On 12/4/2012 6:12 PM, Johannes Becker wrote:
It should be "we don't have a Debian packager, but Debian is an important distro so
we should advertise the fact that we'd appreciate help wherever we can".
Hello, I am just viewing from sidelines, trying to understand some
things about this project. It's hard to keep track of current status
regarding Debian package maintenance or general project direction,
health, etc. I spent this evening searching around. Below are listed
some observations.
14 months ago, 1.2.101 cycle starts, currently the highest release.
13 months ago Gunnar Wolf expresses an intent to stop maintenance.
8 months ago Leonel Nunez expresses an interest to take over maintenance.
6 months ago Leonel Nunez is listed as Bug owner, Gunnar Wolf still
listed as Maintainer.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648256
2 months ago, email confusion between users and developers, seemed to
indicate a strong anti-distribution attitude among developers.
http://lists.octality.com/pipermail/cherokee/2012-October/015629.html
1 month ago, Christophe Drevet expresses an interest to assist package
maintenance. Christophe, what results from your followup with Gunnar Wolf?
http://lists.octality.com/pipermail/cherokee/2012-November/015664.html
This month, same discussion going in circles?
Please correct if I misunderstand, but I think there are some highlights
of the discussion as well as general points to consider.
0) We are all here because we see something unique and valuable in this
server project and wish it to thrive. For some (devs), this may mean it
runs stable and that's all. For others (users), it means ease of
install, so they can share the server experience with others.
1) With all due respect to the core Cherokee developers, it seems they
only care about server code, not any distribution, maintenance of old
code or any user related issues besides providing GIT read access and
server functionality on their own systems.
2) Users may not agree with this view, but we must respect the
developers' wishes. We all have limited time, and should put our energy
where it will have the best results. They feel their energy is best
spent on core code.
3) We as users are spoiled by larger projects that have separate teams
for coding, web site, distribution, documentation, support, etc. We
have no right to expect or demand all this from developers, any more
than developers have a right to demand it of us.
4) If they wanted to, the developers could choose to adopt an attitude
and use wording that invites people to help with other tasks to help
expand the user base and attract more people to use their unique
software with a goal of attracting top infrastructure and developers to
their platform.
5) Also note, with more users comes more requests for support, which may
stress developers and take time from development.
6) The project seems to lack an experienced Debian Package Maintainer
who is familiar with the process of backporting.
7) Seems developers also have an aversion releasing tarballs or even
patch level version bumps? (major.minor.patch 1.2.101) At least for
the past 14 months?
8) Example of an issue that justifies backport (1.2.101 in unstable,
1.0.8 in stable)? Outstanding security bug in Debian, seems to have
been fixed 18 months ago in Git (should be in 1.2.101)?
http://www.openwall.com/lists/oss-security/2011/06/06/13 - Security
issue found 18 months ago
http://lists.octality.com/pipermail/cherokee/2011-June/014830.html -
"Let's see what we can do", response on mailing list, nothing after,
unclear if fully fixed or partially addressed.
https://github.com/cherokee/webserver/commit/38fbdc9fb49ddae9fb92bdef34a7b2e3e499dc1f
- most recent CSRF related GitHub commit comment, 18 months ago, (about
1 week or less from initial report). Not sure how to properly test this
and confirm the fix.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661993 - Bug
reported in Debian 9 months ago - no package changes made
9) Anti-release attitude gives impression that project is dead or at
best case, fatally stagnated. May hinders efforts to maintain any
packages for any distros.
10) Cherokee Project's Community page has been broken for months - Error
500 Internal Server Error
http://www.cherokee-project.com/community.html
11) Cherokee Project's Contributor page states a marketing intent to
spread the word to increase user base, however the developer's attitude
is completely the opposite.
12) Cherokee Project's Contributor page also goes to lengths I have
never seen for a GNU GPLv2 project, ever: the signing of a legal
document, which seems to intend to fill some perceived gaps in the GPL,
yet seems to be incompatible with the GPL. Anyways, great effort has
been set forth to ensure that people can continue to use the code
legally. Again, this seems at odds with the developer's attitude.
Anyways, I am interested to learn how to do some Debian package
maintainer tasks, but I would need a mentor, to show me each step of the
process. I have some programming and sysadmin experience with Debian,
but it's been a long time. I can set up a VirtualBox with Debian as a
test environment. My focus would be to learn to backport, and push out
a .deb package that has stable, secure code, but also to learn how to
choose what changes to backport and what to ignore, for stable, testing,
unstable or experimental, and to improve the test cases to ensure all
major bugs can be properly tested. However, before I invest such energy
to learn, I want to be comfortable with the project, not be fighting
with users or developers. Just want to get something simple for a user
to access, without wasting energy on politics or drama.
Leif
_______________________________________________
Cherokee mailing list
[email protected]
http://lists.octality.com/listinfo/cherokee
