Re: A quiet reminder: please be considerate.
Russ Allbery writes: ... > I have also checked all messages to the moderation queue since March 11th > and can't find any messages from Norbert, so whatever is going on there > seems to be happening upstream of moderation. His mail was both to me and the list. I didn't notice this and replied assuming that I was seeing his mail via the list, rather than the one that arrived direct to me. It turns out that he's been barred from debian-project for some time, apparently, so people on the list will have seen only my reply. Of course, if he's blocked, the mails won't get through, and they will also never get as far as being moderated, so that explains everything. I presume he was told about the block. [I'm Bcc-ing this to him to ensure that he definitely knows now] Sorry to everyone for any confusion arising from me replying onto the list -- I hope at least that the stats were faintly interesting. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Re: A quiet reminder: please be considerate.
Norbert Preining writes: > Hi Phil, > >> I've only rejected a handful of messages, and they were almost all >> obvious SPAM, and IIRC one trolling attempt from a throw-away address, >> not otherwise involved in the discussion. > > Obviously my emails have been considered spam or my email a throw-away > one, since from my last 4 emails to d-p not a single one has arrived. > > Reality seems to be very different from what you and Steve have written. Well, that's odd, because I cannot find a single instance of a mail from you being discarded, but perhaps I don't have a full set of data, or my notmuch search foo is weak? Here's the full set of data that I have: phil@rummy:~$ notmuch count --output=threads 'thread:"{to:debian-project and subject:APPROVE}"' 1346 phil@rummy:~$ notmuch count --output=threads 'thread:"{to:debian-project and (subject:DISCARD or subject:REJECT)}"' 276 These include a mention of your name (which in this case includes the From: because it's quoted in the body of the approval mail) phil@rummy:~$ notmuch count --output=threads 'thread:"{to:debian-project and subject:APPROVE}"' norbert 32 phil@rummy:~$ notmuch count --output=threads 'thread:"{to:debian-project and (subject:DISCARD or subject:REJECT)}"' norbert 0 and as a control, let's prove that this can provide results: phil@rummy:~$ notmuch count --output=threads 'thread:"{to:debian-project and subject:APPROVE}"' joerg 12 phil@rummy:~$ notmuch count --output=threads 'thread:"{to:debian-project and (subject:DISCARD or subject:REJECT)}"' joerg 1 Which looks to me as though we've had 1346 messages though moderation since it started (they all get sent out initially with 'APPROVE' in the subject, so that search also catches things that were rejected in the end), of which 276 were discarded/rejected. In that period, you seem to have sent 32 messages, none of which have I seen a rejection/discard reply for. I suppose there would also be the possibility that none of the moderators replied at all, but looking at all the moderation mails that match 'norbert', each thread includes at least 2 messages, so at least one moderator has replied to each. If you tell me message-IDs for the missing messages, I can have a hunt for them if you like. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: A quiet reminder: please be considerate.
"Andrew M.A. Cater" writes: ... > * It shouldn't need twenty people to make a point or start arguments and > counter arguments. If someone has already written what you would have wanted > to write, that's fine: in many cases you can safely leave it there. > The list is moderated: the volunteers moderating the list and everyone > reading the list will appreciate you for not providing more to read through. I'm a little concerned that this mention of moderation could give the impression that we're filtering messages based on tone or content. Unless I've misunderstood completely, we do not judge the content of the messages, except that we filter out very obviously abusive trolling that the list was suffering prior to moderation, and obviously drop SPAM/Phishing/etc. if we see it. As one of the moderators, I occasionally get the chance to approve/reject messages (on the rare occasions when the other moderators don't beat me to it). I've only rejected a handful of messages, and they were almost all obvious SPAM, and IIRC one trolling attempt from a throw-away address, not otherwise involved in the discussion. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Banning Norbert Preining from planet.d.o
Adam Borowski writes: > On Wed, Mar 23, 2022 at 08:38:02AM +0200, Jonathan Carter wrote: >> > Can we delete him from planet? >> >> Any DD can do that... oh wait that includes me... done! > > I went bold and reverted this removal; If you think Jonathan got it wrong, try persuading enough of the rest of us to your view, and then if you were to succeed, the change will be trivial to revert. FWIW I don't remember being glad to have read anything by Norbert for a very long time, but I've probably trained myself to skip past his posts, so I could probably pretend that he's harmless if I really tried. However it seems pretty clear that his behaviour does hurt others, and I do care about that, and I cannot see what benefit is supposed to somehow offset that harm in order to justify him remaining on Planet. I note that nobody in this discussion so far has tried to argue that we'll somehow be poorer for being less exposed to his writings, but only that some procedure might not have been followed properly. Cheers, Phil. P.S. the resort to an argument about procedure does seem very reminiscent of the recently referenced wartime sabotage manual. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Salsa call for volunteers (was: Salsa upgrade, history and future)
Joerg Jaspert writes: > We are looking for volunteers to help out with Salsa. If it would be helpful to have someone that doesn't mind doing tedious stuff, but tends to have quite bursty availability, and has only dabbled in Ansible, then I'm happy to help. In theory I'm already part of the team (to the extent that I get to read the same spam as you do on the mail alias ;-) ) but I got very busy when Salsa was first being set up so didn't do anything then, and didn't really see (or look for TBH) an opening to get involved since. Given my almost complete lack of activity until now, I would completely understand (and not be even slightly upset) if the answer is 'no', but in that case please remove me from the salsa-admin mail alias. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: What does it mean to be inclusive
Felix Lechner writes: > Hi, > > On Mon, Feb 21, 2022 at 7:28 AM Sam Hartman wrote: >> >> In my model, the bar for excluding an individual, particularly at the >> beginning is very low. >> >> * We expect people to agree to the social contract. >> That's a big exclusion; a lot of people don't care about those >> principles. >> >> * We require people to agree to the CoC; that's another big bar. >> >> * At various levels of involvement we work to confirm people are >> willing to follow these things to various degrees. >> >> In effect, we have a bunch of exclusions for making the community more >> welcoming, because over all in aggregate doing that creates a more >> inclusive community. > > A community with a low bar for expulsion is not inclusive. It is selective. AFAIK we average about an expulsion a decade, so how much higher a bar do you want to set for expulsions? BTW I would interpret this mail of yours as pointlessly argumentative, which strikes me as a continuation of the pattern that others have pointed out. Please give it a rest now. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Polling informally Debian Contributors
Sam Hartman writes: > While discussing secret ballots over on debian-vote, we got a little off > topic and started discussing the value of a mechanism to express > agreement/disagreement with messages in a mailing list thread. > > >>>>>> "Russ" == Russ Allbery writes: > Russ> Philip Hands writes: > >> The bit that was supposed to be the conclusion of that was that > >> it might be good if we had some mechanism for collecting opinions > >> related to mailing-list mails/threads that was private, and > >> didn't involve making (often already long) mailing list threads > >> longer in order to express an opinion, but I think that's going > >> OT so should be discussed elsewhere, probably after setting up a > >> prototype. > > Russ> For the record, I like this, and in general I think there are > Russ> multiple areas of Debian where we could benefit from being > Russ> able to take a quick pulse of the mood of affected > Russ> contributors without relying solely on what people are willing > Russ> to write in (sometimes contentious) email threads. > > Neil did set up a prototype of Discorse a while back. It has good > facilities for this kind of informal polling as well as good facilities > for rearranging threads and that kind of thing. It's a bit different > than our mailing list culture. > > If I wanted to run such an informal poll today, I'd set up a salsa issue > for the discussion or at least for the parts where I wanted to get > thumbs up/down to various statements. > > I too think that such informal mechanisms would be valuable. What I had in mind was something rather different from that, I think. I would hope to have a way of responding to any mail in our mailing lists, preferably via something that I could bind to a keystroke in my mail reader, without needing anyone to set up a poll in advance. I'd expect the service to keep a tally, but keep the identities of voters secret. I'd also restrict the right to vote (with criteria depending on the mailing list) to avoid people making up IDs to skew votes, or random passers-by voting because they found a link somewhere. With such a service, one could gather opinions simply by saying "Please respond to this mail via the thumbs-o-matic" and have an instant poll with no effort. Also, if someone started a divisive GR discussion, instead of it immediately starting a flame war, it might instead mostly provoke a big thumbs down on the thumbs-o-matic, and one of the responses to the discussion could simply mention that fact, pointing at an automatically generated graph. That would then give the proposer the chance to encourage their claimed silent majority to see if they can push the figures into the positive, and if not, one could hope that the proposer would have the sense to give up early. I could also imagine setting up my mail program to query the thumbs-o-matic to help it decide how to sort or present my mail. If a lot of people adopted demoting unpopular threads in that way, fewer people would be drawn into some of our more pointless discussions because they'd be more likely to skip reading them, before becoming upset. People might not feel quite as strong an urge to tell someone they were wrong via mail, if the mail they were disagreeing with had some marker indicating to them that it had already been disliked by quite a few others. One possible downside of this is that if it were easily possible to query it for the most unpopular threads in Debian, it may become either a shopping list, or some sort of badge of honour, for trolls. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Debian and fingerprint readers
Wouter Verhelst writes: > On Thu, Mar 04, 2021 at 05:57:15PM -0500, Sam Hartman wrote: >> The parts of Debian that are trying to do that are some of the desktop >> environments. So, I'd approach the maintainers of Gnome and KDE and >> see if they are interested in recommending this functionality. > > It could also be added to the laptop task, which would mean it would be > installed by default on all laptops that are installed with debian-installer > > Alternatively, d-i has some hardware detection functionality, to install > the correct drivers for hardware that is found. One could add entries > for supported fingerprint readers to the hardware detection in d-i, and > then install the necessary packages. > > The hard part, however, is configuring all this so it works correctly > out of the box, also for users who don't want to use it. For users that don't want to use it, I'd suggest that the only correct answer is for them to never have had the software on their computer at any point, given that it's security sensitive software, and any bugs may well have the potential to hurt. I presume if one installs this software, that even when the screen is locked, when someone swipes a finger (or a specifically crafted toxic pattern for that matter) on the reader, that something will be provoked to run that would not have been run if it were not installed. That seems like an increase in attack surface to me, that we should not lightly inflict on unsuspecting users just because *shiny finger scanner*. I'd expect that people that want their fingerprint scanners to be in use are mostly aware of that fact, so as long as we make the optional packages easily installable, that seems completely sufficient to me. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Keysigning in times of COVID-19
rhkra...@gmail.com writes: > On Wednesday, August 19, 2020 09:33:04 AM Wouter Verhelst wrote: >> If the term "malicious DD" is reasonable, we have a bigger problem than >> "votes twice" or "uploads a backdoor". >> >> aka, "a malicious DD exists" is already a problem. > > Do you have a suggested solution? > > I believe there are circumstances in which a non-malicious DD could evolve to > a malicious DD. > > Or that a malicious DD could be very hard to detect if he didn't want to be > detected (e.g., sociopath / psychopath). Conjuring up a "mallicious DD" seems to carry with it the assumption that only bad people do bad things, which seems naive to me. This conversation reminds me of the trade-offs involved in airport security. One can decide to spend money on security theatre (e.g. expensive scanners) or general resilience (e.g. more ambulances and emergency responders). The former are much easier to point at, but the latter do more to save lives because people having a medical emergency while queing for checkin is _way_ more common than someone with actual terrorist intent deciding to try to sneak an actual weapon through security. In this situation, tightening up our proceedures regarding keys strikes me as much closer to the security theater end of the spectrum, while efforts like Reproducible Builds are at the general resilience end. If I were a sociopath contemplating sabotage in the Free Software sphere, going to the effort of becoming a DD, even for the first time, would be nowhere near the top of my list. Does DAM actually have any cases at all where they suspect a previously expelled DD of trying to sneak back into the project under a new ID? If not, then either our proceedures are already broken enough that temproarily slackening keysigning protocols won't make the slightest difference, or the threat is probably not worth worrying about. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: FW: [External] Re: ThinkPad laptops preinstalled Linux
Mark Pearson writes: >>> 3. Rescue partition >>> >>> Laptop manufacturers usually don't ship with physical media anymore. >>> Instead, the laptops have a rescue partition on them for >>> re-installing/resetting the machine. >>> >>> As far as I know both installers we currently use in Debian are fine >>> from installing from a rescue partition, we just need a nice way to set >>> that up when initially performing an oem style setup from our >>> installation media. (again, not a huge technical problem, but probably a >>> bit more work than #2). > Actually I have an ongoing exercise to improve the recovery side of > things with a meeting later this afternoon. You could do a lot worse than providing a copy of Grml on the disk: https://grml.org/ Of course, Grml isn't a direct output of the Debian project, so perhaps people might take issue with having that as the "Debian Recovery Option", but it is closely based on Debian, and includes a couple of ways of installing vanilla Debian, having booted into Grml. Then again, Grml inherits anyi problems with unsupported hardware that Debian has, so may need things fixed before it's suitable, depending on the current issues on any particular hardware. Cheers, Phil. [ Typed on my X230 :-) ] -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: distributed moderation of mailinglist
Felix Lechner writes: > Hi Geert, > > On Sun, Feb 23, 2020 at 1:56 AM Geert Stappers wrote: >> >> Vision I have for a healthy ML is like nice village >> that is becoming a nice town. Citizens are aware it >> is their own habitat and it is their interrest to keep >> in a good shape. > > One person's vision often turns out to be another's horror. > >> Posting of subscriber with establish repuation >> go through without a delay. > > A review process after someone's posting received complaints would be > better. It should be public. Are you upset by the fact that quite a lot of spam is currently being silently blocked, automatically? I suspect not. I think this should be considered to be an additional measure that can be added to the current armoury of anti-abuse measures that are already in place. The thing that distinguishes this one is that a human gets to look at the mail, rather than it being automatically rejected. It ought to allow us to reject more abuse, without significantly increasing the false-positive rate. If you really think that we're going to have a problem with moderators blocking mails from real people who want to do constructive things related to Debian, then we could always include some sort of appeals mechanism for people that feel that they've had mails unfairly rejected. Do you really expect such a mechanism to be needed? Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Some thoughts about Diversity and the CoC
Philip Hands writes: ... > "I wish I could say I would would have charged against him" Argh -- I messed up the edit of that line too *blush* -- here you go: "I wish I could say I would _not_ have charged against him" Oh well, never mind. Have a nice New Year everyone :-) Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Some thoughts about Diversity and the CoC
Ansgar writes: > So what is the "I wish I could say I would have charged against him" > supposed to suggest to the reader? That sentence struck me as one where there is a very high probability that a "not" was missed out in error, as a result of the intensity of the feelings being expressed. The reason I say that is because it doesn't quite make sense as it is, whereas it would make a lot more sense if it were: "I wish I could say I would would have charged against him" If it were meant as you were reading it, there really is no need for the bit about "wishing". One could just say: "I would have...". That being the case, I suggest you check that what you're complaining about wasn't just a typo. While you're about it, you could also check what prompted you to go on the offensive against someone that was already obviously upset. It really doesn't reflect well on you, and it is absolutely certain not to help anyone. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: GR proposal: mandating VcsGit and VcsBrowser for all packages, using the "gbp patches unapplied" layout, and maybe also mandating hosted on Salsa
Norbert Preining writes: ... > I am personally not upset at all, On reading back what you wrote, I see that the impression I'd somehow gained has no basis in fact, so I'm sorry for even suggesting it. Perhaps it was just the brief flurry of "Reply to every email" behaviour that set some unconscious flag in me, probably harking back to Joey's thread-patterns post. Anyway, it looks like people are speaking up for themselves now, which is good. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: GR proposal: mandating VcsGit and VcsBrowser for all packages, using the "gbp patches unapplied" layout, and maybe also mandating hosted on Salsa
Norbert Preining writes: ... > Fine with me, strongly recommend git - anyway, it is already a fact that > it is the de-facto standard, so this is a non-argument. My argument is > for those developers who might have other ways/interests. Would it not be worth waiting for them to respond to this issue themselves, rather than immediately firing off a series of emails that give the impression that you are personally upset about this? You may be responding on behalf of people who turn out not to exist. Cheers, Phil -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: GR proposal: mandating VcsGit and VcsBrowser for all packages, using the "gbp patches unapplied" layout, and maybe also mandating hosted on Salsa
Steve McIntyre writes: >>3- Mandating using Salsa as a Git repository. >> >>I do believe #1 will pass easily, but that it's useless without #2, and >>there is some kind of uncertainty. For #3, I'm not even sure we should >>vote for that, I probably even prefer it not to be voted for myself, >>though what's annoying me is having to pull some packaging from non-free >>services such as Github, and this would make an end to it. > > There are genuinely good reasons for *not* using salsa. If the debian > packaging is directly included as part of the upstream git repo(s) > somewhere else, for example. It's a good thing to encourage salsa > usage (and I agree 100% with that for most things), but let's not > argue about making things mandatory please. If the problem one is trying to fix is people keeping the only copy on some proprietary service (which I think Thomas cited as motivation), perhaps it would be sufficient to suggest/recommend that people have an additional repo on salsa, and set up the hooks to ensure that every push gets immediately bounced onto salsa. I'd think that most people would have few objections to doing that, especially since it gives them the reassurance of a backup. Perhaps all that's really needed here is documentation to point people at that tells them how to do it easily easily. Of course there's still the question of how to deal with the metadata surrounding the repo, that might be stuck inside the proprietary service, so maybe that's not a complete fix. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: farewell
Marc Munro writes: > I feel bad about this, but I'm breaking up with you. > > I've been using Debian for 20 years and in that time I've never strayed > to other distributions. But Buster is too much. Hi Marc, I certainly sympathise with several of you comments. I'm currently doing my biannual-ish tour of the default setup, and packagekit also came to my attention, not in a good way. [and just now Emacs got killed while I was just about to send the first version of this mail, so I think my visit to Gnome-land is nearly over] Anyway, I don't really see that as a reason to abandon Debian. If you want the software you prefer to use to be sustainable, you need to at least use it, and preferably report useful bugs when you find them. Walking away just allows the problems that upset you to get worse. As it happens there's a good opportunity to highlight the sorts of problems you are raising this Saturday, at DebConf19 in Brazil: https://debconf19.debconf.org/talks/84-100-paper-cuts-kick-off/ There was however one particular point you made that caught my eye: > And binary logs and a "smart" viewer for them? If you want to make > logs flexible, log stuff to a sql database. But only as an option, not > by default. Don't make the log system a point of failure. Don't take > away my ability to use grep on a file. Or awk, or perl, or a script. > That is the essence of Unix and it's being lost. I rather like the binary logs of journalctl, as it allows one to list messages from previous boots in a way that makes it _very_ easy to find out that your current problem is not down to some error seen in the boot log, because it turns out that same message was in the boot from last month, so can be safely ignored. That being the case, I _know_ that I have to explicitly enable binary logging, by creating /var/log/journal/ (which is absent by default on Debian). Your comment made me wonder if this had changed recently, so I added a test for it (I've seen this zombie rumour too many times already, so having an easy place to point out that it's nonsense seemed justified): https://openqa.debian.net/tests/1450#step/_collect_data/28 The screenshot there is made on a just-installed default Gnome system (bullsye rather than buster, but they're effectively the same just now). As you can see, all the text logs are there for your grep-ing pleasure, having been produced by rsyslogd as you would expect, whereas /var/log/journal/ is absent, so there are no binary logs being saved. So it seems just a little odd that you managed to get upset by it. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Sounding board for Debian forums?
Ben Finney writes: > Eldon Koyle writes: > >> Is there some kind of software that could help people break down their >> claims into fundamental parts, then get feedback on the parts >> individually, maybe even refining their viewpoint as the discussion >> evolves? > > Prior to considering technical solutions: Have you got any examples of > real dispersed communities that are able to avoid the problems you you > described? > > Regardless of technology, I'm not aware of any forums that achieve the > kind of formal structure you're talking about, because humans who need > to have representative participation tend to be discouraged by greater > formal or technical barriers. > > So what real-world examples would you point to as a counter to that > tendency, and how do you think technology helps achieve that improvement > in those real-world cases? I'm not sure this addresses your concern directly, as I've no idea if it has specifically been used by whatever you define as a "dispersed community", but Minister Audrey Tang mentioned in her talk at DC18 that they had used an interesting approach to sorting out the Uber vs. Taxi vs. users situation in Taiwan, which you can see from something like the 13th minute onwards, here: https://debconf18.debconf.org/talks/135-q-a-session-with-minister-tang/ She gets onto the technical solution used in the 17th minute, which is pol.is, which appears to be an open-core system, with the Free version being here: https://github.com/pol-is/polisServer (Note the existence of a contributor agreement) The thing that impressed me about this (as described in the video) is the way that it seems to amplify the constructive aspects of the conversation. I can of course think of problems with using such a thing in Debian, the main one being that unlike with government, one cannot just issue orders to our volunteers, so it is entirely possible that everyone _not_ doing some job in Debian are agreed on how it should be done, but not willing to do it, while the people actually doing the job have another idea. However, if one is trying to reach a wide consensus, and the people involved are willing to engage with such a system in order to try to find out what people think, and interested to do whatever looks like the consensus, and assuming we can ensure that we don't get invaded by trolls, but equally are able to get non-debian people with legitimate interests in whatever question to join in, it might be worth a look. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Debian supports pridemonth?
Marc Haber writes: > On Tue, Jul 02, 2019 at 10:35:21AM +0200, Martin Steigerwald wrote: >> How about a month of welcoming *all* contributors regardless of their >> skin color, their sexual orientation, their political viewpoints, their >> appearance? > > Does having a "month of welcome" for $GROUP not imply that we're not > welcoming $GROUP all the other time? I think it's possible that you can answer that yourself, if I ask an analogous question: Does having a Bug Squashing Party not imply that we're not welcoming bugfixes all the other time? Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Accessibility of Ledger Reports
Stefano Zacchiroli writes: > On Wed, Jun 12, 2019 at 03:36:09PM -0400, Sam Hartman wrote: >> Well, in general, people are trying to share these reports in email, so >> I'm not quite sure how that would work. >> >> But yes, GUIs or web UIs do work fairly well for this. > > Can you check if Fava (a web UI for beancount) works well for you? There > is a demo link on the project homepage: I know you were originally asking about reports, rather than something to look at the data with, but just in case that might help (which seems to be what the beancounter suggestion implies), you might also want to look at hledger (a pretty-much drop in replacement for ledger). hledger has both a web interface, and a curses-style ui for exploring ledger files. They are in the hledger-web and hledger-ui packages respectively. I've not actually used either of these very much, so cannot give an opinion about which is better. I would guess that the hledger-ui thing would suit you better, but that's could well be based on unfounded assumptions. BTW The web UI provokes one's browser to connect to the port that it opens locally (which might be a bit of a surprise). There are a few differences in what hledger supports: https://github.com/simonmichael/hledger/wiki/FAQ#features but I don't find it difficult to keep my accounts compatible with both. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: RFC: endorse debian-mentors as entrance to our infrastructure projects
Adrian Bunk writes: > On Sun, Jun 09, 2019 at 02:56:53PM +0200, Philip Hands wrote: >> Adrian Bunk writes: >> > On Sun, Jun 09, 2019 at 12:55:14PM +0200, Jonas Meurer wrote: >>... >> >> [1] Let me give two examples for such "infrastructure projects": >> >> */ Many in Debian agree that Debbugs could need some love, but still >> >> it's developed and maintained largely by one brave soul. >> >>... >> > >> > What will happen if a newbie starts asking questions about debbugs on >> > debian-mentors? >> > >> > Will the questions be ignored, or will you try to force this one brave >> > soul to become a mentor for whatever people from the internet start >> > asking questions? >> >> Are you coming up with hypothetical worst case scenarios because you >> actually think something about this is a bad idea? or because you do >> not think the problem described exists? or just because you think life >> is a hopeless shuffle towards our inevitable oblivion and that any >> glimmer of hope needs to be exposed as the delusion that it is? >>... > > Why are you assaulting me personally? That was supposed to be humorous hyperbole, but clearly it missed its mark, so I apologise. > This was one of two examples provided by Jonas, > and I was questioning how it would work in practice. If you look at what I wrote, I asked you a series of questions to discover why you were apparently being negative about the suggestion. Having looked again at what you wrote, I see that you were also just asking a series of questions. Perhaps now that you've assumed that what I wrote was an assault you may be able to better understand how your original series of negative questions could be open to an abusive interpretation. > If you disagree with me, there would have been civilized ways to do > so. I've no idea if I disagree with you, since you didn't actually say what you think AFAICT, since you tell me that what you wrote were just some questions. > The sun is shining and I'd rather go outside than wasting more time > on an abuser like you. An entry in my kill file will protect me from > receiving further assaults. Well, I guess you won't see this then. *sigh* Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: RFC: endorse debian-mentors as entrance to our infrastructure projects
Adrian Bunk writes: > On Sun, Jun 09, 2019 at 12:55:14PM +0200, Jonas Meurer wrote: >> Hi, > > Hi Jonas, > >>... >> So here's the idea we came up with: We could explicitely broaden the >> scope of debian-mentors to include any questions regarding Debian >> infrastructure software. >> That basicly would mean to explicitely mention "questions on >> infrastruc-ture projects" in our docs about debian-mentors. >> Additionally, when the infrastructure teams don't have time to mentor >> new contributors, they could point them to debian-mentors. >> >> My hope is that having debian-mentors as an endorsed entry point for >> diving into Debian infrastructure would lower the entry barrier >> significantly for new contributors who'd like to dive into our >> infrastructure software projects. >> >> What do you think about this proposal? > > who will provide the answers to non-trivial questions? > > For most packaging questions a list with plenty of DM/DD is sufficient > to get an answer. > > For the typical infrastructure project the number of people in Debian > who can answer non-trivial questions is in the low single-digits. However the number of people who know who those people are is considerably higher, which might well be part of the problem that makes getting involved hard for newbies. Also, if the same question comes up again, if it was asked via -mentors the first time it might well be possible to refer the latest newbie to the previous reply without needing to bother the limited resource. >> Cheers >> jonas >> >> [1] Let me give two examples for such "infrastructure projects": >> */ Many in Debian agree that Debbugs could need some love, but still >> it's developed and maintained largely by one brave soul. >>... > > What will happen if a newbie starts asking questions about debbugs on > debian-mentors? > > Will the questions be ignored, or will you try to force this one brave > soul to become a mentor for whatever people from the internet start > asking questions? Are you coming up with hypothetical worst case scenarios because you actually think something about this is a bad idea? or because you do not think the problem described exists? or just because you think life is a hopeless shuffle towards our inevitable oblivion and that any glimmer of hope needs to be exposed as the delusion that it is? Personally, I think this is a good idea. At worst someone might get told to talk the people that they'd eventually have worked out they needed to talk to anyway. Given pabs's enthusiastic response it seems to have a good chance of achieving a much greater success than that. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Question for Planet Admins: What Should I do if another Developer Removes my Blog
Scott Kitterman writes: ... > I think defaulting to silencing people is the opposite of openness. It does not strike me as defaulting to silencing people, to allow the people we all effectively trust with root on all of our systems (DDs) to exercise their judgement, and very occasionally apply it to ensure that reputational damage does not accrue to Debian from a misjudged blog post. > I don't recall for certain how much blogging there was about systemd > during ... If someone does start using this as a weapon, I'm sure we'll work out that they probably don't deserve the trust implicit in being a DD. Apparently (as Jorg pointed out) it has not happened to date (not even during the heat of the systemd debate) so I see no reason to assume the worst. I hope that the fact that you apparently have more pessimistic expectations does not indicate that you would find it acceptable to remove someone else's blog simply because you disagree with them. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Censorship in Debian
Christian Kastner writes: > We agree on this: Debian's is a (very!) limited form of government. > However, I argue that censorship is within these limits. Debian doesn't even have enough legal existence to open a bank account, let alone apply even the lightest form of coercion to someone. How is that anything like a government? There is no territory or jurisdiction into which one can stumble by mistake and find oneself suddenly within the zone of influence of Debian. There's not even any way of persuading the people with the job titles in Debian to do anything if they happen to lose interest for some reason. The only real sanction that can be exercised in the name of the project is the removal of a previously granted privilege. Since those privileges are not rights, one cannot demand that they be maintained or even really expect them to be maintained, since they all depend upon donations in one way or another, where those donations are certainly not guaranteed to continue indefinitely. Alleging that removal of such privileges amounts to an infringement of rights[1] simply makes no sense. Cheers, Phil. [1] using the word "censorship" suggests a belief in a right to demand syndication for one's blog, which is not a right I'm aware of. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Planet Debian revisions
Jonathan Carter writes: > On 2019/01/02 19:54, Enrico Zini wrote: >> If I'm still on time, I'd suggest: "personal fights, insults, or slurs", >> as I'm not sure how much we can give for granted that everyone >> understands that using slurs counts as insulting. > > IMHO we're going to have to revisit these rules a few times to get it > right, so even after this round of edits I think we should be open to > suggestions and possibly cutting some cruft too so that it's easier to > read. But for now I think these initial additions will help to address > some of the most pressing problems. > > I've added everyone's suggestions because I think they were good, here's > the updated section on a subpage: > > https://wiki.debian.org/PlanetDebian/ProposedChanges > > If I get two +1's I'll go ahead and change it. +1 Cheers, Phil. P.S. with the caveat that I'd prefer "contact" to "reach out to", but that's probably just me showing my age, or some such. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Do we need embargoes for GPL compliance issues?
Ian Jackson writes: > Ben Hutchings writes ("Re: Do we need embargoes for GPL compliance issues?"): >> As you may know, an individual copyright holder in the Linux kernel is >> understood to have succesfully sued various infringing companies > > Bet you a dime to a dollar that these same infringing companies are > vigorously opposed to GPLv3 with its much more reasonable termination > clause. (In GPLv2 your licence is automatically terminated as soon as > you violate.) > > I have no sympathy for them at all. Hoist by their own petard. Don't > want our bugfixes to the licence ? Fine, keep the bugs you care about > too. > > I don't think Debian is at significant risk even from the trollish > people being discussed here. As I understand it (IANAL), the troll in question is using a wrinkle of German law to send out paperwork that has a rather short time-limit to respond, which railroads the victim into signing something, after which that can be used as leverage in a second complaint to extract money from the victim. There is not much chance of Debian getting our act together inside the deadline and signing something, even if we wanted to, which makes us pretty-much immune to this attack. The alternative route is to defend the case immediately. When that happened recently and a judge took a look at it, the troll's case went really rather badly. I'd guess that any slightly clued up troll is going to see that Debian is a terrible target to choose. We're not going to take the easy route of simply signing something to make the case go away. We're likely to get lawyers willing to act for us for free. We definitely don't make any money out of any violation we might be accused of, so calculating damages is going to be hopeless. The troll will get their clever little scheme rather more publicity than they'd prefer, which will make it that much harder to do it to the next victim. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Naming A New Build
On Fri, 26 Jan 2018, nem live <nemofbaltim...@gmail.com> wrote: > On Jan 6th we lost a very intelligent, and debian driven soul. > My best friend Travis, who made me use debian passed away. > Everything I know about Linux is because of him. Please accept my condolences. > Is it possible to get a future build/distro named after him? Note that I am not a Release Manager, and so am not involved in the selection of release names. It just struck me that your question deserved an answer, so I'll try to give you one. As you may know, our scheme for naming releases (since we started using codenames) has been to use characters from the Toy Story films. To date we've not varied from that, despite there having been several prominent Debian contributors who have died over the years. We have dedicated some of our releases to some of those, but in a project this large we would often have several candidates for each release, as you might be able to judge from this partial list: https://joeyh.name/hacker_tombstone/ This means that it would be rather awkward to go down the road of naming releases in memoriam. It might raise questions of which of several candidates should receive the honour, which is likely to leave some people who are already having to deal with the loss of someone they love feeling rather less happy than if we'd never started on such a course. I hope that you find a way to commemorate Travis adequately, but I'm sorry to say that I suspect that it will have to be something other than having a Debian release named after him. Yours sincerely, Philip Hands. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: I'm scared and offended by your kfreebsd port. Sorry. Please help me feel better?
Hi Christopher, Christopher Chalmers <cchalmers...@conestogac.on.ca> writes: > Hi Debian project! > > I had used Debian 6.5 and Debian 6.7 and tried Debian 7.0 – 7.2 And I > liked them, but I found out that freebsd with the young devil mascot > and a devil head icon, was part of Debian and it scared the sh#t out > of me. You appear to be judging things based on their outward appearance, while not really looking into the details at all. https://en.wikipedia.org/wiki/BSD_Daemon You'll notice that page is titled BSD _Daemon_, not BSD Devil. If you read that page, you'll discover that Unix and thus Linux has long running processes that are called "software daemons", that do the work of keeping the system running properly. This use of the word "daemon" comes from Greek mythology, as you can see here: https://en.wikipedia.org/wiki/Daemon_(mythology) and therefore has no relation to devils, or even to demons (except by being a homophone). The cartoon mascot is thus a visual pun, since it depicts a demon, rather than a daemon. The joke continues with the fact that the mascot is called "Beastie" which is a homophone of BSD. > Sent from Mail for Windows 10 I note that you apparently have no qualms about using software from Microsoft, despite them being convicted repeat monopoly abusers: http://www.sfgate.com/news/article/Microsoft-Ruled-a-Monopoly-Court-finds-firm-2899336.php http://newsok.com/article/3154388 http://www.networkworld.com/article/2272627/applications/europe-charges-microsoft-with-abuse-of-monopoly-again.html http://www.nytimes.com/2013/03/07/technology/eu-fines-microsoft-over-browser.html Might I suggest that you contemplate those facts, perhaps in conjunction with Mathhew 7:18 https://www.kingjamesbibleonline.org/Matthew-7-18/ However, I'm not sure if that's going to make you feel any better. Sorry. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Debian contributor Register of Interests
Russ Allbery <r...@debian.org> writes: > Nikolaus Rath <nikol...@rath.org> writes: >> On May 10 2017, Russ Allbery <r...@debian.org> wrote: > >>> and no conclusions should ever be drawn from it? > >> I don't think anyone has said that. > > Quoting from the originally proposed wiki page: > > | The following people have added themselves to this list. No-one should > | assume that the presence or absence of a person from this list implies > | any conflict of interest or misconduct within Debian. > > I'm agnostic on the merits of collecting this data -- I can see both > sides. But I think the above paragraph is unrealistic, and if we want > that paragraph to be true, we should not gather the data in the first > place. Quite. Also, I suspect that anyone that might be tempted to misbehave as a result of CoI will not have filled in their entry anyway, which makes me wonder what useful purpose this could serve beyond a virtue signalling opportunity. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Formal declaration of weak package ownership in source packages (was: Replace the TC power to depose maintainers)
Scott Kitterman <deb...@kitterman.com> writes: > On Monday, December 12, 2016 01:16:49 PM Ian Jackson wrote: >> Scott Kitterman writes ("Re: Formal declaration of weak package ownership in > source packages (was: Replace the TC power to depose maintainers)"): >> > If anyone can unilaterally add themselves as maintainer (to pick one >> > proposal as an example) and make intrusive package changes (since >> > they are a maintainer), there's really no maintainer at all. >> >> I was suggesting this only for the situtation where there is only one >> maintainer. > > I know, but once it's one, then it will be two, because reasons. > >> > I do sense a general trend of the conversation towards the idea of >> > undermining package maintainership. Push to hard in that direction >> > and you get revert wars and even larger chunks of the archive left >> > to rot. >> >> I think we have a problem that a few maintainers are unresponsive to >> external corrective input, or uncommunicative (except to block). I >> don't think our systems for dealing with such situations are any good. >> It mostly seems to involve having a conversation (necessarily) full of >> personal attacks, on the TC list. > > I agree the current system isn't working, but I think if you optimize for > these relatively rare hard cases, you'll do more harm than good. I have to agree: my thought on this was that hard cases make bad law. The thing that comes to mind from my experience would be the request to enable ssh -c none (which turns off crypto, giving better speed in exchange for exposing private key material to the net, and only meant for testing). Some people were _very_ keen on this idea indeed. The related bug (#13389) doesn't really give the full impression. Of course times are quite different, and it would be a very brave person who would now try to unilaterally join debian-ssh and upload a patched package, but I imagine there are other security sensitive packages being quietly and carefully maintained by someone that doesn't realise that they're giving a public impression of inactivity. > In line with some other recent comments (I think on this list, I lose track), > I think if the TC were a bit more aggressive about requiring people with > issues they want the TC to address to put them in neutral technical terms > (the U.S. legal parallel would be roughly case dismissed for failure to make > a > justiciable claim [1]) before they will consider them, the existing process > could work in a less painful way. Until now I've tended to be irritated by the way courts do that, but suddenly I have more of an understanding of why they do ;-) Having someone that is familiar with court processes on the TC might help. I don't know if any of the current batch have a legal background. I wonder how long it would be before people start acting as advocates to guide others though our increasingly arcane rules -- that might actually work quite well though. Perhaps we'd have a better process if someone not involved in the dispute acted as champion for each party, so that even timid folk could be confident that the person they were dealing with was on their side. > It would also help if third parties kept their rants to a minimum. I'm not sure what sanction we could enforce for contempt of TC ;-) Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Replace the TC power to depose maintainers
Ian Jackson <ijack...@chiark.greenend.org.uk> writes: > I still don't understand why the TC is so crushingly slow to conter > maintainer power in Debian. As I say in my other emails, a result of > the TC's inaction, maintainer power in Debian is nearly unassailable. I wonder which column on your tally sheet you will put this outcome. In this particular instance, at least a week of the time spent on this mess was devoted to dealing with you -- don't do anything like that again. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Replace the TC power to depose maintainers
Tollef Fog Heen <tfh...@err.no> writes: > ]] Philip Hands > >> Tollef Fog Heen <tfh...@err.no> writes: >> >> > ]] Ian Jackson >> > >> >> That is 6+ weeks' more stop-energy. 6+ weeks' more inaction. 6+ >> >> weeks during which members of the TC have been prevaricating. >> > >> > What are you accusing the TC of lying about? >> >> I think that British English has drifted into using that as a synonym >> for procrastinate while American English seems to have stuck to its >> earlier meaning (judging by the online dictionary entries I see). > > That doesn't match the reading of the Cambridge dictionary: > http://dictionary.cambridge.org/dictionary/english/prevaricate > > prevaricate > verb [ I ] UK /prɪˈvær.ɪ.keɪt/ US /prɪˈver.ə.keɪt/ formal > > to avoid telling the truth or saying exactly what you think: > > Or the Oxford dictionary, > https://en.oxforddictionaries.com/definition/prevaricate: > > prevaricate > VERB > > [NO OBJECT] > Speak or act in an evasive way: > >> I certainly didn't (and still wouldn't) assume that Ian was accusing >> anyone of lying here. > > Given his later apology, I'd assume so as well, but as a native speaker > of English, Ian should really know better than using the term in the > first place. Jolly interesting. It looks like I'll have to add the misuse of that to my list of pedantic pet hates, which is currently topped by 'epicentre' and 'decimate' ;-) Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Replace the TC power to depose maintainers
Tollef Fog Heen <tfh...@err.no> writes: > ]] Ian Jackson > >> That is 6+ weeks' more stop-energy. 6+ weeks' more inaction. 6+ >> weeks during which members of the TC have been prevaricating. > > What are you accusing the TC of lying about? I think that British English has drifted into using that as a synonym for procrastinate while American English seems to have stuck to its earlier meaning (judging by the online dictionary entries I see). I certainly didn't (and still wouldn't) assume that Ian was accusing anyone of lying here. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Replace the TC power to depose maintainers
Ian Jackson <ijack...@chiark.greenend.org.uk> writes: > Ian Jackson writes ("Re: Replace the TC power to depose maintainers"): >> I still don't understand why the TC is so crushingly slow to conter >> maintainer power in Debian. As I say in my other emails, a result of >> the TC's inaction, maintainer power in Debian is nearly unassailable. > > Didier, and Phil, now you're in this conversation: can you explain > this to me ? I just replied to another of your mails -- in a mail started fairly soon after you mail, and only just finished because my wife is in bed with a temperature, both kids are coughing and spluttering, and I too have a cold, so time's been a bit short today. Hopefully my reply doesn't seem too much out of sequence -- I've not been attempting to follow subsequent discussion until I got it sent. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Replace the TC power to depose maintainers
Ian Jackson <ijack...@chiark.greenend.org.uk> writes: > Philip Hands writes ("Re: Replace the TC power to depose maintainers"): >> this NOOP, > > I'm very surprised to see you say that you think this is a no-op. > > ISTM that in the current argument, the TC has given the position of > the existing maintainer great weight. > > Imagine the roles were replaced. Imagine the actual petitioners (P > and W, for the same of argument) were the current maintainers, and the > actual current maintainer (R) were a petitioner saying "please make me > the maintainer". Would the TC would spend months debating before > dismissing such a manifestly unfounded petition ? Ah, that's what you mean -- that's not what your GR said though, as far as I could tell. The way I read it is that we should not give special status to the arguments presented based on the maintainer status of the person putting forward those arguments. You now appear to be saying that we should not consider maintainership to be in any sense sticky, and should instead assume that the package is orphaned when it's presented to the TC, and assign the maintainership as if we're blind to its history at the end of the process. Those seem like barely related positions, and the latter is nothing to do with what you wrote in the draft GR. > As I've said I genuinely find the TC's behaviour incomprehensible. > But this is not limited to this TC; all previous TCs have had similar > issues (from my point of view). As I say the TC members are all smart > and good people so I don't think the problem can be changed by a > change of personell. I definitely don't want you to resign. > > Can you explain why the TC is so reluctant to depose or overrule > maintainers ? I have been pondering this since you raised it. There is research to show that groups of people tend to express opinions as a group that are more extreme than the centre of gravity of the opinions of the individuals. It seems it happens because people tend to assume that the centre of opinion is further along whatever spectrum one is talking about than they are personally, and so adjust their expressed opinions to match, and thus everyone's perception of the centre drifts further in that direction. I wonder if the TC does this in the dimension of something like reasonableness, patience, politeness, conciliation, or some such I suspect that if I'd been acting alone in a situation where I was only answerable to myself that cases would have been dealt with in one exchange of mails. ;-) I'm not sure how one might fix that, but it's not going to be by adding extra rules and metrics that one is expected to measure one's performance against. That would just add another thing to think about instead of acting. Add to that the fact that the individuals involved all tend to be sporadically busy and the discussion ends up running at the pace of the person that can give it the least time, which also militates against decisive action. Even if the obvious action is to replace the maintainer, that would always do more good if done instantly than after a pause of months, but that's pretty-much impossible to achieve via a group of busy volunteers. Once months have gone by, the situation normally becomes less clear-cut, because one has already lost the benefit of a snap decision. I don't think any of that is particularly unique to the TC, and would equally apply to anything that you might be tempted to replace it with (unless the replacement were a single individual, or an algorithm). Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Replace the TC power to depose maintainers
Ian Jackson <ijack...@chiark.greenend.org.uk> writes: > Holger Levsen writes ("Re: Replace the TC power to depose maintainers"): >> On Fri, Dec 02, 2016 at 03:42:58PM +, Ian Jackson wrote: >> > DRAFT GENERAL RESOLUTION STARTS >> > >> > OPTION A >> >> = "keep the status quo" > > AIUI, no. > > Empirically, practice by the TC is to almost always uphold the > maintainer, and never to depose them. > > At least one TC member has told me that if this GR text passed, they > would resign from the TC, because it would amount to a declaration of > lack of confidence in the TC. For the avoidance of doubt, that was me, here: https://lists.debian.org/debian-ctte/2016/12/msg00012.html The point being that if the project decided not only to go to the effort of having a vote, but to actually vote in favour of this NOOP, it would very strongly imply that the TC had lost the trust of the project. (You don't send a duplicate copy of someone's contract of employment, with some added micro-management clauses, to someone that's doing a good job). We cannot perform our function without the project's trust, so of course I'd resign if that happened -- not that I consider that likely, but then again this is 2016 ... anything might happen. ;-) Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: another bulk order of kilts for debconf17? Was: New Debian kilts
Anibal Monsalve Salazar <ani...@debian.org> writes: > On Fri, Sep 2, 2016 at 7:26 AM, Philip Hands <p...@hands.com> wrote: > > For those who don't know the origins and the meaning of the Debian > tartan, which was registered by Phil, read the registration notes at: > > https://www.tartanregister.gov.uk/tartandetails.aspx?ref=5936 There's also this page on the wiki that I set up a while ago: https://wiki.debian.org/Tartan I guess a sub-page of that might be useful for tracking ideas about how to get another order together. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: another bulk order of kilts for debconf17? Was: New Debian kilts
Steve McIntyre <st...@einval.com> writes: > On Sun, Aug 28, 2016 at 04:27:11PM -0400, Yaroslav Halchenko wrote: >>> On Sun, Sep 30, 2012 at 04:53:47PM +0100, Wolodja Wentland wrote: >>> > I went to their store and asked and they quoted additional costs of >>> > £700 for a *single* made-to-order kilt. >> >>> Ouch! From what I remember when I got my kilt, 700£ is really really >>> pricey. I know that North-America is probably on the wrong side of the >>> world for most of the people interested in ordering, but I recommend >>> Burnett & Struth's[0] as a kilt maker. They're located just north of >>> Toronto, Canada. They made my personal kilt (combination of machine and >>> hand sewing) out of a very uncommon tartan (I think it had to be custom >>> woven since nobody kept it in stock) for about 650–700 CAD (~410–440£), >>> tax included. The fabric was heavy weight (16oz I think) at that. On a >>> side note, they also made my band kilt, which is 25 years old and still >>> looks great apart from wear on the leather buckle straps (easily worn >>> 10-15 times a year). >> >>Given that next debconf is in Montreal, may be it would be sensible to >>see placing an order for a few quilts with Burnett & Struth's ? > > Could do, maybe. I was also up in Edinburgh a couple of weekends back > with Andy, and we spoke to one of the companies up there too. He's got > the details and I'll let him post more info... :-) Cool. Just before DC16 I got in touch with Lorna, from Geoffrey (Tailor), who are the people that have made all the tartan to date -- they have sold off their weaving operation and now outsource to people in (IIRC) the Hebrides, who's looms are twice as wide, which would apparently result in the other half of the cloth being upside-down (or perhaps right-to-left) once made into a kilt. It sounded like they should be able to sort something out anyway, and were still looking into options, and seemed willing to underwrite part of the order if we were to do a full length (which is rather a lot). We're in no way tied to using them, of course, but they've done a decent job in the past, so should certainly be at least considered. On the other hand, if someone else can make then for much less at similar quality (which wouldn't surprise me -- there's bound to be a premium associated with getting it done in Edinburgh) then people might well prefer that option. I guess it's up to the people subscribing to the order. The fact that the pound has fallen since the "brexit" result might make Edinburgh prices rather more affordable for some ;-) One suggestion that has been made in the past (and supported by Neil when he was DPL, but I failed to get anything sorted out about it) was to do matched funding from Debian funds for any such order, to make sure that there was a decent amount of stock left over, such that people could then buy cloth without having to get over the hurdle of starting another weaving run. Of course, if that were to be done, we will need someone to look after the cloth that remains in stock until it is sold. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: academic alliances or the like
Morten Bo Nielsen <m...@eal.dk> writes: > On 2016-04-06 17:09, Paul Wise wrote: >> On Wed, Apr 6, 2016 at 8:17 PM, Morten Bo Nielsen wrote: >> >>> I am searching for a way to cooperate with the Debian project. >> ... >>> Have there ever been thoughts on doing a Debian "academic alliance" >>> style partnerships? >> I don't recall any discussion around these themes. >> >>> My wish list >>> 1) a contact person that could help me find relevant local/regional >>> companies that use Debian >> We have a list of companies using Debian on the website: >> >> https://www.debian.org/users/#com >> >> There are also some companies and individuals doing Debian consulting: >> >> https://www.debian.org/consultants/ >> >>> 2) course material that makes it easy for me to teach linux from a >>> Debian point of view >> We don't really have teaching material AFAIK, but perhaps some of our >> user and developer documentation is useful to you: >> >> https://www.debian.org/doc/ >> >>> 3) some organizational structure where my students can contribute on >>> their level >> There are lots of opportunities for students and other newcomers to >> contribute in various ways depending on their skill set. Probably the >> most relevant here are the Outreachy and Google Summer of Code >> internship programs. In addition, the how-can-i-help package can point >> out issues that might be suitable for newcomers to tackle as well as >> issues relating to the system it is installed on. >> >> https://www.debian.org/intro/help >> https://wiki.debian.org/gsoc >> https://wiki.debian.org/Outreachy >> https://wiki.debian.org/how-can-i-help >> http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=newcomer >> > > > Thanks for all the feedback. > > I will spend some time going through your suggested links and other > Debian related resources. There is a lot, and maybe it will not be hard > work to compile and gift wrap a "Linux from scratch using Debian" > course. Not Debian specific, but perhaps also of interest: http://performance.linaro.org/ they're hoping to get Universities involved: http://performance.linaro.org/start/#universities Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: "Do you want to mount the drive, 'cancel' or 'allow'?"
Ian Jackson <ijack...@chiark.greenend.org.uk> writes: > Marcin Wolcendorf writes (""Do you want to mount the drive, 'cancel' or > 'allow'?""): >> Now, I know, Mr. P [rude rant snipped] > > This is not really polite or helpful. > >> So - so long, Debian, sad to see you go down that way. > > And it's not accurate, either. You can run jessie perfectly fine > without systemd (and without policykit getting in the way of mounting > SD cards or whatever). I'm doing that on my own netbook and > everything works fine for me. I use mount(8)'s user mount support; > there may be other options. There's also udiskctl from the udisks2 package, if you want to do stuff pretty-much by hand, while playing nicely with policykit (well, it lets me (un)mount things as a normal user from the command-line in an xmonad session with no Gnome in sight) > While my init systems diversity GR was defeated, the vote showed that > 30% of the voting DDs felt that viability of Debian-without-systemd > was important. That's plenty of effort to keep our options open. > > If you don't like systemd or policykit, why are you running them ? My reading of Marcin's mail suggested that he'd avoided installing systemd, given the bit about: >> ... lack of systemd ... which made me think that the rudeness about the people associated with systemd was simply irrelevant. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: What it means to be Debian
Ian Jackson ijack...@chiark.greenend.org.uk writes: Dominik George writes (Re: What it means to be Debian): I strongly support that. I also do *not* think that everyone who uses non-free services or the like should leave Debian or is neitrely bad for the community. Mostly, I *personally* do not find those people authentic enough to uphold any such community standard. It's somewhat like donating to a species conservation organisation, taking the money from a purse made of crocodile skin. It's quite impossible to take it seriously. I find it difficult to express my disagreement with the your views, and your attitude, with the respect that is due to a fellow contributor. But I will try. Likewise. The thing that really stands out to me is the rudeness to a newcomer, combined with a total lack of sympathy for the possibility that other people's choices might be rather different from one's own. For instance, one might find Google a little less objectionable if the local alternative is going to force you to deal with endemic corruption: http://www.ipaidabribe.com/reports/paid/wanted-internet-connection-line-man-demanded-bribe#gsc.tab=0 A free-of-charge, out-of-country provider might well be the most ethical choice available. Alternatively, local the power/bandwidth/servers available at the local university might simply be unreliable, in which case using Google as a stable stepping-stone to get to the world makes perfect sense on purely technical grounds. If the only contribution one is able to make at any particular moment is to be rude enough to potentially drive away the target of you bile, as well perhaps as those looking on from the sidelines, then perhaps it's time to step away from the keyboard and get a breath of fresh air instead. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Doubt.
mudongliang mudonglianga...@hotmail.com writes: On Thu, 2015-04-16 at 00:01 +0200, Cyril Brulebois wrote: (It looks like keeping Daniel in the loop would have been a nice idea, cc-ing accordingly.) Hi, Jonathan Dowland j...@debian.org (2015-04-15): On Wed, Apr 15, 2015 at 11:08:04AM -0300, Daniel Lucena wrote: I would like know if between download images of Debian 8 (after became stable) the Mate Desktop Environment will be available or i need install Debian NetInstall and after install Mate packages with aptitude? This type of question is best asked on the debian-user mailing list. Yes, MATE is going to be part of jessie (Debian 8). If you use the netinstall CD images, you will need to install MATE via apt (or aptitude) after install: it is not included on the netinst CD image. That's incorrect. If you enable a network mirror (which is the default if you have some working networking), tasksel will ask you which desktop environment(s) you want to install. The ones tasksel knows about are: - GNOME - Xfce - KDE - Cinnamon - MATE - LXDE For the tasksel you said , I think it is only a tool. It will depend your choose to download package and install it!So there is no much difference with hand-apt-install! mudongliang Tasksel is run automatically as part of the install process. There is no real distinction to the way that MATE is treated when compared with Gnome or Xfce, say. Choosing any of them is likely to result in hundreds of packages being installed. Those packages need to be obtained somehow, so if one is using the netinst image they'll be downloaded no matter which desktop is chosen. If one is using a DVD, then all those packages are liable to be available on DVD #1, regardless of the desktop chosen. The only time one is going to see any significant difference is if one uses the CD images, and chooses to only use a fraction of the set, at which point one might find that Gnome is available from CD while the other desktops still need to be downloaded, but if you're wanting MATE then you will not do that. As you suggest, it is also possible to run tasksel later, on the installed system, in which case it does just provide an alternative approach to installing the same packages with one's normal package manager. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: NCR unix system v/386 release 4 recover root password
Andrew M.A. Cater amaca...@galactic.demon.co.uk writes: On Sat, Mar 21, 2015 at 04:26:42PM +0300, Mohammed El-Saadani wrote: Dear All we have NCR 3455 system from long time as attached all information for server (images) , so we need your help to assist us to get root password which lost it , really we appreciate your efforts if you can send us the procedure for resting the administrator (root) password which this server handle data base application writing in COBOL language Actually i try to mount the HD to Centos 5.6 but it cant recognize the UNIX file system type (GNU HURD or SysV) , so I cant reach to *passwd* file to edit it to reset password . for that reason i send you this e-mail and i hope if you can gently guide me with simple procedure how i can mount the file system (GNU HURD or SysV) on Linux system or which OS UNIX / Linux even Live CD could help me to recognize this type of file system really I need solve this issue because need to add network printer to this server but I don't have privilege for that till get root password . *Note:* *we have SCSI to USB converter which we can connect the HD extrnaly to my laptop * P?riph?rique Amorce D?but Fin Blocks Id Syst?me /dev/hdb4*1 5234194157+ 63*GNU HURD or SysV* your fast response and concerns highly appreciated [image: Displaying] Best regards, M.Saad mount -t sysv /dev/hdb4 /mnt for example. sysv appears not to have any special options. man mount may help. Note thre is absolutely no guarantee of anything at all working :( If that does not work for whatever reason, you could just point a hex editor at the device[1], search for root: until you find the passwd or shadow file, and change the line for root to not have a password. Of course, that is likely to leave you with spare characters on that line, which can be dealt with by inserting a newline, and a bogus user to eat the spare data. So: r o o t : r b 9 t i 8 R U M y g l I : 0 : 9 9 9 9 9 : 0 : : :\n b i n ... becomes something like r o o t : : 0 : 9 9 9 9 9 : 0 : : :\n w x y z : * : : : : : :\n b i n ... HTH If that all sounds too confusing, you just need to find someone to whom it makes sense, and get them to do it for you. Not understanding what you are trying to do will most probably result in permanent data loss. Cheers, Phil. [1] e.g. tweak -- https://packages.debian.org/squeeze/tweak -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: CD Images
Dave Turner d...@turneris.com writes: Hello, Looks like al the links to CD/DVD images on your main site are broken, due to cdimage.debian.org not resolving. Its fine now from where I am. If you still see it as down, it's a problem local to you. I suggest checking via something like: http://isup.me/cdimage.debian.org Cheers, Phil. P.S. I can never remember the sites that do that, but as a user of duckduckgo.com, I do remember that one can search for things like: !down cdimage.debian.org (or !isitup, !isup, etc. -- search for !bang to see the vast list) -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Why are in-person meetings required for the debian keyring?
Nikolaus Rath nikol...@rath.org writes: ... Following that argument, I think a key should be signed and included in the Debian keyring if it (the key) has a history of high quality contributions. Meeting the keyholder in person to look at his passport doesn't seem to add anything of particular value here. Why would I care under what name he has been contributing? Am I missing something? The thing it's trying to add is some assurance that, if it were necessary to eject someone from the project for whatever reason, that it is at least moderately hard for them to sneak back in under a different name. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Why are in-person meetings required for the debian keyring?
Russell Stuart russell-deb...@stuart.id.au writes: On Wed, 2015-02-11 at 11:17 -0800, Nikolaus Rath wrote: I'm a little confused about the need to meet in-person to get a signature that's acceptable for the Debian keyring. I believe that Debian packages are signed on upload to ensure that they have been prepared by a Debian Developer, because Debian Developers are assumed to be trustworthy. However, it seems to me that meeting someone in person isn't actually verifying the relevant identity here. My trust in a Debian developer is not based on him holding a particular legal name, it is in his history of contributions. I agree. The problem is in the details. How do you prove all those contributions came from that key? Really the only way to prove it is to have that long history signed by the key that wants to become a DD. The issue is very few people sign all their interactions with Debian - certainly not in the beginning. Worse, there are people (and some current DD's) who strongly objected on this list to doing it. But yes, if it were available I agree it's far more secure than the procedures we have now, and I'd like to see Debian's procedure changed to treat such history with at least equal weight to getting your key signed by a DD. The reason is that history is a proof of work. It's a well known and remarkably strong way of authenticating something. Currently the best known deployment of it in is Bitcoin which uses it as the foundation for block chain security. The weakness of the current method is shown by one of the responses given here: On Wed, 2015-02-11 at 20:36 +, Philip Hands wrote: The thing it's trying to add is some assurance that, if it were necessary to eject someone from the project for whatever reason, that it is at least moderately hard for them to sneak back in under a different name. If it is indeed trying to do that, it fails miserably. A DD signing a key doesn't imply he is saying he is worthy of (re)inclusion into Debian, so nobody uses it as a criterion. If some random noob comes up to DD with a valid credentials and asks them to sign their key, its highly likely they will. At major conferences this happens en-mass at key signing parties(!) You've managed to spectacularly miss my point. If one insists on face-to-face meetings, there is a moderate chance that someone is going to notice that the same person is attempting to create a new persona in order to gain a reentry that we'd refuse if they presented themselves as the persona which was ejected. It's certainly not foolproof, but it's considerably better than simply allowing people to run multiple personae in parallel from their underground bunker. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Announcing a Debian Hamradio Blend
Mark Brown broo...@debian.org writes: On Thu, Dec 11, 2014 at 01:39:29PM +0100, Iain R. Learmonth wrote: [Forwarding to d-d-a on behalf of Iain since he can not sign as DD] In Debian GNU/linux they NEVER discussed to port other packages, infact in different situations i discuss this on debian-hamradio and on #fsf where they said that there was not any necessity to port the packages, and that is left to the user the freedom, to take the packages in source code, from third parties, to build it, and to use it. The content here seems inappropriate for debian-devel-announce, it looks like there is some disagreement about ham radio packaging which this is part of but it looks like a message in that discussion rather than an announcement which might be relevant or of interest to all developers. Please try to keep debian-devel-announce topical. Andreas obviously got confused and picked a reply to the announcement that he was supposed to be forwarding, rather than the announcement itself: https://lists.debian.org/debian-devel/2014/12/msg00063.html Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY pgpbtW6AEJpWL.pgp Description: PGP signature
Re: GR proposal, Call for Seconds - term limit for the tech-ctte
Tollef Fog Heen tfh...@err.no writes: ]] Stefano Zacchiroli I'm hereby formally submitting the GR proposal included below between dashed double lines, and calling for seconds. With respect to past discussions on the -vote mailing list, this is the proposal code-named 2-S; see [1,2] for (the last known versions of) alternative proposals. I like the term limit concept. I'm wondering if we should have a wider proposal in which we just make the CTTE an elected body. I'm not sure it's a good idea, but I'm also not sure if it's been discussed at all (only having followed some of the -vote discussions around this from the web archives). Wouldn't it have been great if the various factions around the systemd issue had got the idea early on to try to stuff the committee with their respective friends before the decision. Personally I think there's more than enough voting going on as it is, and adding reasons to have more regular votes will just promote the idea (that is already rather hard to dissuade people of) that all one needs to do is vote for a thing, and somehow it will magically do itself. It does not strike me as obvious that popularity correlates to competence. Also, it would not be helpful if members of the committee were tempted to take the popular side of an argument, against their better judgement, because they were coming to the end of their term, and they would like to be reelected. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY pgpG3CyzV22Ne.pgp Description: PGP signature
Re: Can I still depend on Debian?
Rhy Thornton r...@scesd.k12.or.us writes: ... More concerning than that is that systemd won't be producing human readable log files. ... (to be fair, I haven't really looked into it yet. I'm busy with real work). I wonder why you feel qualified to comment. :-/ I've only played briefly with systemd, and even I know that one still gets text logs in the default Debian configuration. Once I'm comfortable enough to start putting systemd on servers, I don't expect to be keeping syslog logs around though -- journalctl is clearly more useful. The way that vital information gets scattered around various files has always been a bit of a pain with *syslog. If you spend all day reading logs I'd imagine you'll be able to save yourself some time with journalctl -- you should try spinning up a VM with systemd and have play -- you might find you like it. Also, I'd suggest that you take rumours of the sky falling with a pinch of salt. Even if systemd is discovered to be the worst thing since the black death, it's going to be possible to avoid it in Jessie, and we have LTS now, so you've got many years to think about it, which will also be plenty of time to change direction, if that were to be necessary. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY pgpvdIZ37xw5l.pgp Description: PGP signature
Re: Being part of a community and behaving
Ian Jackson ijack...@chiark.greenend.org.uk writes: Russ Allbery writes (Re: Being part of a community and behaving): We waited two years, during which positions hardened, people got angrier and angrier, and there were increasing demands to force the issue. Serious question: how much longer were we realistically going to wait with zero sign of forward progress? The correct reaction to people not adopting your software is to make your software better, not to conduct an aggressive marketing campaign aimed at persuading upstreams to built it in as a dependency, nor to overrun distro mailing lists with advocacy messages. Has anyone seen the Bursar's dried frog pills? He seems to be having another of his turns. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY pgpColHusT943.pgp Description: PGP signature
Re: Update to reimbursement procedure (now: max 3 months after expense)
Philipp Hug deb...@hug.cx writes: On Mon, Oct 6, 2014 at 10:04 PM, Russ Allbery r...@debian.org wrote: Given the nature of Debian, I suspect that our travel reimbursements generally end up falling into one of the untaxed gift buckets of money, at least in the US, so the same reasons wouldn't apply. Usually you want to book expenses in the year they happen to make it easier to compare between different years and there might also be legal/tax reasons to do that. Reporting an expense from january in december is usually not a big issue, but if you do this in the next year after the books have been finalized, the expense will be booked in the wrong year. And how much difference is that liable to make to a tax exempt organisation? This seems like a solution to a problem that does not exist. I can imagine someone that really needs the money might well find that they have to work rather hard after taking time off work for Debian. If being busy results in them missing the deadline, this change will punish then for their generosity, which if they have any sense will result in them not wanting to do that sort of thing again. I don't really see the benefit that is supposed to come from this change. Does it take less time to deal with an expense request submitted after 2 months than one submitted after 6? Is it going to upset the profit statement we have to file with the SEC? ;-) Cheers, Phil. P.S. I don't think I've submitted any expenses to Debian, but if I needed to I'd be quite likely to miss a 3 month deadline because my paperwork tends to follow a quarterly cycle driven by UK VAT submissions, and I could easily imagine being too busy to do the Debian paperwork at the first chance, which could mean that I'd only get to it after 6 or 9 months. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY pgp0NexjFx3xq.pgp Description: PGP signature
Re: CoC / procedural abuse
Norbert Preining prein...@logic.at writes: On Mon, 08 Sep 2014, Don Armstrong wrote: Let's be frank: GR is such a heavyweight process, that it's impractical for overriding small decisions like this one. This is by design; the people who make decisions in Debian are the people who do the work. Wow, so you are telling me that I am not doing work? He is saying nothing of the sort. He is saying that the people that do the work (in this case, the work of managing the lists) are the people that make the decisions about that particular segment of Debian. Any other arangement would be so cumbersome as to ensure that the people doing the work would soon give up in frustration and then nobody would be doing that work. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY pgpWsWPHjRF1G.pgp Description: PGP signature
Re: Maximum term for tech ctte members
Ian Jackson ijack...@chiark.greenend.org.uk writes: Russ Allbery writes (Re: Maximum term for tech ctte members): I'm not sure there's any need to say something about this, unless there's a perception that the TC's process for selecting new members is somehow broken. If we introduce a constitutional term limit, the balance of power between the DPL and the TC is radically altered: At the moment, if the DPL says I will only approve Alice, the TC can simply say well we won't appoint anyone then. With term limits, the DPL can say that and eventually get their way. Perhaps, though, this is an improvement. After all if the DPL has such a struggle with the TC and the Developers reelect the DPL, the Developers should get their way. Why does this remind me of USA Presidents, and their attempts to stuff the supreme court with friendly judges? Which then leads me to expect people trying to game the system by delaying a referral to the TC to await the departure of someone thought to be unsympathetic to their cause -- I hope we never get there ... there's enough inertia in Debian as it is ;-) I also wonder what is to be done about someone coming to the end of their term during the middle of an ongoing discussion. How well do you (Ian) think you'd have coped if you knew that the recent decisions had to come to a vote by a particular date, otherwise you'd lose your vote? I doubt that would have made things better. Perhaps one could say that anyone on the TC at the start of a discussion gets to stay for the duration (if they want to, perhaps), but what about a series of votes as we saw recently? I suppose what constitutes the same discussion could be a decision for the committee, or perhaps the chair, but that might well just end up being another thing to argue about if the issue is already contentious. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://ftp.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgprmqL4HgOwG.pgp Description: PGP signature
Re: a SIP or XMPP service for debian.org
Daniel Pocock dan...@pocock.com.au writes: On 22/12/13 10:52, Martin Zobel-Helas wrote: Hi, On Sun Dec 22, 2013 at 10:44:08 +0100, Daniel Pocock wrote: I've started a wiki on this topic, it provides a detailed plan from start to finish: https://wiki.debian.org/UnifiedCommunications/DebianDevelopers As one of the leading free software projects and given Debian's particularly outspoken attitude that we do not rely on third party free services there are compelling reasons to try and finally implement this entirely using our own packages and infrastructure. * do people generally agree with it? * would the DSA team be willing to provide and support the underlying infrastructure for this or have it on any existing servers? zobel@kvasir ~ % ldapsearch -LLL -x -H ldap://db.debian.org -b ou=hosts,dc=debian,dc=org '(host=cilea)' purpose dn: host=cilea,ou=hosts,dc=debian,dc=org purpose: voip.debian.{net,org} zobel@kvasir ~ % For more details, please contact Phil Hands. I've had some ongoing discussions with Phil but ultimately, like SMTP for debian.org, these things would need to be formally accepted by DSA at some point. I think I've become something of a blocker on this I'm afraid, as I decided to settle on Freeswitch, which is a fine bit of software in many ways, but is also pretty close to unpackagable for Debian because of their tendency to shovel any library they notice into their code tree. That being the case, I've repeatedly beaten my head against the brick wall of Freeswitch packaging, rather than getting something deployed that people can use -- sorry about that -- it seemed like a good idea at the time. That being the case, taking a different tack, and deploying a more federated setup, as Daniel suggests, seems very worthwhile, and means that the users would be isolated from whatever PBX we end up using, which would make it easier to chop and change between Asterix, Freeswitch, or whatever for bridging via SIP providers to the POTS. One thing that I think we should aim for is the ability to offer sub-accounts, so that our users can offer their friends and relatives VoIP accounts, so that DDs (etc.) get to do video conferencing with their relatives using Free Software, rather than being forced to use facetime/skype or nothing. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://ftp.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpE6wf9JKIeO.pgp Description: PGP signature
Re: Should mailing list bans be published?
Hi Steve, Thanks for starting this thread. Steve Langasek vor...@debian.org writes: On Sun, Oct 27, 2013 at 10:33:42PM +0100, Florian Weimer wrote: * Joey Hess: Simply obfuscating the name on the list of banned users (or not posting any names at all, only links to the posts that led to the ban) would eliminate most reputational damage. Ie, random searches for that person would not turn up a high pagerank debian.org page listing their youthful indiscretions. Using eg J. Hess would probably be fine in most cases. I recommend to use a web page, and not announce bans on public mailing lists because such announcements invite subsequent discussion, likely decloaking the banned poster. Reducing subsequent discussion is inseparable from reducing both oversight and the closure given to other list participants. I don't consider posting such content on a web page to suitably address the concerns. I think it would be fair enough to have a fully public (but not very well linked) web page that lists mails that were considered sufficient to provoke a ban, and the duration and conditions of each ban. I do not think such a page is liable to violate any rights because it would not list names, and it would not end up being top hit for the abuser's name in later years -- the mails they sent that provoked the ban might well end up being their top hit, but that would be without the help of the Last straw page. The page could perhaps also be a place to collect resources that might encourage people to express themselves more constructively, and so could be referred to by the listmasters when issuing a first warning. To address the need for oversight/closure, would you consider a simultaneous post to debian-private sufficient? I don't think it's enough without the public list, but the combination allows future abusers to be refereed to the list as an indication that they might want to moderate their behaviour because we do actually ban people The post to debian-private does fail to provide closure for non DDs but otherwise does the job, and I would think that the readership of debian-private is diverse enough that the spectrum of opinion should be wide enough to ensure good oversight. Also, if we're going to make these changes, I think we should publicise them very widely, possibly going as far as a mail sent to every mailing list where the policy is going to be implemented, and then any bans that are then published in this way should be justifiable by reference only to mails sent after that announcement -- it would not be fair to spring this on a troll for sins committed before the announcement. Cheers, Phil. P.S. in case it's not obvious, I fully support publication, as long as we can do it without putting a blight on the futures of people that might now be committing childhood sins, and also without getting our listmasters sued. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://ftp.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgp9dkiFoUIl8.pgp Description: PGP signature
Re: Possibly moving Debian services to a CDN
Tollef Fog Heen tfh...@err.no writes: ... Nobody has suggested removing the mirror network. What's being discussed is using a CDN for some .d.o services. That was certainly not clear from your original post. I certainly read you as suggesting that some services could be moved to third-party CDN(s), with an eye to moving ftp.debian.org there to, with the implication that the mirror network would then become mostly redundant. I would suggest that that's the scenario that is causing people to argue against you, so if that's not what you were suggesting, perhaps you should try to express your plans again to get the discussion closer to what you think you were suggesting. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://ftp.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpNV9vbU3taC.pgp Description: PGP signature
Re: KickStarter for Debian packages - crowdfunding/donations for development
Manu Sporny mspo...@digitalbazaar.com writes: ... With respect to Debian-packaged software, if we address both issues, the benefit is that more resources can be directed toward Free Software development. That is an assumption that I happen to think is completely unfounded. IBM tested various ways of incentivising coders decades ago -- almost all of them were disastrously counter-productive. We tried DuncTank -- I'd contend that the net amount of productive work done was reduced by that initiative, and some very active contributors were demotivated to the point that they went away and didn't come back. It is bound to direct money to highly visible projects, regardless of the effort required to package them, while people working on vital but largely invisible infrastructure will get nothing much -- how good is that going to be for the project? (when the Morlocks see the Eloi having all the fun, I fear that they may start to get hungry ;-) ). How do we determine a fair split between a couple of developers, one living in a penthouse in New York, and another living in a shanty town on a dollar a day. I presume we'd be open about what people were being paid? How about if we end up publishing that we've given someone what amounts to a fortune in their locale? I'm not against people being paid for Free Software work -- that's what pays my mortgage after all, and much of my income for the last 20 years has been at least peripherally related to Debian. I just don't like the idea of Debian being the conduit for the money. I think it's even problematic for Debian to act as the advertiser. If a developer and their customer negotiate a deal, nobody but the developer need worry if they think it's a fair deal, and nobody but the developer's reputation is at risk. Otherwise we'll start to see complaints like: I gave Debian $1000 and they don't even acknowledge my bug reports In conclusion, I think this is a very dangerous idea, and that it would cause nothing but trouble. The main underlying assumption is wrong. People work on Debian as amateurs, in the best sense of the word (i.e. motivated by the love of it, not for financial gain). An influx of mercenaries would not be a net gain. If it were needed or useful, Debian would not exist. If it was a really good idea then we'd all be using something like Mandrake instead. Cheers, Phil. P.S. in answer to: What do you think about the counter-argument to that statement posed by Martin Owens? http://lists.debian.org/debian-project/2013/06/msg00031.html The idea that it's currently impossible to fund Free Software is nonsense. See IBM, HP, Canonical, my customers, anyone that's ever said to a DD (or anyone else for that matter): I'll buy you a beer if you help me package this... Where payments to work on Debian make sense, removing friction is a good thing for all involved, but that should all be done (far) outside Debian. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpccuxZ0gsvc.pgp Description: PGP signature
Re: New Debian kilts
Wolodja Wentland deb...@babilen5.org writes: On Sun, Sep 30, 2012 at 17:00 +0100, Steve McIntyre wrote: Hmmm. I'd have thought they have some cloth still in stock, based on what they've said in the last year. I'd double-check that with them and Phil, maybe... Oh, please do. They wanted to clarify that but weren't actually sure. It might also be that they wanted to check with Phil before selling it to Some-Random-Guy™. I would happily buy it if there is still some left. I have told them repeatedly that we're completely happy for random people to buy it, but it seems they struggle with the idea -- which is a bit of a shame as the more the merrier as far as we're concerned. Hopefully continued demand will eventually convince them to keep stock without requiring up-front funding of the start-up costs of each batch. Anyway, last I heard they had stock (we ordered 80 yards, but for reasons known only to the weavers they wove 160 yards. I was under the impression that there was still quite a lot of the extra left over). I'll ask them what the current situation is, if that helps. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpEJIQqM7G4e.pgp Description: PGP signature
Re: Presentation of iso downloads - simpler like Fedora?
17K [ ] debian-live-6.0.4-amd64-standard.iso 29-Jan-2012 11:13 232M [TXT] debian-live-6.0.4-amd64-standard.iso.list 29-Jan-2012 11:13 18K [TXT] debian-live-6.0.4-amd64-standard.iso.log 29-Jan-2012 11:13 158K [ ] debian-live-6.0.4-amd64-standard.iso.packages 29-Jan-2012 11:12 5.8K [ ] debian-live-6.0.4-amd64-xfce-desktop.iso 29-Jan-2012 14:03 809M [TXT] debian-live-6.0.4-amd64-xfce-desktop.iso.list 29-Jan-2012 14:03 18K [TXT] debian-live-6.0.4-amd64-xfce-desktop.iso.log 29-Jan-2012 14:03 244K [ ] debian-live-6.0.4-amd64-xfce-desktop.iso.packages 29-Jan-2012 14:02 24K Woo! .iso images, we've won! Oh, wait, which one ... amd64-gnome-desktop.iso? shame there's no README to give a hint ... (there is a standard one, but that has no X so probably isn't what a newbie needs) Hmm, the ISO for the gnome variant is 1.1G -- that's not exactly useful for burning to a CD. How about XFCE? 809M -- still too big. So, after all that we've suckered people in with the cute front page, and then comprehensively wasted their time, particularly if they went to effort of downloading only to find that they've made a coaster by trying to put too big an image on their CD. I've heard the response that live.debian.net is actually supposed to be aimed at developers, so one shouldn't expect to find anything usable there for end users, which is fair enough, but in that case the front page should carry a prominent warning, and not have the cute icons. It would be really nice to have working live CDs, preferably linked to From the front page along with the install CDs, accessible in one or two clicks. I realise that one problem with that is the mechanical manner in which the ISOs produced by Debian Live just include the relevant tasks, and there's just too much stuff in that list to fit on a CD these days, which presumably means that someone needs to decide which packages to strip out to make them fit. Actually, in the case of the gnome CD, I see that it has the gnome package on it, which of course drags in a load of stuff, rather than just gnome-core and perhaps selected other packages. I'm not picking on gnome here BTW -- neither KDE nor XFCE fit either, so perhaps the problem is really that all the underlying X stuff is too big these days. Assuming that it's even possible to trim down the packages to fit on a CD, then perhaps a $DESKTOP-light or task-livecd-$DESKTOP package with a reduced set of dependencies from the default desktop package could be created, thus giving the Debian Live people a package to use for their CD images, and somewhere to report a bug when the resulting image creeps beyond the size of a CD. I can report this as a bug if that helps, but it seems to me that the debian-live folk need to have a chat with all the desktop packagers and come up with a solution between you (or declare it impossible, and put a warning on the live.debian.net front page that only DVD-sized images are available if you want to run a GUI) Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpAMRyakiOLz.pgp Description: PGP signature
Re: trademark policy draft
Francesco Poli invernom...@paranoici.org writes: ... [...] \item You cannot alter the DEBIAN trademarks in any way. [...] \item Any scaling must retain the original proportions of the logo. \item Logo should only use ``official'' logo colors. [...] These restrictions are currently violated by countless uses of Debian logos (above all) and of the Debian textual trademark (sometimes). Several such uses are done by the Debian Project itself, most notably in desktop themes shipped as official Debian themes (for instance the very nice default wheezy theme, named Joy [2]). [2] http://wiki.debian.org/DebianArt/Themes/Joy I think that these restrictions should be dropped entirely, since they seem to be incompatible with the basic Free Software principles. There are some things that one needs to do simply to maintain a trademark. I'm pretty sure that the bits you are objecting to are included in that set (although IANAL). If we don't do those things, we might as well not have a trademark, so if you're arguing for us to avoid doing those minimum things we might as well just discard the trademark now. The alternative would seem to be a lot of wasted time here, followed by a lot of wasted effort for the lawyers who are kind enough to give us their time, arriving at the eventual discovery that as a result of our own incompetence we don't have a defensible trademark anyway. Note that I'm not arguing that we _should_ have a trademark -- I'm with Lars in that I think it's somewhat distasteful for Debian to be dirtying our hands with this, but if that's the only way we can stop some bastard From distributing Official Debian CDs that turn out to be packed with back-doors and trojans, then we need to do the legal bits properly, and that involves following the legal advice we receive, rather than spouting unfounded drivel about what we might like the law to be. As it happens, we seem to have managed to survive without lawyers enforcing trademarks thus far, so perhaps it really is not the only way. That said, those granted the right to play with the trademark can presumably do so. We just need to grant that permission in the cases you seem concerned about. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpp1Uf5lTAqJ.pgp Description: PGP signature
Re: trademark policy draft
Luca BRUNO lu...@debian.org writes: Stefano Zacchiroli scrisse: \item You cannot use DEBIAN trademarks in a domain name, with or without commercial intent. So debian.mirror.my.org is illegal? I've been correct by Mako on this before. Short answer: hostname != domain name, so debian.mirror.my.org is perfectly fine. (No, I don't have a clear definition for domain name to offer, but it is intended here as the things that you register via a domain name registrar.) IMHO it is already clear as it is, opposing a plain domain name to a fully qualified domain name, but maybe you may prefer an explanatory parenthesis as in: \item You cannot use DEBIAN trademarks in a domain name (ie. a second-level domain or equivalent), with or without commercial intent. The trouble with trying to nail that definition down is that there are people who are foolish enough to buy domains of the form: debian.uk.com which is not a second-level domain in any sense, as it's a sub-domain of the normally registered uk.com. On the other hand, the sorts of people that are liable to be confused by Debian trademark abuse, are also going to be confused by the distinction between .uk.com and .co.uk Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpJirGvlMHOX.pgp Description: PGP signature
Re: Diversity statement for the Debian Project
On Thu, 12 Apr 2012 14:08:32 +0200, Gerfried Fuchs rho...@deb.at wrote: * Stefano Zacchiroli lea...@debian.org [2012-04-09 14:02:02 CEST]: On Fri, Mar 23, 2012 at 02:28:58PM +0100, Francesca Ciceri wrote: So, I wrote a draft - mainly based on the one [4] created for Ubuntu by Matt Zimmerman with the help of Mary Gardiner, Valerie Aurora and Benjamin Mako Hill - and I'd like to propose it to the DPL to be official published. But I'd also like to have some inputs from you all, on it. Dear all, here is a wrap-up (of the wrap-up (of the...)) that Francesca has just shared with me based on the last feedback on list. The Debian Project welcomes and encourages participation by everyone. It doesn't matter how you identify yourself or how others perceive you: we welcome you. We welcome contributions from everyone as long as they interact constructively with our community. While much of the work for our project is technical in nature, we value and encourage contributions from those with expertise in other areas, and welcome them into our community. Shouldn't there be a too added after in other areas, my first thought was we don't value contributions in the technical area? when reading this. It strikes me as unnecessary, but as you say, maybe that's because I think it's being implied (as a native speaker), and non-natives will perceive it differently. If it is deemed that the clarification is needed, then adding 'too' is not the way to do it -- instead we could go for: adding 'also' after 'we': ... technical in nature, we also value and encourage contributions ... or perhaps adding 'as well' where you were suggesting 'too': ... with expertise in other areas as well, ... I think I prefer the first. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpEa1InQ5eyR.pgp Description: PGP signature
Re: Diversity statement for the Debian Project
On Fri, 6 Apr 2012 00:03:50 +0200, Enrico Zini enr...@enricozini.org wrote: On Thu, Apr 05, 2012 at 10:32:21PM +0200, Francesca Ciceri wrote: The Debian Project welcomes and encourages participation by everyone. It doesn't matter how you define yourself or how others define you: we welcome you. We welcome contributions from everyone as long as they interact constructively with our community. While much of the work for our project is technical in nature, we value and encourage contributions to Debian from those with expertise in other areas and welcome such contributors in our community. I love how this is increasing in awesomeness as it is decreasing in size. Definitely. I feel like suggesting two minor patches, labor limae if anything: s/contributions to Debian/contributions/ s/expertise in other areas/expertise in other areas,/ s/welcome such contributors in our community/welcome them in our community/ which would give: While much of the work for our project is technical in nature, we value and encourage contributions from those with expertise in other areas, and welcome them in our community. Tiny nitpick: welcome ... in seems wrong to my native ear, but I'm not sure why. I would go for: welcome ... to Also, is the them supposed to be the contributions or the people making them? Probably both, but I think that unanswered question may be why I'm not able to come up with a better version of this, as well as the reason it doesn't seem quite right to me at present. If the answer to that is meant to be the people, then that could be made plain with: welcome ... into Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpvIRNgXYJ3q.pgp Description: PGP signature
Re: Diversity statement for the Debian Project
On Mon, 2 Apr 2012 13:09:40 +0900, Charles Plessy ple...@debian.org wrote: ... I think that this is important that, when considering joining Debian, contributors can be reassured that they will not be put a sticker on their head by others. This dicussion tends to the contrary. My point exactly. If we had fields for race, or caste, or social class in our LDAP it would say something very worrying about our project IMO. If people want to think of themselves in such terms, I suppose that's fair enough, as long as they don't impose their categorisations on others. Declaring such categorisations about oneself can be problematic though, since they tend to be divisive. If I were to say that I consider myself a particular class (being from the UK, there is a certain cultural attachment to the concept of class) then I would be implicitly also declaring my opinion that class has a useful objective existence, and that I thought it was important enough to mention, and that I probably use it to enable me to look down on people that I define as being from other classes. If I discovered a society, or association that declared that they didn't discriminate on grounds of social class, I'd assume that it was founded by somewhat enlightened aristocrats who were willing to admit their servants to the association ... as long as they behaved themselves, and kept their boots properly polished, and were not too uppity. Which probably tells you more about my class prejudices than anything else ;-) Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpP2uQuxCLzv.pgp Description: PGP signature
Re: Diversity statement for the Debian Project
On Sat, 31 Mar 2012 19:07:33 -0400, Kevin Mark kevin.m...@verizon.net wrote: If we say we accept people of all races or that we dont discriminate based on race, then we are not the ones who are going to discriminate, and this is a good thing and is welcoming. Well, except for the fact that by saying that one is reinforcing the notion that race means something useful, which it really doesn't. For instance, what race would Sandra Laing be, daugher of gernerations of white Afrikaners, with the misfortune to have been born with black skin under apartheid: http://www.guardian.co.uk/theguardian/2003/mar/17/features11.g2 The concept of race only seems to be useful to racists, and perhaps bean-counters who want to demonstrate their organisation's lack of racism by the racial diversity that they can get people to admit to on forms. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpWORFEF36N9.pgp Description: PGP signature
Re: Diversity statement for the Debian Project
On Thu, 29 Mar 2012 06:41:15 +0100, Ben Hutchings b...@decadent.org.uk wrote: On Thu, 2012-03-29 at 14:10 +1100, Ben Finney wrote: Francesca Ciceri madame...@debian.org writes: On Tue, Mar 27, 2012 at 08:42:28AM +1100, Ben Finney wrote: We should not commit to respecting opinions, but instead commit to respecting all people. How do you suggest to express it in the statement? That depends on the context of the statement; I'm in favour of making it rather minimal as some others in this thread have described. For distinguishing the respect for opinion versus respect for the people who hold them, perhaps this: We value healthy discussion and debate of all opinions, no matter who holds them. Ideas are always a valid target of criticism, and we welcome anyone who wants to respectfully join the discussion. I still think we need to specify that we don't discriminate on grounds of preferred bikeshed colour. We seem to be drifting into dangerous territory here. Should we not make explicit the fact that we are willing to discuss the colour of all sheds, even those used for the storage of pots? Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpr7q0IQm36B.pgp Description: PGP signature
Re: revenue sharing agreement with DuckDuckGo
On Tue, 27 Mar 2012 23:33:37 +0200, Stefano Zacchiroli lea...@debian.org wrote: ... As part of DDG open source policy, they want to give us a cut of what they make out of our traffic. It's not like Google should be entitled to tell us thou shalt not accept that money. No, I meant that they might be upset by being dropped from being the _default_ in favour of DDG -- never mind, I really doubt they care much. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpBaIikwZwy3.pgp Description: PGP signature
Re: revenue sharing agreement with DuckDuckGo
On Wed, 28 Mar 2012 00:06:46 +0200, Stefano Zacchiroli z...@debian.org wrote: On Tue, Mar 27, 2012 at 01:55:37PM -0400, Joey Hess wrote: DDG will earmark traffic originating for Debian, for browsers who want to do so, by using the search URL https://duckduckgo.com/?q={{search}}t=debian The privacy implications of this need to be considered. At least for Chromium there is no indication in the user agent that the user is using Debian. Thanks for pointing this out. Let's consider them then. Should this not be a debconf question, along the lines of popcon, but as a machine wide: Do you mind trading a little privacy to allow us to declare your use of Debian to search engines, and thus possibly benefit from revenue sharing arising from your searches? No idea if that should default to yes or no. It also might be better to make that less search specific. We could also have a debconf question for setting the default search engine across all browsers, which defaults to unset, and is low priority, so that people can preseed it, but the browser packagers get to make their own decisions if the value has not been set. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpqop5OykQC8.pgp Description: PGP signature
Re: revenue sharing agreement with DuckDuckGo
On Tue, 27 Mar 2012 10:26:18 +0200, Stefano Zacchiroli lea...@debian.org wrote: ... I welcome feedback on this matter, I already install DDG as default search engine on any (Linux or Windows) user that lets me fiddle with their setup, so as far as I'm concerned this is a case of us being paid to do something that will save me effort. I realise that's an almost completely irrelevant data point, but if it were the case that other DDs are doing similar, then we should probably be changing the default regardless of this payment offer. Of course establishing whether that's the case is not likely to be possible, but I suppose the iceweasel maintainer could canvas opinions, or just make a decision as they see fit (in the usual manner). Having a small, Free Software friendly search engine as the default also makes sense on the basis that it would help remind people that these things can be customised. On the other hand, I suppose there's some tiny chance that Google will be offended, and reduce sponsorship of DebConf, or be less willing to give us GSoC projects, say. If we were being mercenary one might want to compare how much money we're likely to get from DDG with the potential loss from Google, but as you say, this should be a technical decision, so if Google get upset about it, that's not really something to be taken into account. If we go for this, what are the chances of getting DDG to sponsor DebConf as well in addition to the offered profit share? ;-) Cheers. Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpZMTihcnHfG.pgp Description: PGP signature
Re: OSI affiliation
On Tue, 21 Feb 2012 09:56:02 +, Gervase Markham gerv-gm...@gerv.net wrote: ... If you read the OSI discussion lists, you'll certainly find senior figures in that movement regretting previous decisions, e.g. about particular license approvals. Having groups like Debian involved seems to me that it will reduce the likelihood of more of that happening in the future. If they regret them, then they should revoke the bogus approvals. They presumably don't want to look foolish by doing that, but the foolishness is all too plain already, and they're doing ongoing damage by not rectifying the situation. Clearly neither the FSF nor we will be deciding to now approve licenses that even people in OSI agree should never have been approved, so if some sort of agreement between all is to be achieved, in those particular cases it will require movement from OSI. I presume if we affiliate, that we'll see a press release from OSI along the lines of: Debian gives stamp of approval to OSI which if anything will reduce any pressure they feel to repent past sins. If senior figures have not managed to swing that argument so far, I don't see that adding another voice to the committee that's failing to make a useful decision will suddenly precipitate one. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgp2R5OVg1eU3.pgp Description: PGP signature
Re: OSI affiliation
On Fri, 17 Feb 2012 22:41:10 +, MJ Ray m...@phonecoop.coop wrote: Jose Luis Rivas ghost...@debian.org Just to give context to your email, could you provide a list with the OSI-approved licenses that you call non-free? (Maybe a link) That way every one else knows which licenses are you talking about exactly. http://people.debian.org/~mjr/legal/fsf-osi-list-diff.txt shows the ones where OSI and FSF disagree, but what's the point of knowing which are involved? Basically, OSI has aided proliferation. That list doesn't answer the question asked, in that I imagine that some or all of those licenses are what we'd accept as free. I'd be rather more interested in a list of licenses that are all of: a) approved by OSI b) rejected by us c) actually applied to software that is otherwise worth packaging, and hence where OSI is doing real harm by muddying the water. If they've approved a license or two in error (the first Apple license for instance) then as long as nobody is using that license it doesn't make a lot of difference, but it would be nice if they made a point of cleaning up their act by finally declaring such certifications as flawed, and revoking them. If they've not already done so, they could also have a Open Source, but we'd rather you didn't use this drivel category, with a recommended equivalent license that is a better choice if you were thinking of using that one. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpi2gR2R0Me0.pgp Description: PGP signature
Re: OSI affiliation
On Wed, 15 Feb 2012 14:36:21 +0100, Stefano Zacchiroli z...@debian.org wrote: On Tue, Feb 14, 2012 at 10:06:56PM +, MJ Ray wrote: I would be disappointed if this happened. The Open Source Initiative failed, for reasons that aren't important at this point - they should belatedly accept that and merge its corporation into SPI or another suitable continuing vehicle, rather than continue as an unseemly zombie organisation with its non-FOSS certification scheme that Wow, that's quite a bold paragraph :) I'm not sure what you mean with failed, given that the organization exists, has been active recently, and still is considered (ymmv, of course) a reputable source for deciding which licenses are Free and which are not The UK government has a consultation paper out right now: http://consultation.cabinetoffice.gov.uk/openstandards/ that links to OSI's license list to define what they mean by open source licenses, as you can see in the fifth paragraph here: http://consultation.cabinetoffice.gov.uk/openstandards/chapter-1/ So whatever we might think about the merits of the Open Source term, it hardly seems like a step forward to render such references into hanging links just at the point where policy makers are starting to get the message. Much better to try to ensure that that licenses list is actually sane, which is something we may be able to do something about if we affiliate, whereas at this point it seems unlikely that we'd have any luck either destroying the OSI or persuading politicians to use terminology we prefer. Cheers, Phil. P.S. I encourage people to respond to the consultation mentioned above. It actually looks pretty good. For example, it seems to be leaning towards the idea that (F)RAND licensing is nothing that one wants in an open standard. I'm not convinced that they've entirely understood the nuances of Free Software licencing (in that they seem to think that some licenses insist that one publish modifications, which I think is the sort of thing that fails our desert island test, and I'm not aware of any free software licenses that insist that -- they're presumably misreading the GPL). -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpfUUe6Wq4rf.pgp Description: PGP signature
Re: Installation Live CD
On Tue, 17 Jan 2012 09:37:24 +0100, Daniel Baumann daniel.baum...@progress-technologies.net wrote: On 01/17/2012 04:41 AM, shirish शिरीष wrote: the debian-live team [...] haven't been able to communicate it on the web their long-term plans. there are no long-term plans; debian-live just creates the combined live and installer media of whatever debian does. Well, having recently tried to find an image that I might be able to recommend to someone new to Debian, and having quickly found the friendly looking live.debian.net front page, I was a bit surprised to be presented with this after a couple of clicks: http://cdimage.debian.org/cdimage/release/current-live/i386/ which is not exactly helpful to a newbie -- also, even I am left wondering why there is a split between i386 and amd64 if the images below are supposed to be hybrid. Anyway, then I chose iso-hybrid, which seems like what I might be after, at which point we see that the only images that're small enough to actually fit onto a CD are the rescue and the standard ones, which appear not to include X, and so are hardly likely to be enticing to a newbie, so I gave her a copy of knoppix instead, which of course means that I have to say that what she's getting is very much like Debian, rather than saying that it _is_ Debian. I can understand that an automated build is unlikely to be able to generate something that's just as good as knoppix, since the latter has been tuned over a long period to exactly that purpose, and perhaps the restriction of wanting it to fit on a CD is less important than it used to be, but I think it's a bit of a shame that we're not currently producing a debian-live CD that shows things off reasonably well for a beginner, and linking to it prominently without an arcane sub-directory tree to navigate, as suggested by the OP. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpTihST7b453.pgp Description: PGP signature
Re: 1 year release good enough.
On Tue, 03 Jan 2012 03:35:51 +0530, dE . de.tec...@gmail.com wrote: ... GNU is a wildebeest which's vulnerable to Lions (MS), and sometimes leopards (Apple), and Debian is one of the wildebeests. Vulnerable, how? Microsoft put quite some effort into trying to stamp out free software, and that was Microsoft in its prime -- and they failed. If MS are Lions, and Apple are leopards, then I'd say Free Software is Fungus -- capable of taking their excrement and turning it into something useful, while otherwise growing at it's own pace, largely indifferent to the activities of the live-fast die-young corporations. Admittedly, Microsoft are now trying to use the patent system as fungicide, but I think the wider population are waking up to just how toxic that stuff is for everyone, especially when misused. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87vcos22jo@poker.hands.com
Re: Debian hardware certification
On Fri, 8 Jul 2011 09:17:09 +0200, Stefano Zacchiroli z...@debian.org wrote: Non-text part: multipart/signed On Tue, Jul 05, 2011 at 12:48:17PM +0100, Philip Hands wrote: That's the kind of very simple list that I was hoping to build. But the list isn't the final goal. The goal is to *fix* issues when we see them, like it happened for the X8STi-F in Debian 5.04. In that case, are you sure that bugs.debian.org isn't what you are looking for? That seems like a good idea -- how about if we encouraged willing hardware manufacturers to maintain a pseudo package type thing, perhaps per device, although it would be good to have some sort of wild-card so that one could report a bug against hw-supermicro-mb-X8STi-F, and they could resign it to hw-supermicro-nic-e1000 or some such, without us needing to do more than let them tell us the contact email for their BTS or the person in charge of fixing that device, say. It seems to be a bit unrealistic to assume that we're going to convince most hardware manufacturers out there to have maintainers of their own pseudo package in the Debian BTS. I'd say that it's a nice possibility to offer, but we should not base hardware support verifications only to that. At best, we should have both a community driven process like those mentioned earlier on in this thread and the possibility for hardware people to jump in and provide direct support. But I don't expect the latter part to be any significant share of the whole thingie. Certainly, I wasn't expecting a significant percentage of the world's manufacturers to do this, but when someone comes to the lists saying that they have a contact with a particular manufacturer that wants to know how they can mention that they support Debian properly, this approach would allow us to tell them the thing that they have to do to make that so, and it would then provide our users with a channel to communicate problems to the manufacturer. On the other hand, if we're talking about exactly one manufacturer ever taking advantage of this, then it's bound to end up just being more clutter, and the forwarded email will probably be bouncing in six months, in which case they should be pointed at one or more of the other sites already mentioned, as you say. If it were possible to do the catch-all dummy package thing for the general case of manufacturers who don't know we exist, just to track the problems people have with their hardware, then that might allow a useful resource to be assembled by our users -- but I don't think it's worth it if it would take significant effort to achieve (unless we get to use the catch-all feature for other things as well -- and of course only if someone fancies implementing it). Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpeIYRDw3h9s.pgp Description: PGP signature
Re: Debian hardware certification
On Sat, 4 Jun 2011 14:23:56 +0800, Paul Wise p...@debian.org wrote: On Sat, Jun 4, 2011 at 12:05 PM, Thomas Goirand z...@debian.org wrote: That's the kind of very simple list that I was hoping to build. But the list isn't the final goal. The goal is to *fix* issues when we see them, like it happened for the X8STi-F in Debian 5.04. In that case, are you sure that bugs.debian.org isn't what you are looking for? That seems like a good idea -- how about if we encouraged willing hardware manufacturers to maintain a pseudo package type thing, perhaps per device, although it would be good to have some sort of wild-card so that one could report a bug against hw-supermicro-mb-X8STi-F, and they could resign it to hw-supermicro-nic-e1000 or some such, without us needing to do more than let them tell us the contact email for their BTS or the person in charge of fixing that device, say. We'd just need to reserve the 'hw-' (or whatever) bit of the namespace, and then allow people to apply for names under that, probably based on whether they own the matching domain, but I've no idea how we might handle disputes if a company splits, say). Then there would need to be a way of updating the maintainer address(es) -- probably best if a DD/DM takes responsibility for being our contact with that company, and handles that in the normal manner. We could always set up a manufacturer-liason team for that, if appropriate. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpmk7n6LBTSD.pgp Description: PGP signature
Re: audible compatibility with linux
On Tue, 12 Apr 2011 23:13:26 -0700 (PDT), Victor Jones angier...@yahoo.com wrote: Audible says At this time Audible is not compatible with the Linux operating system. Audible is actively pursuing compability with Linux in all versions by pursuing support from the open source community that develops this platform. I joined Audible in 2002 and saw that exact message shortly after and it has not changed to this date today. Well, you probably have a fairly realistic understanding of the vigour that they are perusing compatibility then. Audiible is one of the big reasons I have heard people say they will not switch to linux. There are already ways to take out the protections and turn the audio books to mp3 files, but I have a very large library on their site and need (as do many other people) for it to just work. Just work is what Ubuntu is all about. If you do not think it is serious just do a Google search for Audible linux and you will come out with a different frame of mind. That search (well, done via duckduckgo.com rather than google) revealed this: http://ubuntuforums.org/showthread.php?t=933707page=3 which seems to show that you can at least download the files. If the Digital Restrictions Management is any good (which it would seem it's not, since you say there's some way of stripping it out) then you would be stuck with playing those files on platforms where the vendor are willing to enter into licensing agreements to gain access to the secret that allows playback. So as it stands you have the choice of: 1) not giving them any money because they use DRM 2) living with the fact that you're stuck with the platforms they support 3) transcoding the content so you can play it where you like I (and many here) will opt for option 1, so don't really care beyond that (not meaning to be rude, but rather trying to explain why you might not get what you want by asking here). You appear to be torn between options 2 3. I suggest that you make your mind up and live with the choice rather than fretting about it, or hoping that Amazon Co will suddenly decide that all the contracts that they've signed where they make guarantees to protect the content[1] are worthless and change their business model. That may happen, but a few of us techies wailing about it seems unlikely to make the slightest difference (it clearly hasn't so far). It strikes me that a more likely route to your desired goal would be for you and your friends decide to stop paying them money, and find alternative outlets that don't poison their wares with DRM. You could even get enthusiastic about the campagn run by http://www.defectivebydesign.org/ Do that to an extent that puts a dent in their sales figures and you might get somewhere, but of course if you do that, you'll have cured yourself of your addiction to their content, and will then not care very much what they do either. You might want to look at http://librivox.org/ (I've not tried this myself, but just found it by searching for creative commons audio books) Cheers, Phil. [1] I find it amusing that the content owners are clueless enough to provide the content on the basis of DRM claims that are inevitably shown to be false -- do they do no research whatsoever? -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpPW3iEPjOcy.pgp Description: PGP signature
Re: DEP5: Extra fields without ‘X-’ prefix?
On Sat, 20 Nov 2010 09:22:48 +, Lars Wirzenius l...@liw.fi wrote: On su, 2010-11-14 at 11:13 +, Lars Wirzenius wrote: Extra fields can be added to any paragraph. No prefixing is necessary. Future versions of the `debian/copyright` specification will attempt to avoid conflicting specifications for widely used extra fields. Is that enough? This is a minor detail, I'd like to not start specifying too much about how parsers are supposed to handle the fields, etc. I ended up with this formulation, I hope that's acceptable to everyone: -Extra fields can be added to any paragraph. Their name starts by **`X-`**. +Extra fields can be added to any paragraph. +No prefixing is necessary or desired, but please avoid names similar +to standard ones so that mistakes are easier to catch. +Future versions of the `debian/copyright` +specification will attempt to avoid conflicting specifications +for widely used extra fields. It occurred to me before that this should also suggest that people ask around before making up new names, but I thought that should probably go without saying -- both that and this wording both read a little like don't be stupid to me. Not that I'm saying that we shouldn't say Don't be stupid if people think that people need to be told that :-) How about addressing this at a meta-level, by suggesting people consult wider opinion: Extra fields can be added to any paragraph. Before introducing new field names you should request comments on the wisdom of the new field. When introducing it please also record it on: http://wiki.d.o/.../page-for-proposed-new-DEP5-fields No ``X-'' prefix is required or desired in new field names. At least that should prevent people coming up with similar but different solutions to the same problems, and a wiki page can act as something like a lock. Not that I think there's anything wrong with what you already have, so go with whatever you prefer. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpUykIA3VsUX.pgp Description: PGP signature
Re: commercial spam on planet
On Tue, 09 Nov 2010 02:26:25 +0200, Faidon Liambotis parav...@debian.org wrote: Holger Levsen wrote: since a while, we see unsolicted commercial links and images on planet, mostly about flattr. ... On the issue at hand, my personal view is that I am a bit annoyed by the flattr “ads” on Planet as well, but not that much that I'd raise it as a subject for discussion as you did. Likewise, I'd not have raised it, but seeing the ads has been like a very mild case of toothache for me -- but that was before I considered that the people putting the link to an image from http://api.flattr.com/ on their pages are actually leaking my browsing habits to flattr, as Joerg points out. Yes, I could AdBlock flattr, as could all other readers of planet, but I don't really see why I should have to. So, well done for raising the issue Holger. I think the thing that makes the links more irritating is the fact that they are a graphic in a sea of text, so they really catch the eye. I'd probably have less of an issue with them if they were rendered as a simple link, especially since that would not involve an information leak. How about making the planet disarm all links that point elsewhere than the same domain as the blog post that contains it? Perhaps a little too draconian? Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpCyIqc6nUEX.pgp Description: PGP signature
Re: DEP-5: general file syntax
On Wed, 18 Aug 2010 09:29:33 +1200, Lars Wirzenius l...@liw.fi wrote: For simplicity, I will introduce a new term, desc-escape. This refers to the escaping of content similar to the way Description does it in debian/control: each line is prefixed with a space, except empty lines are replaced with a space and period. The Policy's specification is not usable for this, I think, because it goes much further than what DEP-5 needs. Note that I've dropped the possibility of prefixing escaped lines with a TAB character. It is a needless difference from Description, and would complicate parsers. So there are three cases: * License: newlines are significant, no word-wrapping, desc-escape is used. We could always use the same convention as in Description: http://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-Description where a single space prefix indicates wrappable text, and two spaces indicates verbatim. That also deals with the case of the original text containing a line with a single full-stop, as that could be included by prefixing it with two spaces. Mechanical conversions could just add two spaces by default, and if anyone can be bothered, paragraphs that would be fine word-wrapped could then be back-indented one space by hand. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND pgpSG5o0ZPVTp.pgp Description: PGP signature
making more Debian Tartan -- deadline early April
Hi Folks, As most of you will be aware, Debian has it's own official Tartan (since DebConf7 -- Edinburgh, Scotland -- it spells DEBIAN in Morse :-) It occurs to me that some of the USA based developers who are likely to be contemplating attending a DebConf for the first time this year, might want to waste a small fortune on buying themselves a Kilt (or other tartan apparel -- we also made Skirts, Ties, Trousers ...) There's more details in this mail: http://lists.debconf.org/lurker/message/20100306.200234.0df46f37.en.html and background about the original Tartan order is at the DebConf Wiki: http://wiki.debconf.org/wiki/DebConf7/Tartan The problem with weaving tartan is that it's generally made in multiples of 80 yards, with a minimum up-front cost of about $2000 USD, so in order to get the ball rolling we a decent number of people to commit to buying the resulting cloth. This is frustrating, as I've been asked repeatedly if we had any cloth spare since we did the first batch, so clearly demand is significantly more than was supplied in that instance. So, if you're interested, and organised enough to sign up now, please add your details to the table here: http://wiki.debconf.org/wiki/DebConf7/Tartan#Second_Order (or if you want to keep your tartan fetish secret, or just want to ask follow up questions, feel free to mail me). As at the writing of this mail, we have a total of 42 yards committed to -- that's almost enough, but the more we order the cheaper it gets. So, don't hang about -- get your names on that list. Cheers, Phil. P.S. I should probably mention again that Kilt's are not cheap -- You should budget at least 350.00 GBP, plus some more for a sporan (it's difficult to be definite about the price as it gets cheaper the more cloth we make, and more expensive the more optional bits you add) Women's skirts are significantly cheaper -- If you fancy some trousers like Wouter's you'll need to talk to his Mum about getting them made ;-) -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100325103020.2b2ce...@palm.hands.com
Re: Misc development news (#8)
On Mon, Jun 02, 2008 at 01:48:29AM +0200, Joerg Jaspert wrote: On 11403 March 1977, Steve Langasek wrote: So tagging a key as belonging to a particular host is insufficient - we need the full authorized_keys semantics for setting key options (from=, command=, no-port-forwarding, no-X11-forwarding, at least). And? You have that already, just add that in front of your key as you would normally do. ud-ldap passes it. It really only needs the host=gluck,merkel,whatever addition to also limit it to target hosts and then all is there. Actually, it occurs to me that one can already do a poor-man's version of the host restriction by making the command option something like: command=hostname | grep -q '^\(gluck\|merkel\|whatever\)$' ~/d-i/d-i-unpack-helper ... Then, once the host= feature is available it will be possible to upgrade to using that in a moment (rather than having to go round tidying up on each host) -- in fact, if people are consistent in using the above incantation, we could even tweak them all in LDAP when the feature is added. Steve, does that address your concerns? Cheers, Phil. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Misc development news (#8)
On Sun, Jun 01, 2008 at 09:15:19AM +0200, Peter Palfrader wrote: On Sat, 31 May 2008, Steve Langasek wrote: People submitting known bad keys to ldap and stuffing those in their authorized_keys files also. What else did you think it meant? I have no idea, because I don't understand why the above would warrant a policy change wrt authorized_keys. Surely, known bad keys could already be dealt with using the blacklist support that was published as part of the DSA, so why would we need to disable authorized_keys altogether when there's support for handling this in the server itself? Those blacklists are hardly exhaustive. Hardly anybody seems to get that their old DSS keys, if ever used once on a broken libssl are now all bad. Also note that until recently we didn't run debian's sshd at all, so blacklist support is not something we could rely on. While this is initially for our (DSA's) benefit, in that it makes applying global changes easier, it's also for user's benefit. -- compare the effort required to ensure that there are no copies of a key (that was on a stolen laptop, say), on every debian host you _might_ have copied it to, to the effort of sending a single mail and knowing you're done. If there's some reason that you want specific keys to only give access to specific hosts, and if the reason justifies the effort, I suppose it would be possible to come up with a way of tagging which hosts any particular key should give access to in LDAP -- is that why you're worried about the loss of this feature? In short, having had our hand forced into turning authorized_keys off, we find that that is a better state to be in, so we're leaving it that way. (in fact disabling authorized_keys had been suggested before but we had no compelling reason to do it, if we had done so the post-SSL cleanup would have been significantly less effort). Cheers, Phil. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DEP1: Clarifying policies and workflows for Non Maintainer?Uploads (NMUs)
On Fri, May 30, 2008 at 05:17:57PM +0200, Frans Pop wrote: On Friday 30 May 2008, Bas Wijnen wrote: But in the situation you mention above, I don't think there's anything wrong with actually preparing an NMU (except that you may be wasting time, but that's your own problem). So no reasons are needed for it. I find your argumentation rather weak, but to be honest I also don't really care enough about this whole subject to discuss it further. If anybody is ever going to NMU D-I components to DELAYED, I expect he will get a direct reply with a request to remove his upload from the queue, but we'll deal with that when it happens. The point of my mail was: D-I has a sufficiently actively team, there should be no need ever to NMU any of its packages. Doing so is indeed a waste of time. Clearly there are cases where NMUs are inappropriate. The DEP is currently missing language to make that point clear (at least in my reading of it) perhaps it needs a final clause along the lines of: This is not a license to perform NMUs thoughtlessly. If you NMU when it is clear that the maintainers are active and would have acknowledged a patch in a more timely manner, or if you ignore the recommendations of this DEP, or if you do something else that assumes that this is an NMUers charter and that a lawyerly interpretation of some subclause can be used to justify some abusive action, be warned, there is no protection for you here. You should always be prepared to defend the wisdom of any NMU you perform on its own merits. Cheers, Phil. signature.asc Description: Digital signature
Re: Debian Tartan for Debconf7 ... pricing update :-(
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It seems that I got the pricing wrong, since I was looking at the standard off-the-shelf prices, and specially woven cloth costs a bit more than that. For more details, check the blog: http://blog.hands.com/debian/debconf/tartan where I will track any further developments to avoid the continuing need to reply to my own mails. Cheers, Phil. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF+DghYgOKS92bmRARAnTeAJ4rnWPoY5fWiJVq8A7yMVcpw96fWACfRfKl RCl7wyl/Dc+4aFkb4UtguXA= =rXcm -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Tartan for Debconf7 ... progress
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve McIntyre wrote: On Wed, Feb 28, 2007 at 11:23:46PM +, Philip Hands wrote: So, if you're thinking that you might be interested in having one of these, you need to check your bank balance, and get back to me _soon_ since the deadline for orders is liable to be in about a week if we want the cloth ready in time for Debconf (if you miss that deadline, another batch can always be done of course, but that will incur another weaver's setup fee which seems to be somewhere between 300 500 GBP). I can't really afford it, but sod it. Count me in for a proper 8-yard kilt, same as you. Good man :-) The tartan design that seems to have gained consensus among the current sign-ups is this one: http://hands.com/~phil/debconf/Debian10.jpg and I've gimped that into a larger sheet here, so you can get a better idea of the full effect: http://hands.com/~phil/debconf/Debian10-large.jpg I think the designer said that the sett (the repeat interval) was about 8 inches on that one, which is larger than average, but still OK for use in kilts. I still need to confirm the exact colours, but since I'm not going to be able to send out colour samples to others in the time available, and one cannot guarantee that what's seen on screen is going to be exactly the same shades as the final result, I wouldn't worry about that too much -- I'll ask the designer what he recommends and go with that. So, about the tartan design: It's predominantly red, to reflect the red from the logo, made of two shades of red to give a gradation towards the middle (the nearest thing I could get to a swirl in a plaid) the blue is Electric Blue which makes sense, since we wouldn't get far without electricity, there's a fair amount of black, and a little yellow, as a nod towards Tux, and the white spells out DEBIAN in morse (with a correct 1:3 ratio for dots to dashes, and for the pauses in and between letters). Also, unusually (although not uniquely) for a tartan, it's not symmetric. The morse section does not repeat in reverse, so while it still looks like a fairly conventional tartan (if a little busy in the morse section) we don't get the reversed morse (which the designer helpfully pointed out would spell ANIVEU ;-). This means that the morse section can be made relatively larger without increasing the overall size of the sett. As I said, I still have a couple of things to confirm with the designer (including ensuring that there is no copyright silliness despite the prominent notice on the images ;-) which I hope to have sorted in the next couple of days -- I'll then do a last call for people to sign up to this, and tell them to get weaving. If anyone who's not already told me is interested in these, please mail me, but be aware, the kilts are going to cost ~350 UKP and women's kilt skirts are ~190 IIRC. There has been talk by a couple of people of getting a few extra yards woven and making them into hats (Tam o'Shanters, I'm guessing), and scarves or sashes may be a possibility too -- feel free to mail me if you're interested, since the weaver's setup cost is significant, so it'd be cheaper to get one longer run than two shorter ones. Cheers, Phil. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9ztYYgOKS92bmRARAjVsAJ0eKBl7j4C2JoBqQV3AUS+qF7lUBQCfQ2Kw RJPD0vP2NhukApxm/Nj2cVc= =wxJ9 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian Tartan for Debconf7 ... progress
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Philip Hands wrote: [...] My initial attempt at a design (which I'm told by the designer needs to change because I used odd thread counts, and they need to be even) is here: http://hands.com/~phil/debconf/debian-tartan1.png Earlier today I paid a tartan designer to work on that, and he's going to come up with variations on the theme, as well as probably scaling it down to 2/3 of the current size to make the set smaller, and to make the stripes be even numbers of threads. I'll post the designs when I get them in the next couple of days, so that people can pass an opinion -- Given that people are going to be forking out 350.00 GBP each for these kilts, I think it's fair for the buyers to make the decision on which tartan to choose (of those the designer comes up with), but I'd also like the wider developer community to have a chance to comment, so that there is less chance of them subsequently coming up with reasons why there shouldn't be a Debian Tartan after the money is spent, so if you think that Tartan is some sort of post-highland-clearance symbol of oppression, or other such drivel, please pipe up now :-) Given the time-frames, we don't have time for votes and the like, so I'm going to take it on myself to be the final arbiter about whether this goes forward (on the basis that I'm paying for the up-front costs). BTW kilt-skirts for women are also available, starting from 115.00 GBP as can be seen here: http://www.geoffreykilts.co.uk/lw_info.htm So, if you're thinking that you might be interested in having one of these, you need to check your bank balance, and get back to me _soon_ since the deadline for orders is liable to be in about a week if we want the cloth ready in time for Debconf (if you miss that deadline, another batch can always be done of course, but that will incur another weaver's setup fee which seems to be somewhere between 300 500 GBP). Cheers, Phil. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5g7/YgOKS92bmRARAns7AKCYRFrRUSmr3wRyzuKymhaYPG43vACgmboD LXRuGlDGL70N1KSK+jkVlTA= =TNJ8 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Debian Tartan for Debconf7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Folks, I'm currently in discussion with a tartan designer to come up with a design for a Debian Tartan in time for kilts to be made for people that would like them for Debconf7 The timing is going to be tight, in that we need to get the beginning of the order process rolling pretty much immediately to give time for the weaving. My initial attempt at a design (which I'm told by the designer needs to change because I used odd thread counts, and they need to be even) is here: http://hands.com/~phil/debconf/debian-tartan1.png The thinking behind that was: Decent amount of Red and Dark Red to reflect the colour of our Logo A smattering of yellow and black as a nod to Linux Blue because the red/blue combination looks nice IMO and the white spells out debian in morse Given that I want to register whatever comes out of the design process as The Debian Tartan, I also need some form of approval from the project, for the use of the name. I intend to cover the costs of design and registration of the tartan as part of my sponsorship of DebConf7, but I need to know who's interested in getting kilts so that we can decide how much cloth needs to be woven. As you can see here: http://www.geoffreykilts.co.uk/gentskilts.htm There are various options for kilts, with the full 8 yard hand sewn kilt coming in at 350.00 GBP, or Casual kilts for around 200 pounds. They're not cheap, so I'd imagine that just put most of you off. I'll personally be going for the proper 8yard option, and to have them woven as Auld Reekie (1) 16/17oz, on the basis that even the cheaper options are pretty expensive, so one might as well do the thing properly, eh? So, please mail me if you're interested in a kilt for yourself, or feel free to discuss what's wrong with the idea that Debian should have a Tartan in the first place, and why I should be burnt at the steak for even suggesting the idea :-) Cheers, Phil. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF3zqtYgOKS92bmRARApl6AJ4ybTUqlea1p9fiLahhGJBJIoB0EACfe/no Hv+TKNNrkw8lImWk1uJ6NRc= =KwTT -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian on one dvd?
Siward de Groot wrote: [...] The FSF diagrees. See below. They can disagree all they want, but as long as they don't write it in the license, we are not bound by it. Or do you know of any prior ruling or general consensus among lawyers about this ? So you think you'll convince a court that the word medium in this case (which was clearly written at a time when the obvious example would have been one of a variety of magnetic tape formats) can also be interpreted as meaning a random conglomeration of computers and network components, owned by an undefined cloud of individuals and corporations, both domestic and foreign? There's not that much in common between a length of tape and the Internet. On the other hand, the link between a length of tape an a DVD is apparent. [...] Debian does not distribute the images under clause B I wonder why you think that ; Certainly Debian doesn't distribute it under clause A or C, so is Debian violating the GPL ? Debian _always_ distributes under clause A as far as I'm aware, since we make the source simultaneously available on-line. Remember, Debian does not produce physical CDs or DVDs in it's own right (although we do generate the master images and publish them on-line, with accompanying source images) I cannot imagine a situation in which Debian or SPI would go for the written offer route of clause B, and we build everything from source, so clause C is ruled out. No need to worry too much about it, though, because here is another way to comply with the GPL : Accompany the softwares with written offers to provide the sources, and if someone wants to take you up on that offer, ignore them. You have an interesting understanding of the word comply. Not getting sued does not necessarily equate to abiding by the law. Cheers, Phil. signature.asc Description: OpenPGP digital signature
Re: Automated testing - design and interfaces
Ian Jackson wrote: The scheme I'm proposing is useful to Debian even if the buildds don't get enhanced to run the tests automatically, because package maintainer tools can easily be enhanced to do that. Of course Ubuntu will do that testing automatically but Ubuntu apparently has (will have) different infrastructure tools. Also, if the tests are available for use by end-users, we can ask pre-release testers to run all the tests on packages they install as part of their installation testing. A report saying I tried installing this set of packages, and not only did I succeed, but also the software all works on my system is a lot better than I managed to install the packages. What you are proposing seems like a better way of doing package tests than the debian-test package I cobbled together ages ago (which has since quietly gathered dust due to lack of effort from me, and lack of interest from other maintainers) -- if we can get this to the point where the default is for maintainers to write new tests as part of their bug fixing procedure, then we'll end up with a comprehensive set of regression tests without needing people to expend much more effort than was needed to fix the bug anyway. Well done Ian :-) Cheers, Phil. signature.asc Description: OpenPGP digital signature
Re: Retailing
Joe Smith wrote: Kieran Lloyd wrote: I am considering selling some home made PC's on Ebay, the thing is I want to sell these pre-installed with Debian Linux. Would Debian have any argument with this? I will obviously be advertising that the Pc's have Debian installed however I will not be charging for it I would only be charging a mark up on my hardware. Please advise if this would be acceptable. Hello. While the other people to respond have covered your question fairly well, I would like to summarize and add a few additional pieces of information. (Disclaimer: I'm am in no way affiliated with Debian besides being just a user. However, I have been lurking on the mailing lists for long enough to start to understand how Debian developers feel. So while the following may not reflect the offica feelings of Debian, I suspect it at least comes close.) First of all, Thank you for for choosing Debian GNU/Linux. We certainly appreicate that you chose to distibute your computers with a free (as in speech) operating system. Debian does not object, and even encourages sale of computers with Debian GNU/Linux pre-installed. The fact that you intend to include it at no additional cost is even better, as it will increase the exposure of Free Software. You could even charge for the pre-installation of Debian, but personally I would prefer if you did not. On the other hand, some of us would prefer that you did charge. I for one, and the Free Software foundation for another: http://www.gnu.org/philosophy/selling.html I only say this to make it clear that you shouldn't feel at all guilty about charging if you want to, not to try and say there is anything wrong with giving it away if you want to either. It can be argued that people value things more if they have to pay for them, in which case, if you charge a fee for the software it is more likely that people will feel that it's worth persevering with using it, rather than thinking that they didn't pay for it anyway, so if they don't like it instantly they might as well use whatever their default operating system is instead. Not that I want to start a flame war about this -- there's nothing wrong with giving it away either. You should be careful not to give the impression that you are charging a license fee though -- you are allowed to charge a fee for the copy of the programs, or for the service of installing them, but not for the licenses (in the case of the GPL software at least, which covers most of the software in question) You noted that you would be advertising the fat that debian GNU/Linux was pre-installed. You may wish to use our spiral logo which can be found on this page: http://www.debian.org/logos/ Chris mentioned that you needed to distribute source code. He noted that the easiest way was to include the cd forms burned onto recordable discs. Please consider also including a copy of the 'binary' cds. This will help your customers install parts of the OS that they are interested in, that you did not pre-install. An alternative approach, which may be cheaper for you, would be to install a partial mirror (i.e. the right architecture source, probably using debmirror) on the machine's hard drive. With the right sources.list line the user will then be able to install packages without first hunting down the CD that they will have lost by then ;-) If at some point in the future they are getting short on disk space, they can just delete the mirror. Thnaks again, and if you have any further questions please email me off-list. Cheers, Phil. signature.asc Description: OpenPGP digital signature
Re: DCC (Debian Confusion Core) trademark negotiation status
Anthony Towns wrote: On Mon, Oct 17, 2005 at 05:01:06PM +0100, Ian Jackson wrote: Bart Schuller writes (Re: DCC (Debian Confusion Core) trademark negotiation status): http://ianmurdock.com/?p=274 This is some kind of insulting joke. Glad I'm not the only one that thinks that. I wonder how, for example, Nike[1] would react if one were to put a series of press releases announcing the newly formed: NQA -- Nike(TM) Quality Alliance in which you implied that you'd be providing better foot ware than the average Nike output, by running them through another level of quality checking. Then, after news of this had hit the New York Times, you could explain that you were going to change what NQA stood for, and now it stands for NQA Quality Alliance so there was nothing for Nike to worry about, but that you were not going to bother with a press release. I think you'd find yourself in court in the blink of an eye, and I doubt that you'd be allowed to have an N anywhere near your name, assuming that you were still in business by the time Nike's lawyers were finished with you. Also, I was under the impression that recursive acronyms needed to be witty, or at least close to being a pronounceable word, to count. I suppose one could try pronouncing DCC as Dick to make it qualify ;-) Cheers, Phil. [1] I'm not trying to imply anything good or bad about Nike, it was just a random example of a corporation with an interest in protecting its trademark. signature.asc Description: OpenPGP digital signature
Re: Developing on Debian
Jason Mock wrote: Hello, I have a few more questions that were pushed my direction from our Board of Directors. Before the questions though I would like to thank you for the fast response to my inquiry! It will make you proud to know that you were the first response to the questions that I had out of Red Hat, Suse, Xandros, Slackware, and Mandriva. Here are the 2 additional questions that I need some assistance with: 1. Security features, current and planned? We have a highly responsive security team who address issues as they arise: http://www.debian.org/security/ This combined with the fact that our packaging system allows for continuous upgrades means that when an alert happens, you will have developed a level of confidence in the system that will allow you to actually perform the upgrade. Other systems, where one is not able to develop that confidence, tend to gently rot to the point where nobody is brave enough to upgrade anything, regardless of how grave the security flaws that are being left open by not doing so. The reason our upgrade system works so well is in part due to the chaotic nature of our organisation. Because we have vast numbers of developers, and users, running all sorts of odd combinations of versions of software, upgrading them in different orders, and generally doing bizarre things, pretty much every conflict or dependency problem you were ever going to run into has been found by someone else months ago -- that means that you won't get bitten by those bugs. If we only tested packages against the other software in a particular release, and only attempted to build it for one or two architectures, many of those packaging issues would go undetected, and so would still be available to bite you. So we have effective security updates, on a system where you will be brave enough to actually apply them in a timely manner. 2. Why is distribution better than others available? I think I covered a lot of the points I the previous mail. probably few things that should be of particular interest are: The fact that we positively encourage people to do spin-off distributions for specialist purposes, to the extent that we have mailing lists, and tools to make that easier -- as an ISV, selling turn-key solutions, you are in effect doing a specialised version of the OS you distribute, so having the tools and experience of others to build that with is likely to make the final result much more robust than if you're just standing there passively waiting for the distribution vendor to slop whatever they felt like serving up this time round into your bowl. We don't expect you to pay is any sort of fee. Not up-front, and not per server. Of course, you may chose to spend the money you've saved on support from one of the many offering commercial support on Debian, but that will be up to you, and if you don't like the support you get, you'll have the chance to go elsewhere without needing to change the distribution you're using. There is absolutely no possibility of us going bust, changing business strategy, deciding to sue the known universe or any of the other annoying things that software vendors are prone to do, because we're not doing this for the money, and I doubt there is anything anybody could do to stop most of the people involved in Debian from doing what they're doing. Again thanks for your input, and help in our search for a Linux platform. You guys are great! Have fun, whatever you decide. Cheers, Phil. signature.asc Description: OpenPGP digital signature
Re: Developing on Debian
Jason Mock wrote: Philip, Thank you again for your timely response. On the security question, what we are looking for is the built in security within the system. Does debian have a built in firewall, Antivirus, or any other security features that help create a secure work environment? Of course. Here's an intro: http://www.debian.org/doc/manuals/securing-debian-howto/ For examples of relevant packages, one can do a few searches: http://packages.debian.org/cgi-bin/search_packages.pl?searchon=allkeywords=virus http://packages.debian.org/cgi-bin/search_packages.pl?searchon=allkeywords=firewall http://packages.debian.org/cgi-bin/search_packages.pl?searchon=allkeywords=selinux I'm sure you can come up with a few of your own -- have a play here: http://packages.debian.org/ Debian's current stable release contains a little over 15,000 packages, which means we include pretty much every mildly useful Free Software package in existence, including the security related ones. Debian generally takes the approach that if you don't want a service, the software that provides that service is not even installed on your system. Since installing and removing packages is trivially easy, that's the fastest way of turning services on and off -- it's difficult to exploit a program that is not there. The problems you're likely to face are mostly going to be things like deciding which of the many available virus scanning frameworks is the one that suits you best. (I'd go for MailScanner clamav on that particular question, but tastes differ) I suggest you have a look around the various documents available on the web site, and perhaps try putting any further questions you might have into google -- the howto above, for example, is the first hit on google for a search on securing debian (it's also in some way related to most of the next 100 hits and beyond -- Debian material is widely available on the net) Cheers, Phil. signature.asc Description: OpenPGP digital signature
Re: Developing on Debian
allows you to do a full version upgrade, or security updates, on a running system. It is completely normal for Debian users to log into a remote system and upgrade it from a previous release to a current one, without causing a significant interruption to service. If you learn to package your software the way we produce packages, which is reasonably easy to understand, then you will be able to upgrade your own software in the same manner, if you choose. Alternatively, just dump it in /opt or /usr/local and we guarantee not to touch it during system upgrades. So, to conclude the sales pitch, we're bigger than all the other GNU/Linux distributions in pretty much every dimension (more developers, more packages, more supported architectures) and because there's no company, we don't have any motivations other than the pursuit of technical excellence, so you won't be told that we're changing everything because our corporate policy changed, or marketing thinks some new thing sounds better. You will have to do a little more work initially though, or pay a Debian consultant to guide you, but since you were expecting to pay anyway, why not pay for lessons in fishing, rather than a few kilos of fish? Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560]http://www.hands.com/ |-| HANDS.COM Ltd.http://www.uk.debian.org/ |(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND signature.asc Description: OpenPGP digital signature
Re: Approaching VMware (and others) to get Debian listed as supported ?
Sven Luther wrote: On Thu, Oct 06, 2005 at 11:06:47AM -0500, Jaldhar H. Vyas wrote: This may have used to be the case, but should not be a problem anymore, we have only one kernel per released architecture, and make it easy enough for them to build modules for the official kernels, the debian kernel team needs to provide a document on how to build modules probably, but even if it is not yet fully documented, everything is there to make it happen. They seem to be comparing Debian unstable, with other distros' official releases, which is a bit strange -- presumably they're not claiming to support beta versions of those other distros. Anyway, I seem to remember that they provide the source for the bits that need to go into the guest operating system (I could be wrong, it's been a while since I last played with it). Given that, assuming we can have permission to redistribute binaries, and someone is willing to package them, the bits required to make everything work in the guest could be packaged and distributed (probably in non-free, but distributed nonetheless) by Debian, making it trivially easy for people to install under VMWare. A vmware-guest package could even depend on particular kernel versions if they're that stressed about it (savy admins could always get round that, at their own risk). Alternatively, the postinst could check the environment it's sitting in and put up a warning about it being unsupported, and how to fix that. Either of these would provide more assurance to them than they currently get from an RHEL system with a locally patched kernel. Perhaps this should be pointed out to them, since if that were to happen, we'd be doing their testing for them during the Debian release cycle, and they would just need to confirm the facts at release time. Cheers, Phil. signature.asc Description: OpenPGP digital signature
Re: Naming of init.d scripts and the LSB
Petter Reinholdtsen wrote: [Steve Langasek] The goal of the LSB is to provide a standard that ISVs can write to -- *not* to make life easier for admins moving from distro to distro. Hm, that is sad. Because some of us with a large number of machines, do need to handle cross-distribution consistency. Not to move from distro to distro, but because a few hundred machines rune each of the distros. :) I hope someone try to make life easier for admins needing to administrate a lot of machines with different distros. I think both latitudes can be largely satisfied if LANANA can be persuaded (if they do not already do so) to solicit approval from distributors before issuing new approvals. That way, we don't have to try to register every init.d script under the sun, and ISVs still don't get to register names that are likely to cause pain in the future. Alternatively, perhaps LANANA should have a list of names that have been vetoed that we can add to in a light-weight manner, and have a script that ensures that packages only get into the archive if their init.d scripts are thus registered, or otherwise attempts an automated registration. Cheers, Phil. signature.asc Description: OpenPGP digital signature
[OT] MJ Ray's continued burbling (was Re: Debian UK ....)
MJ Ray wrote: [...] In many circumstances, law says groups must apply for a decision, but DUS won't and I'm not sure whether the call reported in http://www.chiark.greenend.org.uk/pipermail/debian-uk/2005-August/010548.html really happened or was a joke like much of the rest of that mail. Why do you think that mail was a joke? The only hint I can find would be the smile I attributed to the person I was talking to at the charity commission. Perhaps you don't get to experience many people smiling while they're in conversation with you, and so cannot conceive of the concept, but since she was laughing when she asked if she could join the Debian UK Society I thought it only right to report that with a smiley INSIDE THE QUOTES. The rest of the mail, in which I address all the complaints, whinges, and unfounded assertions I could find in your previous deluge of mails certainly wasn't meant to be jovial. The fact that you feel the need to dismiss any criticism as a joke is rather revealing. Cheers, Phil. signature.asc Description: OpenPGP digital signature
Re: Debian UK
Henning Makholm wrote: Scripsit MJ Ray [EMAIL PROTECTED] Henning Makholm [EMAIL PROTECTED] wrote: Is DUS's involuntary membership even legal? I don't know. Which law would prevent them from giving you a vote in their matters? How would you enforce such a law? [...] You moved slickly from membership to whether one has a vote. That's the only thing membership *means* when there are no dues to pay. In the _many_ criticisms that MJ Ray has rolled out recently, this is one of the few that holds any water IMO, but as Henning has correctly spotted, the intent was to allow a vote to any DD who lives in the UK, unless they stated that they didn't want to be involved. On reflection, I think we should ensure that the wording makes it clear that one has to express an interest in membership in order to be considered a member. I'll start a thread to that effect back on the debian-uk list. Cheers, Phil. signature.asc Description: OpenPGP digital signature
Re: Debian UK
Stephen Frost wrote: * Sven Luther ([EMAIL PROTECTED]) wrote: On Wed, Sep 07, 2005 at 09:11:25AM -0400, Stephen Frost wrote: * Sven Luther ([EMAIL PROTECTED]) wrote: [...] Uhh... http://www.debian.org/CD/vendors/info Debian does not sell any products. I don't *think* that my being in the US is somehow making me read that differently than the rest of the world, but hey, if you see something different on that page, please let me know! Notice that the link is on the CD selling page, right ? Even so, that was the general policy as I understood it... Should we be saying that we don't sell CDs (do the DUS folks sell CDs? I dunno) only there? Should we be pointing out that we do sell t-shirts somewhere? I have a feeling that the main reason Debian doesn't sell anything is that Debian doesn't own anything, because Debian doesn't exist as a legal entity (that's what SPI's for). That being the case, Debian also cannot attend Expos. It's always a case of individuals and/or organisations doing so on Debian's behalf. Cheers, Phil. signature.asc Description: OpenPGP digital signature