Re: How to leverage money to accomplish high impact Debian projects
Louis-Philippe Véronneau writes: > On 2021-03-22 16 h 43, Didier 'OdyX' Raboud wrote: >> Le vendredi, 19 mars 2021, 17.49:54 h CET Louis-Philippe Véronneau a écrit : >>> On 2021-03-19 08 h 02, Raphael Hertzog wrote: > I've been telling a few people last month that I would really liked to > have an Enterprise Edition Online MiniDebConf, unfortunately I don't > have any time/energy to instigate that currently. Something for a Debian fellow that we could hire ;-) >>> >>> I for one would be less motivated to help with videoteam tasks if I knew >>> someone was paid to organise a miniconf. >> >> Would your motivation also be affected if an individual was paid only for a >> specific task that noone in the team found particularily interesting to do? >> >> (I don't know much about how the videoteam works, so I don't know if that's >> a >> good example, but let's see…) For example, what if someone (paid) handled >> the >> storage and timely shipping of all the hardware, as well as the actual >> ordering of new hardware, leaving the (what I assume is the more interesting >> part) configuring, design and conception of the system to volunteers? > > I'm not opposed to paid labor per-say. I think the previous examples of > Debian paying TOs to do accounting is a good one. > > So to answer your question, I wouldn't be opposed if we contracted an > enterprise to handle our gear for us. > > I don't think it's something particularly fun to do and I see that more > as an administrative task, akin to accounting. > > "Organising a miniconf" isn't though. Is there a fundamental difference between paying someone to do "non-fun administrative tasks" like accounting, and paying someone to help out with orphaned/RFA'd packages (cf. Christian Kastner's recent "How to motivate contributors to work on QA" question)? It seems to me, to some extent, that a package that is orphaned or RFA'd is per definition "not fun enough" for a volunteer to work on. Best, Gard signature.asc Description: PGP signature
Re: How to leverage money to accomplish high impact Debian projects
Jonas Smedegaard writes: > Quoting Gard Spreemann (2021-03-23 16:18:10) >> >> Louis-Philippe Véronneau writes: >> >> > On 2021-03-22 16 h 43, Didier 'OdyX' Raboud wrote: >> >> Le vendredi, 19 mars 2021, 17.49:54 h CET Louis-Philippe Véronneau >> >> a écrit : >> >>> On 2021-03-19 08 h 02, Raphael Hertzog wrote: >> >>>>> I've been telling a few people last month that I would really >> >>>>> liked to have an Enterprise Edition Online MiniDebConf, >> >>>>> unfortunately I don't have any time/energy to instigate that >> >>>>> currently. >> >>>> >> >>>> Something for a Debian fellow that we could hire ;-) >> >>> >> >>> I for one would be less motivated to help with videoteam tasks if >> >>> I knew someone was paid to organise a miniconf. >> >> >> >> Would your motivation also be affected if an individual was paid >> >> only for a specific task that noone in the team found particularily >> >> interesting to do? >> >> >> >> (I don't know much about how the videoteam works, so I don't know >> >> if that's a good example, but let's see…) For example, what if >> >> someone (paid) handled the storage and timely shipping of all the >> >> hardware, as well as the actual ordering of new hardware, leaving >> >> the (what I assume is the more interesting part) configuring, >> >> design and conception of the system to volunteers? >> > >> > I'm not opposed to paid labor per-say. I think the previous examples >> > of Debian paying TOs to do accounting is a good one. >> > >> > So to answer your question, I wouldn't be opposed if we contracted >> > an enterprise to handle our gear for us. >> > >> > I don't think it's something particularly fun to do and I see that >> > more as an administrative task, akin to accounting. >> > >> > "Organising a miniconf" isn't though. >> >> Is there a fundamental difference between paying someone to do >> "non-fun administrative tasks" like accounting, and paying someone to >> help out with orphaned/RFA'd packages (cf. Christian Kastner's recent >> "How to motivate contributors to work on QA" question)? >> >> It seems to me, to some extent, that a package that is orphaned or >> RFA'd is per definition "not fun enough" for a volunteer to work on. > > Accounting is a mandatory activity regardless of its fun-factor. > > Seems backwards to to me to pay for keeping packages alive that we have > lost interest in. That's a good point, I agree. What about packages that we have lost interest in, but that our users very much have not? Admittedly, I have no idea of what the cardinality of that intersection is. Or alternatively: are there hard-to-maintain packages that are highly useful to users, but where there just isn't enough interest to overcome a very high maintenance burden? Could paid work help offload the maintainer of such packages (leaving them with more of the fun parts and less of the non-fun ones)? Best, Gard signature.asc Description: PGP signature
Re: diversity
Hello, and thanks for your answers! Sruthi Chandran writes: > On 23/03/21 2:41 pm, Bart Martens wrote: >> 1/ One way of addressing this, is actively BENEFIT the underrepresented >> profiles. Positive discriminiation is needed, at least to get over an initial >> resistance. Put diversity in the spotlights, to speed up improvement. > > I define positive discrimination as giving special attention to people > from under-represented groups while not turning down people from other > groups. So I am in support for positive discrimination. Putting > diversity in the spotlight is a necessary step. I have a follow-up question: Assuming that the amount of available attention is limited(*), how does one go about doing what you suggest in practice? (*) It may well be the case that attention is not so limited in a project like Debian, in that those responsible for the attention-giving may be able to grow their "attention supply" for the laudable goal of increasing diversity. What is your view on this? Thanks! Best, Gard signature.asc Description: PGP signature
Re: Willingness to share a position statement?
Margarita Manterola writes: > On Thu, Mar 25, 2021 at 6:59 PM Roberto C. Sánchez > wrote: > >> Essentially, voting in this GR is implicitly >> compulsory and there is only one correct way to vote. > > > Also not true. The GR is to vote whether Debian issues a statement about > this or not. If you think Debian shouldn't issue a statement about this, > that's a totally valid opinion. The point of the GR is to gauge whether the > majority of DDs think that the project should or should not issue a > statement. We won't know until the voting is over whether that's the > case. I'm very sorry if I misunderstood something (this is the first GR to come up since I joined the project, please excuse the handholding/noise), but isn't this a GR over whether or not Debian issues a *specific* statement about the matter? It puts those of us who may wish for Debian to make *a* statement, but dislike the broadness of the open letter that is under consideration for ratification, in a difficult spot. Best, Gard signature.asc Description: PGP signature
Re: General resolution: ratify https://github.com/rms-open-letter/rms-open-letter.github.io
Jonas Smedegaard writes: > Quoting Sruthi Chandran (2021-03-25 18:29:32) >> >> >> On March 25, 2021 2:24:16 AM GMT+05:30, Steve Langasek >> wrote: >> >Under 4.1.5 of the Constitution, the developers by way of GR are the >> >body who has the power to issue nontechnical statements. >> > >> >https://github.com/rms-open-letter/rms-open-letter.github.io/blob/main/index.md >> > >> >is a statement which I believe Debian as a project, and not just >> >individual Debian developers, should consider signing on to. >> > >> >This is a proposal for Debian to sign on to the statement, by >> >adopting the text from that open letter via GR. >> > >> I have an alternate suggestion. Instead of signing the said letter, >> Debian can issue a position statement similar to the one released by >> FSF Europe. [1] >> >> Will share the amended text if this idea has supporters. >> >> [1] https://fsfe.org/news/2021/news-20210324-01.html > > I would support a position letter similar to that of FSF Europe, and > appreciate if you could draft that, Sruthi. Seconded. I have big reservations about the original letter, but find the FSF Europe one much more appropriate. -- Gard signature.asc Description: PGP signature
Re: General resolution: ratify https://github.com/rms-open-letter/rms-open-letter.github.io
Sruthi Chandran writes: > On March 25, 2021 2:24:16 AM GMT+05:30, Steve Langasek > wrote: >>Under 4.1.5 of the Constitution, the developers by way of GR are the >>body >>who has the power to issue nontechnical statements. >> >>https://github.com/rms-open-letter/rms-open-letter.github.io/blob/main/index.md >>is a statement which I believe Debian as a project, and not just >>individual >>Debian developers, should consider signing on to. >> >>This is a proposal for Debian to sign on to the statement, by adopting >>the >>text from that open letter via GR. >> > I have an alternate suggestion. Instead of signing the said letter, Debian > can issue a position statement similar to the one released by FSF Europe. [1] > > Will share the amended text if this idea has supporters. > > [1] https://fsfe.org/news/2021/news-20210324-01.html Thank you for bringing up the FSF Europe statement, Sruthi! I personally have grave reservations about the original open letter, but find the FSF Europe statement much more palatable. I would support a statement that is more along these lines, but would have trouble supporting a ratification of the original open letter. Best, Gard signature.asc Description: PGP signature
Re: Amendment to rms-open-letter GR
Sean Whitton writes: > Hello, > > Seeking seconds: > > ===BEGIN > > Replace the entire text with: > > Under section 4.1.5 of the constitution, the Developers make the > following statement: > > The Debian Project echoes and supports recent calls to remove Richard > M. Stallman from positions of leadership within free software, for which > we believe him to be inappropriate. > > We are disappointed by the actions of those responsible for restoring > him to the Free Software Foundation's Board of Directors, and urge that > that decision be reversed. > > ===END Seconded. -- Gard signature.asc Description: PGP signature
Re: Amendment to GR on RMS rejoining FSF
Sruthi Chandran writes: > On 26/03/21 10:45 pm, Sruthi Chandran wrote: > > Re-sending with fixed signature and replacing twitter link with > gnusocial link. > > >> Begin text >> >> Under section 4.1.5 of the constitution, the Developers make the >> following statement: >> >> *Debian’s statement on Richard Stallman rejoining the FSF board* >> >> We at Debian are profoundly disappointed to hear of the re-election of >> Richard Stallman to a leadership position at the Free Software >> Foundation, after a series of serious accusations of misconduct led to >> his resignation as president and board member of the FSF in 2019. >> >> One crucial factor in making our community more inclusive is to >> recognise and reflect when other people are harmed by our >> own actions and consider this feedback in future actions. The way >> Richard Stallman announced his return to the board unfortunately lacks >> any acknowledgement of this kind of thought process. We are deeply >> disappointed that the FSF board elected him a board member again despite >> no discernible steps were taken >> by him to be accountable for, much less make amends for, his past >> actions or those who have been harmed by them. Finally, we are also >> disturbed by the secretive process of his re-election, and how it was >> belately conveyed [0] to FSF’s staff and supporters. >> >> >> We believe this step and how it was communicated sends wrong and hurtful >> message and harms the future of the Free Software movement. The goal of >> the software freedom movement is to empower all people to control >> technology and thereby create a better society for everyone. Free >> Software is meant to serve everyone regardless of their age, ability or >> disability, gender identity, sex, ethnicity, nationality, religion or >> sexual orientation. This requires an inclusive and diverse environment >> that welcomes all contributors equally. Debian realises that we >> ourselves and the Free Software movement still have to work hard to be >> in that place where everyone feels safe and respected to participate in >> it in order to fulfil the movement's mission. >> >> >> That is why, we call for his resignation from all FSF bodies. The FSF >> needs to seriously reflect on this decision as well as their >> decision-making process to prevent similar issues from happening again. >> Therefore, in the current situation we see ourselves unable to >> collaborate both with the FSF and any other organisation in which >> Richard Stallman has a leading position. Instead, we will continue to >> work with groups and individuals who foster diversity and equality in >> the Free Software movement in order to achieve our joint goal of >> empowering all users to control technology. >> > [0] https://status.fsf.org/notice/3796703 >> >> Heavily based on: >> >> [1] https://fsfe.org/news/2021/news-20210324-01.html >> >> [2] >> https://www.eff.org/deeplinks/2021/03/statement-re-election-richard-stallman-fsf-board >> >> End of text Seconded. -- Gard signature.asc Description: PGP signature
Re: Cancel "culture" is a threat to Debian
Sergey B Kirpichev writes: > The simple (not just one) problem is: I did (now, in past) some work for > the Debian - but I can't vote. Yet, the project do political decisions > on my behalf. Is it a problem when someone goes and works and pays taxes in a country where they're not a citizen? Does their inability to vote there bother you? Is it a problem if that country makes political decisions that they disagree with? signature.asc Description: PGP signature
Re: Cancel "culture" is a threat to Debian
Sergey B Kirpichev writes: >> Is it a problem when someone goes and works and pays taxes in a country >> where they're not a citizen? > > Oh, package maintainers are not Debian's citizens... Great idea, just > put this on the top of debian.org to attract new contributors. This > is not transfobic, right? In addition to what Pierre-Elliott wrote, I want to add: your last sentence seems entirely misplaced, and makes it quite clear that you're not actually interested in the topic at hand, but are instead engaged in some general culture war. signature.asc Description: PGP signature
Re: Amendment to RMS/FSF GR: Option 4, assert the need to learn and grow from recent events
Jonathan Wiltshire writes: > CHOICE TEXT FOLLOWS: > > This is a position statement of the Debian Developers in accordance with > our constitution, section 4.1.5. > > The Developers firmly believe that leaders in any prominent organisation > are, and should be, held to the highest standards of accountability. > > We are disappointed that issues of transparency and accountability in the > governance of the Free Software Foundation have led to unresolved and > serious complaints of impropriety by its founder Richard Stallman over a > number of years whilst in the position of president and as a member of the > board. In particular, we are deeply concerned that the board saw fit to > reinstate him without properly considering the effect of its actions on > those complainants. > > The Developers acknowledge that people make mistakes but believe that where > those people are in leadership positions, they must be held accountable for > their mistakes. We believe that the most important part of making mistakes > is learning from them and changing behaviour. We are most concerned that > Richard and the board have not sufficiently acknowledged or learned from > issues which have affected a large number of people and that Richard > remains a significant influence on both the FSF board and the GNU project. > > We call upon the Free Software Foundation to further steps it has taken in > March 2021 to overhaul governance of the organisation, and to work > tirelessly to ensure its aim is fulfilled. We believe that only through > properly accountable governance can members of an organisation ensure their > voice is heard. The Free Software Foundation must do everything in its > power to protect its staff and members, and the wider community, including > a robust and transparent process for dealing with complaints. > > We urge Richard Stallman and the remaining members of the board which > reinstated him, to consider their positions. > > The Developers are proud that contributors to free software come from all > walks of life and that our diverse experience and opinions are a strength > of software freedom. But we must never cease in our efforts to ensure that > all contributors are treated with respect, and that they feel safe and > secure in our communities - including when we meet in person. > > END CHOICE TEXT Seconded. -- Gard signature.asc Description: PGP signature
Re: Cancel "culture" is a threat to Debian
Sergey B Kirpichev writes: > Obviously, you want to turn the Debian into something "more than > that". But have you fixed all bugs in the packages you do support?) Is this how you behave when discussing political matters in general too? "This one important problem isn't fully resolved, therefore we cannot discuss anything else"? Humans, and organizations consisting thereof, do not work on the basis of a totally ordered list of priorities. -- Gard signature.asc Description: PGP signature
Re: Draft proposal for resolution process changes
Hello, and thank you for this effort. Russ Allbery writes: > A.2. Withdrawing ballot options: > > […] > > 4. The default option cannot be withdrawn. This is the most minor of near-useless pedantic comments on my part, but A.2.4 seems redundant: If only the proposer of a ballot option may withdraw it (A.2.1), and the default option has no proposer (A.1.7), then we don't really need a separate rule saying that the default cannot be withdrawn. Best, Gard signature.asc Description: PGP signature
Re: Renaming the FTP Masters
Felix Lechner writes: >> I'm a native German speaker and "Führer" is widely and >> completely uncontroversially used in German in lots of contexts > > That is, as you noted, somewhat true for the word "master" as well, > but your portrayal of a wide and unequivocal acceptance of the word > "Führer" in German society is fictional. [3] I am from Berlin, and > people hesitate to use the word anywhere near its historical > meaning—except in fringe groups. [4] Yes, but no one is advocating that we use the word "master" in its historical meaning relating to slavery, so that's hardly relevant. As has been repeated many times, there are non-problematic meanings of "master". So while German speakers, as you point out, may want to avoid speaking of a political leader as a "Führer", they don't seem to want to avoid referring to their driver's license as a "Führerschein". By the same token, it's reasonable for Debian to judge "master of a slave" and "master of the package archive" completely differently. -- Gard signature.asc Description: PGP signature
Re: Renaming the FTP Masters
Daniel Kahn Gillmor writes: > PS For people who are concerned that a retreat from the term "master" is >somehow the language police run dangerously amok, it's worth asking >why you feel so committed to the term "master" that you would fight >to keep the project we all work on using terminology we all can >acknowledge is confused and outdated. If someone is excited to >improve the project, even if you don't have the capacity to help them >do it, at least *let* them do it! As someone who did jump into the debate about the term "master", and regrets doing so (due to contributing irrelevant noise), I wanna say: Thanks for making this point, you are absolutely right! -- Gard signature.asc Description: PGP signature
Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public
Ansgar writes: > On Mon, 2022-02-14 at 18:47 -0700, Sam Hartman wrote: >> I think there are problematic uses of votes well beyond harassment >> though. >> >> * After this, I think the next vote is going to be about firmware. >> Do we want companies like Nvidia who may have opinions about how >> distributions should think about freedom looking at how people vote >> when they consider hiring DDs? > > They can already do the same for mailing list communication. Do we want > to avoid this by making mailing lists non-public (subscribers only, or > project members only depending on the list)? By this token, votes in democratic countries needn't be secret, because there are channels in which people publicly express their opinions.
Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public
Ansgar writes: > On Wed, 2022-02-16 at 13:27 +0100, Gard Spreemann wrote: >> Ansgar writes: >> >> > On Mon, 2022-02-14 at 18:47 -0700, Sam Hartman wrote: >> > > I think there are problematic uses of votes well beyond >> > > harassment >> > > though. >> > > >> > > * After this, I think the next vote is going to be about >> > > firmware. >> > > Do we want companies like Nvidia who may have opinions about how >> > > distributions should think about freedom looking at how people >> > > vote >> > > when they consider hiring DDs? >> > >> > They can already do the same for mailing list communication. Do we >> > want >> > to avoid this by making mailing lists non-public (subscribers only, >> > or >> > project members only depending on the list)? >> >> By this token, votes in democratic countries needn't be secret, >> because there are channels in which people publicly express their >> opinions. > > And indeed most votes are not secret such as: > > - votes in parliament or similar, > - votes by shareholders of publically traded companies, > - votes in general meetings of associations (maybe comparable to >the idea of GRs in Debian?), > - votes in many decision bodies. > > Some votes in these groups may be secret. > > Sometimes individual votes are only visible to members (say for people > present at association meetings); for Debian this might be comparable > to having the tally sheet only visible to project members. > > But you misunderstand the question: I asked why we insist on public > mailing lists if we are concerned about people possibly losing (or not > obtaining) jobs if they make their opinion known in some archived form. > There is no requirement to have lists such as -vote@ be a public list > if people feel unsafe if their opinion is publically archived. We don't insist on participation on those public mailing lists as a prerequisite in order to exercise one's constitutional right to vote on GRs or in leadership elections, though. -- Gard signature.asc Description: PGP signature
Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public
Sorry for replying twice, I accidentally left out one reply. Ansgar writes: > On Wed, 2022-02-16 at 13:27 +0100, Gard Spreemann wrote: >> Ansgar writes: >> >> > On Mon, 2022-02-14 at 18:47 -0700, Sam Hartman wrote: >> > > I think there are problematic uses of votes well beyond >> > > harassment >> > > though. >> > > >> > > * After this, I think the next vote is going to be about >> > > firmware. >> > > Do we want companies like Nvidia who may have opinions about how >> > > distributions should think about freedom looking at how people >> > > vote >> > > when they consider hiring DDs? >> > >> > They can already do the same for mailing list communication. Do we >> > want >> > to avoid this by making mailing lists non-public (subscribers only, >> > or >> > project members only depending on the list)? >> >> By this token, votes in democratic countries needn't be secret, >> because there are channels in which people publicly express their >> opinions. > > And indeed most votes are not secret such as: > > - votes in parliament or similar, > - votes by shareholders of publically traded companies, > - votes in general meetings of associations (maybe comparable to >the idea of GRs in Debian?), > - votes in many decision bodies. > > Some votes in these groups may be secret. True, but in the first two examples, we are talking about the votes of people who are beholden to other (groups of) people. The public has a vested interest in their parliament, and therefore also has a good reason to demand to see the votes of the parliamentarians. I don't think that we see Debian as beholden to outside interests that can demand anything of us? (Although, I guess one can see the Social Contract as this sort of relationship between Debian and the Outside World). > Sometimes individual votes are only visible to members (say for people > present at association meetings); for Debian this might be comparable > to having the tally sheet only visible to project members. To me, an internally open, externally closed, tally sheet seems like a very nice compromise. If such a proposal comes up during a voting secrecy GR, there is a good chance I'll rank it highly :-) -- Gard signature.asc Description: PGP signature
Re: Question to all candidates: registering Debian as an organization
Bill Allombert writes: > On Mon, Mar 21, 2022 at 09:41:49AM +0100, Christian Kastner wrote: >> Currently, the Project has no legal standing of its >> own, meaning that within any legal context, there is no Project. > > Indeed, it is a great feature of Debian that it is not bound to any > particular juridiction, it only exists through consensus of its members. > >> You can't donate to Debian, you donate to some other organization (SPI). The >> DPL can represent the Project only formally, as formally, it doesn't >> exist yet. The Project can't own hardware directly, or hold copyrights >> directly. It's all down to individuals. > >> A common pattern to address this within the open source world is to >> create a non-profit legal entity, e.g. the FSF Foundation or the GNOME >> Foundation. > > But a legal entity would be registered to some country (the US in the > above two cases) and would be bound to its juridiction. > What if the DPL is from some country under US sanction list like Cuba > used to ? What if we need the non-us archive back ? > (same, replacing US by the country of your choice) ? > > If there was a single Debian foundation, Debian members would be split > between those that are in the juridiction of the foundation and those > that are not and the former would be inevitably advantaged. Would moving such an entity in the face of adverse legal conditions, if and when they arise, be a difficult operation? (I have absolutely no idea myself) -- Gard signature.asc Description: PGP signature
Re: General resolution: Condemn Russian invasion of the Ukraine
Holger Levsen writes: > On Fri, Apr 08, 2022 at 01:35:14PM -0500, Gunnar Wolf wrote: >> Debian does not exist, legally :-) > > and that's a feature, not a bug. Could you elaborate on this? We've heard arguments for why it might be a bug – and we can have a discussion about whether that's true or not (I personally think that it is) – but in what way is it a feature? Best, Gard signature.asc Description: PGP signature
Re: Changing how we handle non-free firmware
On August 23, 2022 5:38:52 PM GMT+02:00, Simon Josefsson wrote: > I have no problem >with builtin non-upgradeable firmware -- see >https://ryf.fsf.org/about/criteria for rationale. Hi! I've always had a really hard time understanding that rationale, despite not doubting the FSF's good intentions. Would you indulge in an exaggerated thought experiment to help me understand? Machine A is a pretty normal laptop. It runs whatever you want, but in order for it to be usable, it needs non-free firmware. Say CPU microcode and some GPU firmware blob. Said firmware is upgradable (the user has to initiate the upgrade, but may not be able to load any code they want). Machine B has two independent CPUs. CPU 1 is wonderfully free, and in itself requires no non-free firmware to run. However, CPU 2 is completely outside of the user's control. It runs 10 GB worth of proprietary OS. On top of that is a proprietary emulator for CPU 1. CPU 1 is hard-wired to pass any instruction it executes on to the proprietary OS running on CPU 2, which executes it in its proprietary emulator. But hey, all that stuff running on CPU 2 is completely non-upgradable, burned in at the factory only and physically unchangeable. A debate about whether A or B is more free can perhaps be nuanced. But does the FSF rationale really imply that machine A is non-free while machine B is free? Thanks for indulging me with this silly thought experiment. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: On community and conflicts
Roberto C. Sánchez writes: > On Thu, Mar 16, 2023 at 12:29:12PM +, Holger Levsen wrote: >> On Thu, Mar 16, 2023 at 07:53:22AM -0400, Roberto C. Sánchez wrote: >> > Can we have a clear statement of what "directly affects people"? >> >> for those having lost people due to covid, hearing someone say >> it's a hoax, is definitly painful. and this affects Debian directly: >> >> so far we know about one dead DM (yes, Debian Maintainer) and personally I >> know several suffering from long covid. >> >> surprise: you're not invisble when you close your eyes. >> > Why don't you ask me about the people in my life who have been harmed by > and who I've lost to communist and/or socialist tyranny? Nobody is saying that "since X has harmed people, we cannot talk about X" (or that "if X has harmed people, we must talked about X", for that matter). The issue is that a project member used the project to spread lies/disinformation/falsehoods/conspiracies about X being a hoax. I'm sorry that people in your life have been harmed by a different X, but as long as Debian members aren't trying to tell you that that X is a hoax, I don't see how the topics are even remotely related. > We clearly have a politically biased process when it comes to what > behaviors/words/thoughts are being policed. I'm not even asking for an > unbiased treatment of everyone (though that would be ideal). What I am > asking for is that we have a clear statement of the bias that exists so > that people who are concerned about being affected these policies have > an opportunity to know beforehand. I for one am proud that the project is biased in favor of the best scientific consensus and evidence at hand, i.e. in favor of the best tools that we as a species have at our disposal to understand what is *true* in the physical world. Biased in favor of the truth, if you will. -- Gard
Re: [RFC] General Resolution to deploy tag2upload
Russ Allbery writes: > Ansgar 🙀 writes: > >> In addition it reintroduces trust in weak cryptographic hashes which >> effort was spent to remove. > > I think this concern is significantly overblown and attempted to explain > precisely why I believe that in my security review. I'll also point out > that using SHA-256 hashes in *.dsc files does not somehow mean that Debian > is no longer trusting SHA-1 hashes, given that most Debian development is > done in Git using SHA-1 hashes. > > I think we're all agreed that switching Git to SHA-256 hashes would be > great and, once that work is done, we should take advantage of it, > including in tag2upload. I have not more than skimmed the architecture, so forgive me if this makes no sense: Could this fear (whether overblown or not) not be alleviated by including in the tag2upload structured metadata a SHA-256 hash of all the files in the given commit? PS: Fantastic work by all involved! Tag2upload seems *wonderful*! Best, Gard signature.asc Description: PGP signature
