non-trivial questions? For most packaging questions a list with plenty of DM/DD is sufficient to get an answer. For the typical infrastructure project the number of people in Debian who can answer non-trivial questions is in the low single-digits. > Cheers > jonas > > [1] Let me give two examples for such "infrastructure projects": > */ Many in Debian agree that Debbugs could need some love, but still > it's developed and maintained largely by one brave soul. >... What will happen if a newbie starts asking questions about debbugs on debian-mentors? Will the questions be ignored, or will you try to force this one brave soul to become a mentor for whatever people from the internet start asking questions? cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: RFC: endorse debian-mentors as entrance to our infrastructure projects
On Sun, Jun 09, 2019 at 02:56:53PM +0200, Philip Hands wrote: > Adrian Bunk writes: > > On Sun, Jun 09, 2019 at 12:55:14PM +0200, Jonas Meurer wrote: >... > >> [1] Let me give two examples for such "infrastructure projects": > >> */ Many in Debian agree that Debbugs could need some love, but still > >> it's developed and maintained largely by one brave soul. > >>... > > > > What will happen if a newbie starts asking questions about debbugs on > > debian-mentors? > > > > Will the questions be ignored, or will you try to force this one brave > > soul to become a mentor for whatever people from the internet start > > asking questions? > > Are you coming up with hypothetical worst case scenarios because you > actually think something about this is a bad idea? or because you do > not think the problem described exists? or just because you think life > is a hopeless shuffle towards our inevitable oblivion and that any > glimmer of hope needs to be exposed as the delusion that it is? >... Why are you assaulting me personally? This was one of two examples provided by Jonas, and I was questioning how it would work in practice. If you disagree with me, there would have been civilized ways to do so. The sun is shining and I'd rather go outside than wasting more time on an abuser like you. An entry in my kill file will protect me from receiving further assaults. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Debian supports pridemonth?
On Fri, Jun 28, 2019 at 11:59:36AM -0700, Russ Allbery wrote: > Roberto C. Sánchez writes: > > > Hispanic Heritage Month is coming in a few months (at least in the US, > > not sure about international observances). Perhaps Debian could make a > > public show of support for those of Hispanic origin (who tend to be > > drastically underrepresented in the community). We already missed Black > > Heritage Month this year in the US, but it is coming in October for > > Europe and will come round again in February in the US. Blacks, or > > African-Americans, are similarly underrepresented in the community. > > > Perhaps we could also show support for Jews and those of Jewish origin > > during one of the principal festivals (Passover, Weeks, or Tabernacles). > > I think this would be great. Explicitly saying to our various communities > on days of significance to that community that they are welcome and > supported in Debian seems like a warm-hearted and open gesture, and I > fully support it. My employer does this for four or five of the events > that are the most significant to company employees, and it's always very > welcome. > > The criteria I'd use (because we do have to draw some sort of line > somewhere, since there are more days or months like this than there are > days and months in the year if you look hard enough) is to let the > relevant community in Debian take the lead. That also avoids the > occasional issues where there is some supposed recognition of a group that > is controversial or unwanted within that group, which happens from time to > time because humans are complicated. > > So, we should look to our LGBTQ project members to decide what Debian > should do for Pride, to our Hispanic members to decide what Debian should > do for Hispanic Heritage Month, Why should Debian honor people in the US of one specific race? It might make sense for you to honor them inside your country, but for the other 95% of the population of this planet they are just people with the privilege of living in the US. > and so forth, since they're the experts on > what they would find the most meaningful within the Debian context. Debian having a position on general political issues can be dangerous. Let's talk about the BDS community in Debian and Debconf 2020. If Debian as a project is making general political statements, then having a Debconf in Israel without a strong public message regarding the situation of the Palestinian people would make Debian appear to fully support the Israeli side. Just like many LGBTQ project members might have a problem with Debconf in a country where homosexuality is illegal. Most people from Israel are nice people and clearly welcome in Debian, and so are contributors from countries where homosexuality is illegal. But if Debian does make political statements, then Debians position on the Israeli-Palestine conflict is a valid issue for discussions on project mailing lists and in GRs. The decision that Debconf 2020 will be in Israel can be overridden by GR. The easy way would be if Debian would consider itself a purely technical project and abstain from making any political statements, except ones strongly related to being a Linux distribution. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Debian supports pridemonth?
On Mon, Jul 01, 2019 at 10:10:53AM -0700, Russ Allbery wrote: > Adrian Bunk writes: > > > Why should Debian honor people in the US of one specific race? > > Because they are part of our community and the gesture would be meaningful > to them. To me, this is like asking why Debian should be acknowledge the > death of a contributor, or why Debian should congratulate a project member > on a major life milestone, or celebrate a project member winning an award. > > We do things like this because we are not a computer program. We are a > community of living, breathing people who care about each other and who > want to celebrate and support and welcome each other. >... It is also a meaningful gesture if some people are excluded from being welcomed. Would Debian honor a month of white heterosexual men? White heterosexual men are also living, breathing people, and they might actually be a majority of contributors. Many people are offended by the fact that it is always the same groups that are being welcomed. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Cultural differences and how to handle them
On Tue, Jul 02, 2019 at 08:14:40AM -0400, Sam Hartman wrote: > > [listmaster copied in hopes they will agree with my assessment here] >... > If you are going to participate in a diversity discussion beyond a > certain point you do need to actually spend some time with google just > as you would for any technical topic. > > In this instance, researching arguments about privilege, criticism of > the all lives matter movement, explanations behind the black lives > matter movement (and why it is important to its members) would all be > valuable. >... Trying to belittle or even deplatform people whose opinion you don't like is not a good way forward, unless you want to live in a culturally homogenous filter bubble. Which is not what a global project is. Looking at what other people are saying, and trying to understand why, made me realize that the core difference might actually be cultural differences in a diverse global project. Every country has its own conventions, problems and solutions. But these are often specific to one country, and not applicable to other countries or global projects. People should be expected to research movements that are relevant only in a handful of countries with < 10% of the earths population for being allow to discuss on Debian lists. Hispanic people only being welcome for diversity in Debian if they already have the privilege of being in the US, but not welcome for diversity in Debian if they live in Mexico or South America might only make sense from a US-only point of view. Let's look at some non-obvious but possibly relevant differences: People in the US are used to minority quotas in various places. In most European countries it would be considered unacceptable racism if skin color would play any role in university admission. Children in the US grow up learning that they are living in the greatest country in the world, an example for the world. Children in Germany grow up learning that "I am proud of being German" is an unacceptable antisemitic expression, nearly synonymous to "I am proud of the holocaust". In this discussion here we have two pretty distinct groups of people: The first group has the opinion that Debian should honor various minorities, and that Debian in general should have also a political mission. The second group is unhappy with people being honored by Debian for non-technical reasons, and wants Debian in general to be a non-political technical project. Easy to miss, but obvious once you are aware of it: The people with English as native language are in the first group. The people with German as native language are in the second group. It is likely not the language itself and causes might be different from what I outlined above, but it looks pretty clear to me that language/cultural/geographical differences are the root cause of these disagreements. And this makes you appear very offensive, and it might even drive people out of Debian, if you try to push your groups opinion in Debian mistakenly thinking people who fundamentally disagree with you would only be uninformed. > --Sam cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Cultural differences and how to handle them
On Tue, Jul 02, 2019 at 11:21:03PM +0300, Adrian Bunk wrote: >... > People should be expected to research movements that are relevant only >... People should *not* be expected to ... cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Cultural differences and how to handle them
On Wed, Jul 03, 2019 at 01:00:42PM +0100, Ian Jackson wrote:
> Adam Borowski writes ("Re: Cultural differences and how to handle them"):
> > On Tue, Jul 02, 2019 at 11:21:03PM +0300, Adrian Bunk wrote:
> > > People in the US are used to minority quotas in various places.
> > >
> > > In most European countries it would be considered unacceptable racism
> > > if skin color would play any role in university admission.
>...
> 3. What you say about positive discrimination is simply untrue in at
> least the UK. See for example Equality Act 2010 Part II Chapter 2,
> "Positive action".
Don't blame Adam for things I said.
"most" != "all", and AFAIK the UK differs from continental Europe on
that and is closer to what is being done in the US.
Which also matches what side people from the UK are in this discussion.
cu
Adrian
BTW:
Was your longer reply to me intentionally only Cc'ed to
antiharassment/listmaster/leader, or could you forward
it also to debian-project?
There is nothing private involved, and if you want want action to
be taken against me for my statements in this discussion then let's
discuss this openly.
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
Re: Cultural differences and how to handle them
On Wed, Jul 03, 2019 at 07:05:08AM -0600, Jason Crain wrote: > On Tue, Jul 02, 2019 at 11:21:03PM +0300, Adrian Bunk wrote: > > On Tue, Jul 02, 2019 at 08:14:40AM -0400, Sam Hartman wrote: > > > > > > [listmaster copied in hopes they will agree with my assessment here] > > >... > > > If you are going to participate in a diversity discussion beyond a > > > certain point you do need to actually spend some time with google just > > > as you would for any technical topic. > > > > > > In this instance, researching arguments about privilege, criticism of > > > the all lives matter movement, explanations behind the black lives > > > matter movement (and why it is important to its members) would all be > > > valuable. > > >... > > > > ... > > People should [not] be expected to research movements that are relevant > > only > > in a handful of countries with < 10% of the earths population for being > > allow to discuss on Debian lists. > > The Black Lives Matter and All Lives Matter references were intended to > explain that the suggestion to replace gay pride month with an "all are > welcome" event is not going to be viewed as inclusive, but is going to > be viewed as an attempt to dismiss and ignore LGBTQIA+ / other minority > issues. >... ... be viewed *by people in the US* as an attempt to ... Slavery in the United States, the US Civil War, Martin Luther King Jr., Black Lives Matter, All Lives Matter - these are part of your cultural background that can explain how you think about these things. Starting and losing two world wars, the holocaust, Germany being divided after the second world war, people living in non-free societies 1933-1945 and in East Germany then until 1990 - these are part of the German cultural background and can explain how we Germans think about things. In this gay pride month discussion what is politically correct for people in the US is considered offensive by people in Germany, and what would be considered politically correct by Germans would be considered offensive by people in the US. This is the root cause of disagreement in this discussion. And it is not correct if we are asked to learn about your history and cultural background just for being allowed to discuss that we consider something offensive. Diversity in a global project requires accepting that there are major cultural differences between participants. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Cultural differences and how to handle them
On Wed, Jul 03, 2019 at 04:07:40PM +0200, Ulrike Uhlig wrote: > Hi! > > > On 02.07.19 22:21, Adrian Bunk wrote: > >> On Tue, Jul 02, 2019 at 08:14:40AM -0400, Sam Hartman wrote: > > > Every country has its own conventions, problems and solutions. > > But these are often specific to one country, and not applicable > > to other countries or global projects. > > People should be expected to research movements that are relevant only > > in a handful of countries with < 10% of the earths population for being > > allow to discuss on Debian lists. > > > Let's look at some non-obvious but possibly relevant differences: > > > > People in the US are used to minority quotas in various places. > > > > In most European countries it would be considered unacceptable racism > > if skin color would play any role in university admission. >... > So surely, on paper, universities do not discriminate, >... Some US universities do consider race in admission. It is called "affirmative action". White people need to be better than black people for university admission. Asian people need to be better than white people for university admission. And this consideration of race is done officially. I have never heard about a German university officially stating that they are giving preferred treatment in admission for people with Turkish roots because they are underrepresented among students. Officially asking people about their ancestry in university admission would also remind people of terms like Ariernachweis and Halbjude, which makes the holocaust a reason against doing that in Germany. > Cheers, > Ulrike >... cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Cultural differences and how to handle them
Adding debian-project back in my reply since this is about a public mail I wrote, and a statement by the AH team is not a private conversation. On Thu, Jul 04, 2019 at 01:01:14AM +0100, Steve McIntyre wrote: > Adrian, Steve, > On Wed, Jul 03, 2019 at 07:05:54PM +0300, Adrian Bunk wrote: > > > >Some US universities do consider race in admission. > >It is called "affirmative action". > > > >White people need to be better than black people for university admission. > >Asian people need to be better than white people for university admission. > > This kind of statement has *no* place in Debian forums. > > Regardless of culture or background, it is utterly inappropriate within > the Debian community to characterise affirmative action as "black > people don't need to be as good as white people" etc. my understanding of affirmative action in the US is that where it is in place some white people get admitted to university, even though asian people with the same qualifications are not being admitted. Which sounds to me as if we white people don't need to be as good as asian people for getting admitted to university. I would consider this racism against a minority, but due to your different cultural background you might consider it appropriate. I am coming from a cultural background where asking about ethnicity during university admission would be considered inappropriate. And becoming aware of such differences makes me for example understand better why I consider Debian Outreachy racist, but other people do not. If anything I say is incorrect, please say what and why. And please do so publicly, otherwise whatever incorrect things I wrote might be considered correct by other people following the discussion. On a higher level, I wonder how much of such conflicts like differing opinions on whether Debian should support pridemonth are based on people in the US and UK mistakenly thinking that problems and discussions and solutions for diversity in their countries would also apply 1:1 to a global project. Is there anything or anyone in the Open Source world providing support by highlighting cultural differences, and how global Open Source projects can handle them best for welcoming global diversity? > Steve, for the AH team cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Keysigning in times of COVID-19
On Thu, Aug 06, 2020 at 05:54:21PM +0200, Enrico Zini wrote: >... > Technically, every DD has their own policies for signing keys, >... > It might require to check a government issued photo ID, or it might not. I thought this was the sole fixed requirement for keysigning. >... > As DAM, I would have a problem if someone automatically signed the keys > of every stanger who asked them nicely in an email. At the same time, I > am open to the idea of policies that do not require meeting people in > person. >... Why are you requiring key signing at all when it has no defined semantics? Many DDs check only the government issued photo ID for signing a key and this is also how keysigning parties work, but if this is considered optional there is do defined meaning to a signature. If you as DAM do not have a problem if DDs have own policies that do not require checking a government issued photo ID, then I do not see why the key signing requirement exists at all. > Enrico cu Adrian
Re: Keysigning in times of COVID-19
On Sun, Aug 09, 2020 at 12:20:53AM -0500, Gunnar Wolf wrote: > Adrian Bunk dijo [Fri, Aug 07, 2020 at 04:46:18PM +0300]: > > Why are you requiring key signing at all when it has no defined semantics? > > > > Many DDs check only the government issued photo ID for signing a key and > > this is also how keysigning parties work, but if this is considered > > optional there is do defined meaning to a signature. > > > > If you as DAM do not have a problem if DDs have own policies that do not > > require checking a government issued photo ID, then I do not see why the > > key signing requirement exists at all. > > FWIW, and as I said in my other mail - Each of the three keyring-maint > members have different policies. > > The word "trust" also has many different meanings and values, but we > treat it as a binary thing here - Do two people trust the person > controlling 0xDEADBEEF to be Gunnar Wolf or not? >... What is the reason for this mapping of a key to a non-unique name? The point can be made that Debian should know the legal name of the people who are allowed to upload to the archive. But this is defeated if it is permitted that I instead just certify by signing the key that I trust the person controlling 0xDEADBEEF is some real-life or online person using the name Gunnar Wolf without verifying against a government issued photo ID. If this is permitted, then anyone advocating for DM or DD should be expected to sign the key without checking any ID. If I trust you to upload to the archive, then I should also trust that you are who you claim to be. And without a strong reason for requiring identity verification, the main "benefit" of the requirement of 2 signatures for which most DDs require in-person meeting is that it reduces diversity in Debian. When you need signatures in a place with many DDs, you just check when and where the local open source meetup is, go there, and ask who is a DD. I can offer first-hand experience that this works. And the two local DDs I knew from non-Debian contexts were not even present. But in places that do not already have too many DDs, getting signatures can require real effort and expenses. cu Adrian
Re: Potential Summary: Keysigning in times of COVID-19
On Thu, Aug 13, 2020 at 09:23:58PM +0100, Steve McIntyre wrote: > On Thu, Aug 13, 2020 at 09:03:00PM +0200, Adam Borowski wrote: > >On Thu, Aug 13, 2020 at 11:08:01PM +0530, Pirate Praveen wrote: > >> I think the point about fake idenity documents is, it being a criminal > >> activity and make one liable for prosecution. So it is not just about > >> immediate cost of getting a fake id, but the is high risk if you are > >> caught. > >> Not all frauds get caught, but some do get caught and it probably serves as > >> a deterrant or it sufficiently sets the bar very high (I think 3 letter > >> agencies can still take the risk). > > > >I don't think someone could possibly be prosecuted for using a fake passport > >to obtain a gpg signature. Especially with the link between meeting a DD > >many months earlier and that criminal betrayal being so tenuous. > > It's clearly fraudulent under at least UK law. I'm sure it would also > be elsewhere. You might struggle to get police to pick up the *case*, > but... This does not even matter when there are DDs who sign keys with fake names that are not printed on any (real or fake) government documents... cu Adrian
Diversity in an international project
On Tue, Apr 06, 2021 at 01:23:11PM -0700, Steve Langasek wrote: >... > Debian's diversity statement commits us to be welcoming to all people > regardless of who they *are*. > > It does *not* commit us to welcome all people into our community regardless > of the *idealogies they express*. > > Nazis can fuck off. >... Our diversity statement says: No matter how you identify yourself or how others perceive you: we welcome you. We welcome you, no matter whether you identify yourself as Nazi or whether others perceive you as Nazi. Our diversity statement says: We welcome contributions from everyone as long as they interact constructively with our community. It does not matter what one personally thinks about Nazis, or what one personally thinks about people who supported Drone Murder Obama, or what one personally thinks about people who call him Drone Murder Obama, we have committed to accept contributions from them. And this is important: Do we want Debian to be a project representing the affluent IT elite in the US and their political opinions, or do we want Debian to be a diverse international project with contributors everywhere in the world? As far as I know one of the largest users of our work in Debian is the Russian military, and we might have contributors from Russia with quite diverging views on domestic issues of their country. We do have developers in China, Hong Kong and Taiwan. There are many other places in the world where we either have members or would like to have members. When you use the word "Nazi", I have to think of current events in the real world where words like "concentration camps" and "genocide" are frequently used. If membership in Debian would imply anything about political opinions, this could get some of our members into untenable positions where I would be worried about their safety. cu Adrian
Re: Debian should not engage in politics and stay neutral [was: This is not the direction that will lead to hearing each other]
On Fri, Apr 09, 2021 at 02:11:11PM -0400, Tiago Bortoletto Vaz wrote: >... > Please, let's first agree that it's not (only) about his 'personal view on > some > topics'. Most people defending RMS on this list seem to have suddenly > s/actions/views/g in their spell checker. So, just to put words back to their > place: it's about his incessant *actions* over the years, which may or may not > been directly connected with his (publicly stated) views. And his *actions*, > and not his views alone, have hurt the community in many many ways. And this > community is about software freedom, the thing you said you believe on, and > the > thing that keeps you motivated to contribute to Debian. >... This community would not exist without the actions of RMS. RMS founded the free software movement. RMS created the GNU project. RMS wrote emacs for the GNU project. RMS wrote gcc for the GNU project. RMS wrote gdb for the GNU project. RMS wrote the GPL. RMS founded the FSF. Linus Torvalds originally used a non-free licence for Linux, before switching to the GPL. The core of Debian are the tools from the GNU project. In the early days of Debian, RMS through the FSF employed the DPL full-time for his work on Debian. An open letter stating there would be "no place in the free software community" for RMS is hugely offensive for many people who are aware that the free software community would not exist without RMS. RMS has always been a polarizing figure in the 38 years since he founded the free software movement, but the same traits that make him difficult are the reason why he stubbornly created this community against all obstacles. cu Adrian
Re: DEP-16 Confidential votes
On Tue, Apr 13, 2021 at 11:41:52AM +0200, Timo Röhling wrote: >... > Also, I want to clarify that > the current protocol with hash pseudonyms for secret voting in DPL elections > is not in the Constitution either >... 4.2.6 Votes are cast by email in a manner suitable to the Secretary. > If you still think that a DEP is not the appropriate place for this, > I'll gladly put it elsewhere (I would be grateful for suggestions, > though). It would sound like a good idea to me that a GR to change the constitution to make all votes secret should also add language like "in a verifiable way". Regarding technical details: What improvements do you have in mind? Will you be the person who implements them? Has this been discussed with the Project Secretary? > Cheers > Timo cu Adrian
Re: Debian and GitLab Open Source Partnership
On Sun, Jul 25, 2021 at 08:23:21PM -0400, Donald Norwood wrote: >... > On 7/25/21 12:19 PM, Pierre-Elliott Bécue wrote: > > > > Out of the blue, without any more context and content, I am not sure to > > be happy with this news. > > > > To me, such a partnership is something quite stronger than sponsorship > > and I'd be a bit ill-at-ease with it being done without the whole Debian > > Members being consulted. > > ... > > Apologies if you thought this was out of the blue, we are currently and > still in the process of bringing the awareness of the partnership to the > community prior to the main announcement, but as with any news it is > about the timing of the message delivery. > > Rest assured there were several hands on our side that went into the > initial discussions from Debian Partners to DebConf Sponsors, to the > DPL, and Press, all of us tasked with seeing things through that will > benefit the project. >... Debian as a project actively promoting open core software would be quite a change since so far Debian was the major distribution pushing the most for a system with only free software as defined by the Debian Free Software Guidelines. The Social Contract we all agreed to states that "Our priorities are our users and free software". There are many developers, and also many companies some of them close to Debian, for whom fully free software is a mission. Debian promoting a company with an open core business model is a slap in the face for many people. Why has such a major change for the whole project not been discussed with all developers? > Be well, > > -Donald cu Adrian BTW: It is clear that open core software whose open source version is under a DFSG-free licence is welcome in Debian, users are free to use non-free software on Debian, and mentioning sponsors at an appropriate place has not been controversial.
Re: What do you win by moving things to non-free?
On Fri, Apr 15, 2005 at 10:35:36PM -0400, Glenn Maynard wrote: >... > > What do you win by moving things to non-free? > > You inform people that what they're using is not Free. That's a fundamental > purpose of non-free: to be able to make some important but non-free pieces > available to users, while allowing users to know that some of the stuff > they're using is non-free, if they care. > > You present some incredibly strange arguments: you're not arguing that the > gcc manual is Free, but instead, apparently, saying "we shouldn't move non- I'd personally consider the gcc manual being free. But I'm attacking another point in the chain: Is the effect of what you are doing really in the spirit behind it or is it counter-productive? > free stuff to non-free because it teaches people that they need non-free > things". Here's a tip: it's a *good thing* to teach people that they > still need non-free things, if it's the truth; it just might inspire > people to create free versions, or convince the FSF to free up their works. > That's a fundamental reason for separating non-free, and that's never changed. What is the impression of the people you try to teach something to? First of all note that the vast majority of Debian users did choose Debian for technical reasons like the stability of stable or the working upgrades. If a system administrator has to choose between e.g. Gentoo and Debian, the percentage of system administrators who understand or want to understand the differences between the "free software" definitions of the two projects will be negligible - the decision will be based on technical reasons and personal preferences. Even further many Debian installations are used as a basis for non-free software - which is a configuration Debian has promised to support. As an example, 14 000 computers in the administration of my home town will soon be based on Debian. This project will be a success for both the companies who got the contract and the overall public reputation of Linux and Debian if the resulting solution will be able to completely replace the current Microsoft-based solution. If the resulting solution will fail, this will be a major drawback in the public reputation of Linux. I doubt anyone will care how many percent of this solution will be DFSG-free. The point when you can teach people about non-free comes later: One day, a system administrator using Debian asks: Why is $foo in non-free? Case 1: foo = nvidia binary modules Answer: Because these modules are binary-nonly and therefore undebuggable for everyone except Nvidia. They give you a much better 3D performance, but they sometimes lead to kernel crashes. Case 2: foo = some documentation Answer: Because the document contains a invariant section in which the author says he dedicates this manual to his dead father. In the first case you might have convinced a system administrator that non-free software has serious disadvantages. In the second case you'll hear a loud laugher. > Glenn Maynard cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: What do you win by moving things to non-free?
On Sat, Apr 16, 2005 at 12:31:23AM -0400, Glenn Maynard wrote: > On Sat, Apr 16, 2005 at 05:54:08AM +0200, Adrian Bunk wrote: >... > > Case 1: foo = nvidia binary modules > > Answer: Because these modules are binary-nonly and therefore > > undebuggable for everyone except Nvidia. They give you a > > much better 3D performance, but they sometimes lead to > > kernel crashes. > > > > Case 2: foo = some documentation > > Answer: Because the document contains a invariant section in which > > the author says he dedicates this manual to his dead father. > > > > > > > > In the first case you might have convinced a system administrator that > > non-free software has serious disadvantages. > > > > In the second case you'll hear a loud laugher. > > Maybe, since you conspicuously omitted the "and therefore" part in > case 2; the practical problems with invariant sections have been well > explored. (I'm not going to waste my time digging up discussions about > them for you, since you'll just complain that they're not an "official > position statement". Find them yourself.) It's not about a "and therefore" in the text I wrote. You missed my main point: Most people can't be convinced by reading a statement what Debian considers free and what not. But they can be convinced by technical arguments why free software is superior. You can convince people that non-free software is bad if you explain stability problems with the nvidia binary modules or the reason why majordomo was removed from non-free to them. The invariant section issues are things you can discuss inside Debian or with me or with the FSF. But for nearly everyone else the result if you explain the GFDL problem will be that he thinks that the differences between free and non-free software are pretty small. > Glenn Maynard cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RFC: Changing the NM system
Hi, I want to suggest to change the way NM works. Currently, someone applies at [1] and if he's lucky he has his account less than 2 months after he applied. My impression is that currently maintainers are accepted too early. For some AMs it's enough that they build one package (and thanks to debhelper it's relatively easy to build a package) and even if they make a buggy package this is sometimes enough to pass the "Tasks & Skills" test (e.g. in [2]). We have currently over 600 developers and at about 6000 packages that have over 600 RC bugs. If we don't have severe look at the quality of the work of new maintainers it will become very hard to retain our reputation of being a high quality distribution. Another important thing: We trust every single developer: - We trust him when he signs the GPG key of a prospective developer. - A developer can make an upload for every single package in Debian. We trust him that he doesn't do any harm. - Every Debian developer represents Debian (e.g. at exhibitions). And another small point: When we let people become developers very fast it's more likely that someone who has the idea "I want to get a @debian.org address" but doesn't want to do do long term work for Debian becomes a member of Debian - and we get more packages whose maintainer is AWOL. I propose to stop the current NM process and to reorganize it. I suggest the following instead (important is the general idea, not the exact details): Someone starts working for Debian (e.g. by maintaining packages or helping at a port). After some months his sponsor, one of the port maintainers,... (or wherever the applicant participates in Debian) says that he does good work (e.g. high quality packages, quick reaction at bug reports,...) and suggests to the NM team that he should become a Debian account. The NM team (perhaps the current NM-Committee plus other interested Debian developers) then looks critical at the work of the applicant, makes a "Philosophy and Procedures" check,... and discusses and decides whether the applicant will be a valuable gain for the project. Additionally, we'll need a better organized sponsorship program to help applicants to work for Debian. I am willing to help at the reorganization and in the changed NM system (although my QA work will have a higher priority). cu, Adrian [1] http://nm.debian.org [2] http://lists.debian.org/debian-newmaint-discuss-0011/msg00103.html -- A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi
Re: RFC: Changing the NM system
On Sat, 16 Dec 2000, Christian Kurz wrote: > Hi, Hi Christian, >... > > package this is sometimes enough to pass the "Tasks & Skills" test (e.g. > > Well, do yo have some other examples too? I think one example is nice, > but some others would be good to have. E.g. http://lists.debian.org/debian-newmaint-discuss-0011/msg00018.html http://lists.debian.org/debian-newmaint-discuss-0012/msg00088.html Please note: I don't say that these applicants shouldn't become Debian developers at all. I do only doubt they are already skilled enough. >... > > - A developer can make an upload for every single package in Debian. > > We trust him that he doesn't do any harm. > > Do you want a system where you can only upload packages where you are > the Maintainer? This would make it hard to do bugfixes and NMUs, if the > maintainer went MIA. >... No, I don't intend to change this. My point is: Someone who has a Debian account can do much harm (intentional or accidential). That's a reason why I think we should have a severe look at the work of an applicant before he gets an account. >... > > I suggest the following instead (important is the general idea, not the > > exact details): > > Someone starts working for Debian (e.g. by maintaining packages or helping > > at a port). After some months his sponsor, one of the port maintainers,... > > (or wherever the applicant participates in Debian) says that he does good > > work (e.g. high quality packages, quick reaction at bug reports,...) and > > Well, I think this should be also based on the decision of the person > itself and not only be a decision of the sponsor. They both should make That's clear (and covered by "not the exact details"). > this decision. But then you need to make sure that the sponsors have a > good knowledge about the debian build system and are qualified to make a > judgement about a package. That's one reason why I suggest the following: > > suggests to the NM team that he should become a Debian account. The NM > > team (perhaps the current NM-Committee plus other interested Debian > > developers) then looks critical at the work of the applicant, makes a > > "Philosophy and Procedures" check,... and discusses and decides whether > > the applicant will be a valuable gain for the project. > > Interesting idea. >... > Ciao > Christian cu, Adrian -- A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi
Re: RFC: Changing the NM system
On Sat, 16 Dec 2000, Christian Kurz wrote: >... > > > > suggests to the NM team that he should become a Debian account. The NM > > > > team (perhaps the current NM-Committee plus other interested Debian > > > > developers) then looks critical at the work of the applicant, makes a > > > > "Philosophy and Procedures" check,... and discusses and decides whether > > > > the applicant will be a valuable gain for the project. > > Well, this would still mean that you either need a list of predfined > criteria, which will be a bad thing and also create new problems. Or you > need to depend on the NM-comittee and believe that they make the right > decisions. I think this is a part of the current NM process that needs > no change as it's working fine. Only a bit more sponsorship and a bit The current system is: Only two people (the NM of the applicant and the DAM) decide whether an applicant gets his account. That's different from a NM-comittee with more people that makes a decision. > more careful task&skill test would be helpful. Yes, and the main point of my proposal is: An applicant doesn't get his account before he had worked some months for Debian. This lets us judge on his whole work (e.g. his knowledge about packaging, how he handles bugs,...). > Ciao > Christian cu, Adrian -- A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi
Re: RFC: Changing the NM system
On Sun, 17 Dec 2000, Cord Beermann wrote: > >No, I don't intend to change this. My point is: Someone who has a Debian > >account can do much harm (intentional or accidential). That's a reason why > >I think we should have a severe look at the work of an applicant before he > >gets an account. > > I think that it's also important to look that the existing > Debian-Maintainers (no matter how they got into the official part of > the project) do the work that is now expected from the NMs. > > When i look into the BTS, i see a lot of bugs, that are somehow fixed, > but not closed, or bugs where no one has touched them for years. > (not even 'wontfix' or 'moreinfo' -actions.) > > It's wrong to let NM run through a long procedure, and on the other > side old maintainers disappear (or stop working on their Package) and > nobody cares. That's another point I'm thinking of as a part of QA work: Setting up rules how to take packages and/or delete the Debian account of a member of Debian. But that's another discussion I (or someone else) will start in the future. > Cord cu, Adrian -- A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi
Re: RFC: Changing the NM system
On 17 Dec 2000, Chuan-kai Lin wrote: >... > without being a maintainer" and everything comes to a halt. The > goals I stated for joining Debian includes: work on the Chinese > translation of w.d.o and help with QA work for Chinese-specific > packages. Okay, enough for background information... I haven't seen you doing any QA work until now. Did I miss something (I can't remember having heard anything from you at the debian-qa mailing list) or what are the reasons why you didn't start working on what you want to do if this is one of the main goals of your Debian work? > > Another important thing: We trust every single developer: > > - We trust him when he signs the GPG key of a prospective developer. > > - A developer can make an upload for every single package in Debian. > > We trust him that he doesn't do any harm. > > - Every Debian developer represents Debian (e.g. at exhibitions). > > I believe that you must be very happy to know that Debian trusts > lots of people who are not developers/maintainers. For example, I > now have write access to the w.d.o CVS tree through the chinese > account, which I got in May, to work on Chinese translations. And > if you read the first paragraph of my post carefully, even the DAM > think there is nothing wrong with it. It is official: packaging is > the only sexy part of Debian, and we cannot care less if it is some > Random J. Dummy authoring web contents for us. Where in my mail do you read that I say "official" that translations and WWW pages aren't important??? I wrote in the mail you quoted in another place you didn't quote: "Someone starts working for Debian (e.g. by maintaining packages or helping at a port)". I had two examples in the brackets and I said "e.g." because there are many other examples of important work for Debian (e.g. translations, boot-floppies,...) I can't give a complete list of. > Note: this is not a personal critic to Anthony Fok, the one who > supplied me with the access and is now acting as my AM. It is not > his fault -- it is the system that needs to change. What do you want to get changed? [1] already says that there are other possibilities than maintaining packages to become a developer. What I want to get changed is e.g. with the following that stands at [1]: B. Skills What is required of the applicant will depend on what task is to be done. The applicant must provide assurance that they can, in fact, do the job for which they have volunteered. The following are examples only, and can be modified as the Application Manager (AM) and the applicant see fit, so long as the required skills are demonstrated. ... B. Documentation: The applicant may demonstrate skills in this area by producing a man page for a package that doesn't have one; by editing a current document to bring it up-to-date; or by producing other documentation required but missing from the distribution. ... When reading it you see that writing a single manual page is enough for passing the current "Tasks & Skills" check to become a Debian developer. Sorry, but I can't resist calling this kind of skills check a joke! > -- Chuan-kai Lin cu, Adrian [1] http://www.debian.org/devel/join/nm-step4 -- A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi
Re: RFC: Changing the NM system
On Sun, 17 Dec 2000, Christian Kurz wrote: > Well, what you propose here is an an removal of a debian developer and I > don't think this should be so easy as you describe it. We should be able > to have a checklist and if some checks fail delete his debian account. > If someone is really MIA and won't come back, we should only disable > first his account, so that he needs to contact us again, to show that he > has again enough time for debian, but an exclusion should only happen > after a vote, so that either the majority of developers agreed or not. > > About the take-over of a package, have you read the nice document on > qa.debian.org, that Raphael Hertzog and I wrote some time ago, to take > care of this situation? We already have some guidelines, but they are > just not used. :( So there's no real need to invent the wheel again, but > to take the current situation and documents and apply them to debian. I've seen these not yet used guidelines for taking over packages and I don't want to take the account of a member of Debian "easy". But I don't want to start this discussions before the NM discussion has shown results - one big discussion at a time is enough. > Ciao > Christian cu, Adrian -- A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi
Re: RFC: Changing the NM system
... > > When reading it you see that writing a single manual page is enough for > > passing the current "Tasks & Skills" check to become a Debian developer. > > Sorry, but I can't resist calling this kind of skills check a joke! > > Ahem, I have seen Chuan-kai's packaging and bug-fixing skills. Chuan-kai > didn't only translate web pages. > > Or perhaps you weren't referring to the my check of Chuan-kai's skill as a > "joke". Nonetheless, I see two ideals at work here, and finding the balance I asked Chuan-kai what he meant with "it is the system that needs to change" and I explained what I want to get changed. Sorry if this was ambiguous, but I didn't wanted to judge about your skills check of Chuan-kai in this sentence, it was a general remark about the NM system. > may be difficult: > > 1. Raising the NM entry requirement in order to improve Debian's quality. > Which is a very good thing. > > 2. Raising the threshold too high, or even just the perceived notion, > whether justified or not, that many NMs are unskilled, could make > Debian more and more like an elitist society. > > I am quite satisfied with the current NM process. Of course, there is > always room for improvement, and hence the recent discussions. Ensuring the > new maintainer possesses sufficient skills is a good thing, but we must be > careful not to overdo it. I agree with this sentence. I'm not 100% satisfied with the current NM process but I see there won't be a consensus for my proposal. All I want to achieve is to get a sufficient skills check. > As for me, I am just glad that I became a Debian developer over 3 years ago, > long before this was even an issue. > > Cheers, > > Anthony cu, Adrian -- A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi
Re: [PROPOSAL] Allowing crypto in the main archive
On Wed, 10 Jan 2001, Wichert Akkerman wrote: >... > Non-free programs with cryptographic program code need to be stored > on the "non-us" server because of export restrictions of the U.S. So for the export restrictions only a "non-US/non-free" will be needed. > Programs which use patented algorithms that have a restrictied > license also need to be stored on "non-us", since that is location > on a site where it is not allowed to patent algorithms. >... That means if you use an algorithm that is patented in Germany the package will be in non-us? You better rename this "non-US" to "patented/main" and add the other needed "patented/contrib", "patented/non-free" and "patented/non-US/non-free". > Wichert. cu, Adrian -- A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi
Re: [PROPOSAL] Allowing crypto in the main archive
On Thu, 11 Jan 2001, Wichert Akkerman wrote: > > So for the export restrictions only a "non-US/non-free" will be needed. > > crypto export restrictions, yes. Right. > > > That means if you use an algorithm that is patented in Germany the package > > will be in non-us? You better rename this "non-US" to "patented/main" and > > add the other needed "patented/contrib", "patented/non-free" and > > "patented/non-US/non-free". > > Why rename it? That's not needed at all. Your "non-US/non-free" and "non-US" will include completely different things and many people will confuse them. And your "non-US" doesn't really has anything to do with the US. Your policy change implies that even a program that's only patented in let's say Germany but not in the USA will have to go to "non-US". > Wichert. cu, Adrian -- A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi
Re: [PROPOSAL] Allowing crypto in the main archive
On Wed, 10 Jan 2001, Wichert Akkerman wrote: >... >Programs which use patented algorithms that have a restrictied >license also need to be stored on "non-us", since that is located >in a country where it is not allowed to patent algorithms. >... Any examples of such countries? > If this proposal gets accept it means Debian also shoud: > * notify the US government that we have a FTP site that distributes > crypto software. > * add a legal welcome message to our FTP site that informs people > about the regulations regarding crypto software. This also means > we will not be consciously exporting crypto to the 7 blacklisted > countries * Tell all the FTP mirrors of non-US that must of them are no longer allowed to ship non-US (e.g. ftp.de.debian.org is located in Germany where it's not 100% forbidden to patent algorithms). >... > Wichert. cu, Adrian -- A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi
Re: [PROPOSAL] Allowing crypto in the main archive
On Thu, 11 Jan 2001, Wichert Akkerman wrote: > Previously Marco d'Itri wrote: > > But is it non-US/main or non-US/non-free? > > non-US/main, since the license to the software itself is free. But if I don't misunderstand chapter 7 (and 8) of the GPL a program licenced under the GPL that is threatened by a patent may no longer be DFSG-free. > Wichert. cu, Adrian -- A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi
Re: potato and kernel 2.4
On Fri, 2 Mar 2001, Justin Hibbits wrote: > Hello, Hi Justin, > Is Debian Potato kernel 2.4 ready? What updates do I need to make to It's most likely you have to upgrade at least modutils. > upgrade to 2.4? See [1] for more information. > Justin Hibbits cu Adrian [1] http://www.fs.tum.de/~bunk/kernel-24.html -- Nicht weil die Dinge schwierig sind wagen wir sie nicht, sondern weil wir sie nicht wagen sind sie schwierig.
Re: Next version of Debian
On Mon, 14 May 2001 [EMAIL PROTECTED] wrote: > Hello, > > I'd like to know when the next stable version of Debian will be ready ? Hopefully this year. > Which will be the kernel of this version ? (the 2.4 ?) It will include both 2.2 and 2.4 kernels. > Which version of XFree will be used ? (the 4 ?) It will include XFree86 version 4 (but also version 3 because XFree86 version 4 doesn't support all cards that were supported in version 3). > Thanks and sorry for my english > @+ cu Adrian -- Nicht weil die Dinge schwierig sind wagen wir sie nicht, sondern weil wir sie nicht wagen sind sie schwierig.
Re: Processed: Re: Bug#122859: project: gnucash seems to be missing dependencies
On 10 Dec 2001, John Goerzen wrote: > I really don't think there's anything I can do about this bug. It's > reported against gnucash 1.3.x. Gnucash 1.6.x is in sid now. I don't > know why it's not in woody (if it's not). Let me know if there's > anything I can do to help that along (perhaps submitting a bug with > specific details). gnucash was removed from woody. update_excuses [1] says: * gnucash (- to 1.6.4-3) + Maintainer: John Goerzen + 18 days old (needed 2 days) + out of date on alpha: gnucash (from 1.6.1-4) + out of date on arm: gnucash (from 1.6.1-4) + gnucash/i386 unsatisfiable Depends: libguppi13 [] + out of date on ia64: gnucash (from 1.6.1-5) + out of date on m68k: gnucash (from 1.6.1-4) + out of date on mips: gnucash (from 1.6.1-5) + out of date on mipsel: gnucash (from 1.6.1-5) + gnucash/powerpc unsatisfiable Depends: libguppi11 (>= 0.35.5) [] + gnucash/s390 unsatisfiable Depends: libguppi11 (>= 0.35.5) [] + out of date on sparc: gnucash (from 1.6.1-5) + Not considered After looking at the logs of the failed builds at [2] it seems that there's a build problem related with guppi. > -- John cu Adrian [1] http://ftp-master.debian.org/testing/update_excuses.html [2] http://buildd.debian.org/build.php?arch=&pkg=gnucash -- Get my GPG key: finger [EMAIL PROTECTED] | gpg --import Fingerprint: B29C E71E FE19 6755 5C8A 84D4 99FC EA98 4F12 B400
Re: Processed: Re: Bug#122859: project: gnucash seems to be missing dependencies
On 10 Dec 2001, John Goerzen wrote: > Adrian Bunk <[EMAIL PROTECTED]> writes: > > > After looking at the logs of the failed builds at [2] it seems that > > there's a build problem related with guppi. > > Yes. I believe this is a bug in guppi (see #122297, #123222). And before this bug in guppi is fixed and gnucash can be compiled on all architectures it was ever built gnucash can't go back into woody - that's the way how testing works. BTW: guppi should be fixed in the near future or Debian 3.0 won't ship gnucash. cu Adrian -- Get my GPG key: finger [EMAIL PROTECTED] | gpg --import Fingerprint: B29C E71E FE19 6755 5C8A 84D4 99FC EA98 4F12 B400
Re: unauthorized upload of xfree86 4.3.0-1 to unstable
On Tue, Feb 03, 2004 at 03:31:46PM -0500, Branden Robinson wrote: > On Thu, Jan 29, 2004 at 08:55:38PM +0100, Joachim Breitner wrote: > > I think you got me wrong (quite possible, considering my language). In > > fact, that is what I wanted to say: he should rely on trust, and not > > install fixed rules or technical measures to prevent things like that. > > Would it be so bad if dinstall rejected uploads that appeared to be NMUs > but didn't identify themselves as such in the changelog? > > (Figuring out whether the version number was NMU-policy-compliant would > be more difficult, but probably not impossible.) Whether a NMU version number is NMU-policy-compliant is perhaps a bit more difficult, but a version number is a NMU version number if and only there's a Debian revision that contains a dot [1]. cu Adrian [1] Yes, according to your Developer's Reference there's a Debian revision in the version number of a NMU for a native package. -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: unauthorized upload of xfree86 4.3.0-1 to unstable
On Thu, Jan 29, 2004 at 01:08:19PM +1100, Daniel Stone wrote: >... > I did, however, state that I felt that 4.3.0-1 was by far the superior > base to work from in sid, for a number of reasons (not least that > propagation to sarge would put the XSF in the position of having to > maintain two codebases, not three). > > > Organizationally, we have more experience with single-maintainer > > packages, and I think we have to evolve a bit with respect to team > > maintenance a bit more. Fundamentally, I think team-maintenance of > > packages has to be grounded on mutual trust among the members of the > > team. I personally feel that my trust was betrayed in this situation. > > If you think I should not feel this way, please explain why. > > I think another issue Branden was possibly trying to raise - that we > was raised privately - is the team-maintainership model where you have a > leader/follower(s), and whether that needs to be formalised, if/when the > follower(s) can disobey the leader, et al. XSF was very much > leader/follower, as you can see here, as opposed to models of other > teams, which are very much equal/meritorious. The main question is not whether XFree86 4.3.0 should enter unstable now or whether it should stay in experimental for the near future [1]. The question is whether the way you acted was right or wrong. It seems abvious that Branden is (no matter whether it's formalised or not) the leading developer of the Debian XFree86 packages. Branden is the leader and doing an upload of a new major release without his OK is definitely not a good thing. It might be non-pleasing, but if you disagree with the leading Debian XFree86 developer, it might be similar to the case when someone disagrees with Linus Torvalds in questions regarding the Linux kernel... That said, and although I's say that I don't agree with Branden in all areas, my impression is that it should possible to work together with him, and if the question isn't "Should XFree86 4.3.0 enter unstable now?" but instead "What's missing until everyone (including Branden) considers XFree86 4.3.0 to be ready for unstable?" might lead to constructive work like Nathanaels' checking of the 4.2.1 patches and a solution that's acceptable for everyone. > Daniel Stone<[EMAIL > PROTECTED]> cu Adrian [1] I'd personally prefer XFree86 4.3.0 in unstable now. -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Re-distributing Debian
On Fri, Feb 27, 2004 at 04:15:20PM -, Robin Imrie wrote: > Dear Sir/Madam, > > We are about to start developing some software which will run on Linux. The > product which we sell to our customers will include the hardware, os (Linux) > and our software all pre-installed and ready to go. Any support would be > handled by us. If we were to install the parts of Debian Linux that we > required for our product what would the licensing issues be if any. i.e. > would we have to by a copy of Debian Linux for each unit we ship? Debian GNU/Linux is free - it's impossible to buy a copy (you can only buy CDs at various distributors if you don't want to download Deian GNU/Linux from the Internet). You can use, copy and redistribute Debian GNU/Linux as often as you want. The only restiction is that several programs inside Debian GNU/Linux (including the Linux kernel) require that if you ship binaries for these programs, you have to give the people you give/sell the binaries the complete source code of the program including the right to modify and/or redistribute this software. Note that this only affects these programs, it doesn't affect your own applications. The only exception of the above are some programs in the non-free part of the Debian ftp archive that e.g. don't allow redistribution. > Regards > > Robin Imrie cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Screw non-free.
On Mon, Mar 15, 2004 at 05:47:25PM -0500, Clint Adams wrote: > > To our users who were used to quality packages from accountable > > maintainers even if the software wasn't 100% DFSG-compliant: bummer, man. > > Out of date in non-free by arch > --- > alpha 72 > arm78 > hppa 72 > i3866 > ia64 67 > m68k 59 > mips 101 > mipsel103 > powerpc53 > s390 81 > sparc 80 > > Many packages in non-free haven't had consistent versions across all > architectures in over two years. That's not a fault of the maintainers and doesn't say anything about the quality of the packages. The buildds currently ignore non-free packages. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Screw non-free.
On Wed, Mar 17, 2004 at 02:11:22PM -0500, Branden Robinson wrote: > On Tue, Mar 16, 2004 at 12:45:50PM +0100, Adrian Bunk wrote: > > On Mon, Mar 15, 2004 at 05:47:25PM -0500, Clint Adams wrote: > > > > To our users who were used to quality packages from accountable > > > > maintainers even if the software wasn't 100% DFSG-compliant: bummer, > > > > man. > > > > > > Out of date in non-free by arch > > > --- > > > alpha 72 > > > arm78 > > > hppa 72 > > > i3866 > > > ia64 67 > > > m68k 59 > > > mips 101 > > > mipsel103 > > > powerpc53 > > > s390 81 > > > sparc 80 > > > > > > Many packages in non-free haven't had consistent versions across all > > > architectures in over two years. > > > > That's not a fault of the maintainers > > The users don't care whose fault it is. That's an issue that needs to be resolved. My point was that these packages are not out of date because of bugs in the source packages. > > and doesn't say anything about the quality of the packages. > > That is only true if updates to package in non-free seldom or never > feature bugfixes. Do you know that to be the case? For me the quality of a package lies mostly in the source package. E.g. I wouldn't consider an XFree86 package to be of low quality if it was out of date beacuse there was no working i386 autobuilder for some time. > > The buildds currently ignore non-free packages. > > How do you propose to rectify or work around that? Will passing Anthony > Towns's proposed amendment automatically rectify it? > > If not, shouldn't we have a plan in place for concretizing our > reaffirmed support for non-free? That's a question ajt has to answer. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Screw non-free.
On Thu, Mar 18, 2004 at 12:28:59PM +, Colin Watson wrote: > > I've started occasionally building powerpc non-free packages with a > private sbuild installation (I should set up buildd too, but haven't got > round to it). It's relatively slow work since I need to check the > copyright files first, though. >... Are there any packages in non-free that don't allow rebuilding? > Colin Watson [EMAIL PROTECTED] cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Screw non-free.
On Thu, Mar 18, 2004 at 08:51:28PM +0100, Giacomo A. Catenazzi wrote: > Adrian Bunk wrote: > >On Thu, Mar 18, 2004 at 12:28:59PM +, Colin Watson wrote: > > > >>I've started occasionally building powerpc non-free packages with a > >>private sbuild installation (I should set up buildd too, but haven't got > >>round to it). It's relatively slow work since I need to check the > >>copyright files first, though. > >>... > > > > > >Are there any packages in non-free that don't allow rebuilding? > > I think in principle yes. I.e.: > > - non rebuildable binaries packages (binary only packages) > - packages with license that don't allow you to redistribute modified binary > (pine and mozilla are nearly at this level) Mozilla??? > - packages that don't allow you to modify sources, and with actual buggy > sources > (not buildable with out libs, with 64-bit archs, with non popular archs, > ..) > > Technically only point 2 are not really rebuildable, but you should check > the other two cases, or you will loose time and resources. Time and resources are not a problem. It seemed I didn't express clear enough what I was asking for: A package was built by the maintainer for one architecture. Can I be sure, that the licence allows rebuilding it on another architecture? Your point 1 is not an issue, an Architecture: i386 (or whatever) in the control file handles it. Your point 2 isn't a problem concerning my question, since in the case in question the same source package was already built on another architecture. Your point 3 might be a problem, but not a problem that prevents setting up autobuilders. My main point was whether there would be legal problems to set up autobuilders for contrib and non-free if support of non-free will be re-affirmed (obviously not using the same chroots as the normal autobuilders since this might pollute building packages in main). Currently redistribution via ftp is required for packages in non-free. Perhaps the right to rebuilt a package on other architectures might be an additional constraint that should be set on non-free? > ciao > cate cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Screw non-free.
On Fri, Mar 19, 2004 at 01:36:44AM +1000, Anthony Towns wrote: > On Thu, Mar 18, 2004 at 11:55:56AM +0100, Adrian Bunk wrote: > > > > The buildds currently ignore non-free packages. > > > How do you propose to rectify or work around that? Will passing Anthony > > > Towns's proposed amendment automatically rectify it? > > > If not, shouldn't we have a plan in place for concretizing our > > > reaffirmed support for non-free? > > That's a question ajt has to answer. > > Eh? Reaffirming a commitment doesn't mean increasing it. I can't see > any reason why we'd be obliged to change anything should the resolution > I proposed pass; and the "concrete plan" for reaffirming support for > non-free is as simple as that: not changing things. >... "not changing things" is effectively a removal of non-free: Some bug-free contrib and non-free packages are waiting for more than one year to enter testing since they were not rebuilt on all architectures. If support for Debian is re-affirmed, there needs to be some action like e.g. setting up separate buildds for contrib and non-free. > Cheers, > aj cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Screw non-free.
On Fri, Mar 19, 2004 at 12:55:23PM +1000, Anthony Towns wrote: > On Thu, Mar 18, 2004 at 09:39:50PM +0100, Adrian Bunk wrote: > > A package was built by the maintainer for one architecture. > > Can I be sure, that the licence allows rebuilding it on another > > architecture? > > Not without reading the license, no. Apparently there've been packages > like this in the past -- ie, ones that you specifically can't build on > some architectures. No idea if there are any currently. If support for non-free is re-affirmed, it would be a possibility to review these licences, and to e.g. define that packages that are not allowed to be rebuilt may not list more than one architecture in their Architecture field. > Cheers, > aj cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Screw non-free.
On Sat, Mar 20, 2004 at 12:47:52AM +, Colin Watson wrote: > On Fri, Mar 19, 2004 at 10:47:25AM +0100, Adrian Bunk wrote: > > "not changing things" is effectively a removal of non-free: > > > > Some bug-free contrib and non-free packages are waiting for more than > > one year to enter testing since they were not rebuilt on all > > architectures. > > File ftp.debian.org bugs to have the binaries for the lagging > architectures removed. At least one ftpmaster has told me he's quite > willing to do this for non-autobuilt sections, and has done so several > times in the past. Considering the numbers that started this discussion, this would mean ftp.debian.org bugs for over 100 packages. I can do this, but is this huge amount of manual work for both the bug submitter and the ftpmasters really the best solution? > Colin Watson [EMAIL PROTECTED] cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Screw non-free.
On Sun, Mar 21, 2004 at 12:16:27PM -0500, Branden Robinson wrote: > On Fri, Mar 19, 2004 at 12:55:23PM +1000, Anthony Towns wrote: > > On Thu, Mar 18, 2004 at 09:39:50PM +0100, Adrian Bunk wrote: > > > A package was built by the maintainer for one architecture. > > > Can I be sure, that the licence allows rebuilding it on another > > > architecture? > > > > Not without reading the license, no. Apparently there've been packages > > like this in the past -- ie, ones that you specifically can't build on > > some architectures. No idea if there are any currently. > > A similar example was the xforms widget library. In that case, it > wasn't that the license didn't allow recompiling, it's that you > *couldn't* recompile because the source wasn't available. > > As I recall, xforms got built for ia64 in time for the woody release > because Progeny contacted the authors, and were sent a copy of the > source code to compile it on one of their ia64 machines. >... XForms was binary-only, and therefore recompiling wasn't possible. The control file explicitely listed the architectures that were supported, and the source package shipped the binaries for these architectures. The main question in this discussion is whether there might be possible legal issues for someone who'd set up a buildd for non-free, and in this context the old XForms wouldn't have been a problem. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Re: Potential BTS improvements
On Thu, Mar 25, 2004 at 02:04:22PM -0500, Raul Miller wrote: >... > [2] Instead of simply opening and closing a bug, we should track which > releases the bug appeared in, and which releases it's fixed in. Some of >... > Comments? Note that this requires (besides the technical infrastructure) additional work by the maintainers: Example: Segfault reported against the version in unstable. Bug fixed in unstable. Is the ancient version of this package in testing affected? I'm not saying that version tracking is useless, but to be usefull it requires additional work by the maintainers. > Thanks, > Raul cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
(Lack of) GDPR compliance in Debian
This email is about the EU GDPR (General Data Protection Regulation), and any use of "data" below refers to personal data of people covered by the GDPR. Two years ago the outgoing DPL announced that our Data Protection Team has a relationship with a GDPR lawyer.[1] Out of curiousity I started looking at various aspects of GDPR compliance in Debian, and what I saw in the Privacy Policy[2] made me worry that the lawyer has not yet been involved enough in ensuring that privacy in Debian reaches at least the minimum level defined by law. What kind of consent is required and requested for infinite storing of data in archives of public mailing lists? What kind of consent is required and requested for infinite storing of data in archives of private mailing lists? Does this also apply to highly sensitive data revealing for example sexual orientation or political opinions? What about people who have never submitted any data themselves to Debian, and have never in any other way consented that Debian stores personal data about them? How is the right to withdraw the consent to storing data implemented? How are people being informed when data about them gets stored in the archives of public mailing lists? How are people being informed when data about them gets stored in the archives of private mailing lists? Who has access to data, and for what purposes might data be used? Where is data being stored? If data is being stored outside the EU, how is legal compliance ensured? The rights are not stated, like the right to lodge complaints with a supervisory authority. What natural or legal entity is the identity of Debian? Debian is a joint controller of data handled by external subcontractors like Outreachy on behalf of Debian. Debian is a joint controller of data processed or stored by teams or individual team members. Teams or team members of teams like for example the Debian Community Team, the Debian Account Managers or the Debian System Administration team are storing data on behalf of Debian that is currently not listed in the Privacy Policy. Is such data currently being included when people request a copy of all data about them from Debian? What is the data retention period for such data? Does Debconf have a privacy policy? I didn't find one when searching on the webpage. It is not even clear whether Debconf is legally a part of Debian or a separate entity. In addition to the embarrassment that privacy handling in Debian is not even reaching the minimum bar defined by law, Debian risks both penalies of up to 20 Million Euro and compensation claims when not complying with the GDPR. Properly defined policies and processes also make it easier to provide the data when people request from Debian a copy of all data about them. IANAL and it is more likely than not that not everything I wrote above is not correct. This is something the Debian Data Protection Team should review together with their GDPR lawyer, who will surely point out where I might be wrong. cu Adrian [1] https://lists.debian.org/debian-project/2020/06/msg00051.html [2] https://www.debian.org/legal/privacy
Re: (Lack of) GDPR compliance in Debian
On Sat, Mar 12, 2022 at 02:46:02PM +0100, Bastian Blank wrote: > Hi Adrian Hi Bastian, > On Sat, Mar 12, 2022 at 01:27:03AM +0200, Adrian Bunk wrote: >... > > Does this also apply to highly sensitive data revealing for example > > sexual orientation or political opinions? > > We don't process those data AFAIK. Can you please share where you see > us doing that? > > > What about people who have never submitted any data themselves to > > Debian, and have never in any other way consented that Debian stores > > personal data about them? > > Where do you see this? >... > > How are people being informed when data about them gets stored in the > > archives of public mailing lists? > > How are people being informed when data about them gets stored in the > > archives of private mailing lists? > > By the virtue of them sending an e-mail to it. That's the same as the > question: am I allowed to store e-mails sent to me personaly. I started thinking about this topic a year ago during the RMS GR, thinking about the legal implications if he was living in the EU. The way Debian is handling storing personal data including political opinions of RMS that were sent by other people would not be complicant with the GDPR. > > What natural or legal entity is the identity of Debian? > > I believe this is SPI for most parts. SPI holds many contracts for > Debian. There is also a ticket open, because I believe SPI needs a EU > representative as data controller, Art. 27 GDPR. > > > In addition to the embarrassment that privacy handling in Debian is not > > even reaching the minimum bar defined by law, Debian risks both penalies > > of up to 20 Million Euro and compensation claims when not complying with > > the GDPR. > > No, Debian does not, as Debian is not an entity. Is it SPI that is liable for penalies of up to 20 Million Euro and compensation claims, or is it individual team members who are personally liable for penalies of up to 20 Million Euro and compensation claims? If this is unclear, the easiest way for anyone who wants to take legal action is to target a natural person. >... > Bastian cu Adrian
Re: security tracker vulnerable versions
On Mon, Mar 21, 2022 at 12:33:46PM +, Zuzej, Kerstin wrote: > Dear Debian Team, > > via the security-tracker Debian provides information about the vulnerable and > fixed package versions. > However, I wanted to ask if the named vulnerable version is the version where > the vulnerability was first identified or if it is the lowest number of a > vulnerable package. It shows the vulnerability status of the latest packages currently available in a supported Debian suite. > Example: > https://security-tracker.debian.org/tracker/CVE-2022-0330 > buster > > 4.19.208-1 > > vulnerable > > fixed in 4.19.232-1 > > Is the vulnerability from >= 4.19.208-1 and < 4.19.232-1 > Or is every version lower then the fixed version vulnerable (< 4.19.232-1) >... This distinction is irrelevant for what is supported by Debian, and therefore not tracked in the Debian security tracker. > Kind regards. > Kerstin Zuzej cu Adrian
Re: We need to define a path for Debian to climate neutrality
On Fri, Apr 08, 2022 at 08:35:27PM +0200, Julian Andres Klode wrote: > Hi > > it just occurred to me that despite the climate crisis about to > destroy us all we don't really have anything in place to monitor > and reduce our carbon emissions. > > I believe we need to commit ourselves to reducing this, but I fear > the only way this could happen is via a general resolution amending > the constitution for climate goals, so it becomes binding. I do have a problem with your approach of demanding strong action. Combined with your refusal to apply it where it might not be convenient for you. Your principles do not matter much when you are demanding something from other people. Your principles do matter when they are inconvenient for YOU. >... > # Actions >... > Budget: We need to determine our current CO2 emissions as a project, > and then define a roadmap to carbon neutrality by an acceptable date, > I think 2035 or 2040 are commonly referenced. If your goal is only carbon neutrality in 2035 or 2040, there is no discussion required from us before 2030. If your roadmap should already include short-term reductions, an obvious low-hanging fruit will be not to cause hundreds of people from all over the world to fly to India in 2023. >... > # Things out of our control > > I think individual travel to DebConf and similar events is somewhat > out of our control, as is the personal behavior of individual > submitters. Debian paying for plane travel is 100% inside the control of Debian. A policy that Debian no longer pays for plane travel would be an obvious first step. Abolishing DebConf bursaries for plane travel would not even require a general resolution. How to hold conferences is also completely inside the control of Debian. It would not even require a general resolution for the DebConf team to decide that DebConf is no longer held in-person to reduce our carbon emissions. A "binding general resolution amending the constitution for climate goals" implies abolishing support by Debian for in-person conferences.[1] Otherwise it would be like the deplorable corporate greenwashing practices by deplorable managers who are claiming to support climate goals while refusing to take any action that might reduce their profits. cu Adrian [1] An exemption for already confirmed DebConfs might be appropriate.
