Am 08.01.2010, 17:22 Uhr, schrieb Sebastian Kügler <[email protected]>: > Hi Matthias, > > Thanks for contacting the KDE team. > > On Friday 08 January 2010 15:12:13 Matthias Andree wrote: >> I need help finding out who is responsible release manager for KDE 4.4, > > KDE's releases are managed by the release-team, a group of people from > various areas > that package, test and release the software. You can reach the Release > Team at > [email protected]. I've added this mailing list to the CC:.
Thank you. >> as I need to bring bug #162485 to his attention; there have even been >> sponsorship offers. Please provide me with relevant e-mail addresses or >> names of people, or a suitable mailing list. See >> https://bugs.kde.org/show_bug.cgi?id=162485 for details. > > This bug has indeed my attention, and as you note, it is a concerning > one. The > problem is, however, until anybody comes along and writes the code, even > sponsorship > requests don't help. There have been third-party offers in the bug report. > Maybe contacting a company that can help here with the available funds > would be the > way to go? At least that could help solving the "have money, need > feature"-problem. > There are some companies around that have done contracted work on KDE in > the past. The problem - to me - seems to be that showstopper bugs aren't stopping the KDE show to gain the necessary attention, and KDE isn't suitable for users who cannot work around the issue and add the trusted SSL certificates manually. I'd say deferring the release until it has the critical features might get the necessary attention, and possibly distributors such as Red Hat, Novell, or Mandriva might delegate their staff. Mark Shuttleworth (Ubuntu) also offered help to other projects in the "On Cadence and Collaboration" discussion a few months ago. >> KDE 4.X has always been lacking functioning SSL/TLS certificate >> management, and thus many sites are migrating away from KDE to GNOME, >> and KDE is unusable now that 3.x is de-facto unmaintained and 4.x only >> works with unencrypted connections. > > As far as I know, basic SSL support actually works in many cases. It's > the > certificate management that's lacking. I might not understand this well > enough, this > is what I've got from recent discussions (the one Richard Bos summarizes > in the bug- > report). Agreed on the "SSL works, but no Cert' management available" - there used to be mock-up dialogues that were sort of design previews, and I've seen them standalone as crypto kcmshell, and in Kleopatra, but I fail to understand why there are now four KDE releases with a fifth imminent, that lack an essential feature, and there isn't even a workaround of - for instance - looking into the default OpenSSL /etc/ssl/certs/ directory, or workaround instructions for distributors. > What we're dealing with here, is a complex and unfortunate situation. An > important > feature in our network stack is incomplete, and we haven't been able to > find someone > to work on this. This is something that can (and does) happen in > volunteer-driven > software projects, though. Additionally, SSL code is usually pretty > complex, so those > that understand it well enough, and can implement such a feature are > relatively rare > and often already very busy. I understand the resource issue, but that's not an excuse to pretend everything were in perfect order. The earlier 4.X releases were flagged as sort-of tech previews, but the later ones were announced as stable and suitable for production use, when they were not. Perhaps lessons can be learnt from how the Debian project deals with "RC" (release critical) bugs. At the very least, the bug should be upgraded to critical by someone with sufficient Bugzilla privileges and there should also be a public request for help with such critical features, and whom skilled people could contact should they have interest. I'm not skilled enough with Qt and KDE so I cannot offer coding help myself, I am also behind on my own projects, notably fetchmail and leafnode. I think a publicly visible call for help, or bug stomping fests, or more rigid "no new features accepted before bugs a b c n m are resolved" schemes might sell KDE contributors and large-scale users (thing distributors) a hint that there's something essential missing from KDE that needs help that cannot be provided by the project itself. I'm looking forward to the first KDE 4.X release that will feature proper certificate management... -- Matthias Andree _______________________________________________ release-team mailing list [email protected] https://mail.kde.org/mailman/listinfo/release-team
