On Thu, May 02, 2024 at 10:37:57AM -0600, Trevor Howard wrote:

How do I unsubscribe from these emails?

On Wed, May 1, 2024 at 11:15 PM Andreas Tille <tille@debian.org> wrote:

Hi,

keeping my promise for monthly bits, here's a quick snapshot of my first ten days as DPL.

Special thanks to Jonathan for an insightful introduction that left less room for questions. His introduction covered my first tasks like expense approval and CTTE member appointments thoroughly. Although I made a
visible oversight by forgetting to exclude Simon McVittie <smcv> from
the list, whose term has ended[0], I'm committed to learning from this mistake. In future I'll prioritize thorough proofreading to ensure accuracy.

Part of my "work" was learning what channels I need to subscribe and
adjust my .procmailrc and .muttrc took some time.

Recently I had my first press interview. I had to answer a couple of prepared questions for Business IT News[1]. It seems journalists are always on the lookout for unique angles. When asked if humility is a new trait for DPLs, my response would be a resounding "No." In my
experience, humility is a common quality among DPLs I've encountered, including Jonathan.

One of my top priorities is reaching out to all our dedicated and
appointed teams, including those managing critical infrastructure. I've begun with the CTTE, Salsa Admins and Debian Snapshot. Everything
appears to be in order with the CTTE team. I'm waiting for response
from Salsa and Snapshot, which is fine given the recent contact.

I was pointed out to the fact that lintian is in an unfortunate state as Axel Beckert confirmed on the lintian maintainers list[2]. It turns out that bug #1069745 of magics-python should not have been undetected for
a long time if lintian bug #677078[3] would have been fixed. It seems obvious to me that lintian needs more work to fulfill its role as
reliably policy checker to ensure our high level of packaging quality.
In any case thanks a lot to Axel who is doing his best but it seems
urgent to me to find some more person-power for this task. Any volunteer to lend some helping hand in the lintian maintainers team?

On 2024-04-30 I gave my first talk "Bits from greenhorn DPL" online
at MiniDebConf Brasil in Belo Horizonte. The Q&A afterwards stired
some flavours of the question: "What can Debian Brasil do better?"
My answer was always in a way: Given your great activity in now
organising the fifth MiniDebConf you are doing pretty well and I have
no additional hints for the moment.

Kind regards
Andreas.

[0] https://lists.debian.org/debian-devel-announce/2024/04/msg00010.html [1] https://itwire.com/business-it-news/open-source/new-debian-leader-brings-an-unusual-trait-to-the-job-humility.html
[2] https://lists.debian.org/debian-lint-maint/2024/04/msg00010.html
[3] https://bugs.debian.org/677078
lintian: Check for Architecture: all in Perl, Python, Ruby etc. packages
Date: Mon, 11 Jun 2012 16:15:53 +0300

To unsubscribe from a list - say debian-devel-announce, send a message
to debian-devel-announce-REQUEST@lists.debian.org with the subject of

unsubscribe

This will then trigger a return email asking you to confirm unsubscription.
A reply to that should unsubscribe you.

Hope this helps,

Andy Cater
[amacater@debian.org]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Jun 01, 2024 at 09:52:32AM +0200, Andreas Tille wrote:

in connection with MiniDebConf Berlin there was some discussion about
what expense per attendee of some in person meeting is OK. Quoting
Chris Lamb from his "Bits from the DPL (March 2018)"[meet1]:

Debian is willing to reimburse up to 100 USD for expenses to attend Bug
Squashing Parties (BSPs). If there are no BSPs near to you, please help
organise one!

however, "costs to attend" are not the same as "costs while attending"...


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

I too often read "The planet is dying! 😱" It is not. The planet is adapting to what we're doing. There will always be a rich ecosystem on our planet.
But that ecosystem will adapt to the point where we no longer have a place in it. No, the planet is not dying. We are. (@KleineMaulwurf@troet.cafe)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmZdolIACgkQCRq4Vgaa qhykIxAAhONIChcsOzoaCY92AQj3rlkWxirPk7eEtRuZ68rhQWW3AWitBQw1XIjO 8OCjFb0nj9YbSo06L2fiR6+p8B+/X0pwXqnGLFXk48p91K++dyR5kD6UlBlnikc1 Q9SMEzR3Ck4Dnk/gAtzTMZxb+Lesslv/f88TbtBvZbHQp88vDMmik9dFJv+o5YSS X3UwcZ7Y4LbHKlxv75hgMCM5EcBLMIQoqTYDigXgvn0uU2I9iN6CIoqYvxCCuZJv /E5e+iIDJD3YaCzsOVVxtqQL7tdF6Mte5y7ocJ3LFDEZuQPrS1+We2UJ4Fwn7DJE nrJq6KKmuNudzG1prdP7JsX0ukSpHqpQFSJlapeb+2/NiOsebxnideTQHqiyxAsp
/DcCh

On Mon, 03 Jun 2024 11:00:34 +0000, Holger Levsen wrote:

On Sat, Jun 01, 2024 at 09:52:32AM +0200, Andreas Tille wrote:

in connection with MiniDebConf Berlin there was some discussion about
what expense per attendee of some in person meeting is OK. Quoting
Chris Lamb from his "Bits from the DPL (March 2018)"[meet1]:

Debian is willing to reimburse up to 100 USD for expenses to attend Bug
Squashing Parties (BSPs). If there are no BSPs near to you, please help
organise one!

however, "costs to attend" are not the same as "costs while attending"...

Also & related, https://wiki.debian.org/HostingBSP#Sponsorships says
(emphasis mine):

participants to a BSP can get a reimbursement of up to 100 USD for their
*travel fees*.

whereas the discussions around the MiniDebConf Berlin were about
sponsored food, IIRC.

Note that I'm not saying "Debian must pay for food for a week for
all people at any price, no matter what", just that "100 USD for
expenses" is not the same as "100 USD for their travel fees".

No big deal, just maybe a chance for clarification before the next
Debian event :)


Cheers,
gregor

--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`-

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmZd1GRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qgb1MhAAsd/bxHqYKtXeQKUZy1AJtGLUSLQMFrDjim7pPSKlGmkQw22D8wrnj//1 RUfYppZifKG+sPtw9Q5mEhvcH+qq/2iRdHO509+JjWj+O5v+J1Tv/hlw9/arSuyV 4yM6ia+FXuY2ohzFiH+YncDLk9FD4tKREgyMHC8A2GDy0nbgcS6CK5ak+e6mI/jP 1Z4+9ObxmxIZJpYEmEUZVAaDMPv9+DUFaR21KdsuWMZAlYXxzT41N/dM3pc5oCi8 ta6kObj2UfxNMoIK1lVfKrfB21MaHbGFThOw+d6zeu3t15oWv2edOZOuwEzM2DjG Om0oWcc8AR8PqwEI5a7sfReXd2gD3f5XG/Lvep4bxhALTX03TKjtLgffiE1QxP6R qWP/kEEUeIz7LhUGqxu2zgqXIbzwoNdpish7unAUB9RJ4J+hf36QhwAnLcrMVdRI I9OPI4gBOpiV+NxkzPz9G/8GN27jMj9uBcAczAbJQuuwbOdtj0lcCEKoH9YeigBS 5JpikTjhx7Ji1G2O1PA09rI4ZcE43LhNA3jxN7p2A4LJipt4FU/n+cHmhbsGp+HC CdWtR2EX8jqFDeFwkTRP8/jhDxgrn8Bpi1gHHYf9ap3CbX0EA4ZK8rEYqFRQ16e5 8cLRRje2XjNkcuP5+AE4CE8n3vLseeC3veontV2+8iVCHaIXx7I=
=fLKL
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am Mon, Jun 03, 2024 at 04:34:08PM +0200 schrieb gregor herrmann:

On Mon, 03 Jun 2024 11:00:34 +0000, Holger Levsen wrote:

however, "costs to attend" are not the same as "costs while attending"...

ACK.

Also & related, https://wiki.debian.org/HostingBSP#Sponsorships says (emphasis mine):

participants to a BSP can get a reimbursement of up to 100 USD for their
*travel fees*.

whereas the discussions around the MiniDebConf Berlin were about
sponsored food, IIRC.

Note that I'm not saying "Debian must pay for food for a week for
all people at any price, no matter what", just that "100 USD for
expenses" is not the same as "100 USD for their travel fees".

No big deal, just maybe a chance for clarification before the next
Debian event :)

The major friction point for MiniDebConf Berlin, in my opinion, was the
need to raise a large amount of funds at very short notice. This should
be avoided for future Debian events. My position is clear: I strongly
support in-person meetings and thus I will do my best enabling active contributors to attend. If financial limitations are a barrier for
active contributors, we should find ways to help. The amount of
financial support needed can vary greatly depending on the region where
the in-person meeting is happening. Therefore, please consider this as
a rule of thumb, not a fixed (upper or lower) limit. More importantly, organizers should strive for realistic cost calculations in advance and communicate any changes as soon as possible. Finally, securing sponsors
can be very helpful, and the probability of finding them is typically
higher in regions with higher overall costs.

Kind regards
Andreas.

--
https://fam-tille.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

See https://www.debian.org/MailingLists/unsubscribe

Trevor <debain420@gmail.com> wrote on 02/09/2024 at 20:42:08+0200:

Remove my email from all lists.

On Mon, Sep 2, 2024 at 9:24 AM Andreas Tille <tille@debian.org> wrote:

Dear Debian community,

this are my bits from DPL for August.

Happy Birthday Debian
---------------------

On 16th of August Debian celebrated its 31th birthday. Since I'm
unable to write a better text than our great publicity team I'm
simply linking to their article for those who might have missed it:

https://bits.debian.org/tag/birthday.html

Removing more packages from unstable
------------------------------------

Helmut Grohne argued for more aggressive package removal and sought
consensus on a way forward[ru1]. He provided six examples of processes
where packages that are candidates for removal are consuming valuable
person-power. I’d like to add that the Bug of the Day initiative (see
below) also frequently encounters long-unmaintained packages with popcon
votes sometimes as low as zero, and often fewer than ten.

Helmut's email included a list of packages that would meet the suggested
removal criteria. There was some discussion about whether a popcon vote
should be included in these criteria, with arguments both for[ru2] and
against[ru3] it. Although I support including popcon, I acknowledge that
Helmut has a valid point in suggesting it be left out.

While I’ve read several emails in agreement, Scott Kitterman made a
valid point[ru4]: "I don't think we need more process. We just need
someone to do the work of finding the packages and filing the bugs." I
agree that this is crucial to ensure an automated process doesn’t lead
to unwanted removals. However, I don’t see "someone" stepping up to file
RM bugs against other maintainers' packages. As long as we have strict
ownership of packages, many people are hesitant to touch a package, even
for fixing it. Asking for its removal might be even less well-received.
Therefore, if an automated procedure were to create RM bugs based on
defined criteria, it could help reduce some of the social pressure.

In this aspect the opinion of Niels Thykier[ru5] is interesting: "As
much as I want automation, I do not mind the prototype starting as a
semi-automatic process if that is what it takes to get started."

The urgency of the problem to remove packages was put by Charles
Plessy[ru6] into the words: "So as of today, it is much less work to
keep a package rotting than removing it." My observation when trying to
fix the Bug of the Day exactly fits this statement.

I would love for this discussion to lead to more aggressive removals
that we can agree upon, whether they are automated, semi-automated, or
managed by a person processing an automatically generated list
(supported by an objective procedure). To use an analogy: I’ve found
that every image collection improves with aggressive pruning. Similarly,
I’m convinced that Debian will improve if we remove packages that no
longer serve our users well.

[ru1] https://lists.debian.org/debian-devel/2024/08/msg00298.html
[ru2] https://lists.debian.org/debian-devel/2024/08/msg00362.html
[ru3] https://lists.debian.org/debian-devel/2024/08/msg00354.html
[ru4] https://lists.debian.org/debian-devel/2024/08/msg00314.html
[ru5] https://lists.debian.org/debian-devel/2024/08/msg00306.html
[ru6] https://lists.debian.org/debian-devel/2024/08/msg00320.html

DEP14 / DEP18
-------------

There are two DEPs that affect our workflow for maintaining
packages—particularly for those who agree on using Git for Debian
packages. DEP-14 recommends a standardized layout for Git packaging
repositories, which benefits maintainers working across teams and makes
it easier for newcomers to learn a consistent repository structure.

DEP-14 stalled for various reasons. Sam Hartman suspected[de2] it might
be because 'it doesn't bring sufficient value.' However, the assumption
that git-buildpackage is incompatible with DEP-14 is incorrect, as
confirmed by its author, Guido Günther[de3]. As one of the two key tools
for Debian Git repositories (besides dgit) fully supports DEP-14, though
the migration from the previous default is somewhat complex.

Some investigation into mass-converting older formats to DEP-14 was
conducted by the Perl team, as Gregor Hermann pointed out.[de4].

The discussion about DEP-14 resurfaced with the suggestion of DEP-18.
Guido Günther proposed the title[de5] 'Encourage Continuous Integration
and Merge Request-Based Collaboration for Debian Packages,' which more
accurately reflects the DEP's technical intent.

Otto Kekäläinen, who initiated DEP-18 (thank you, Otto), provided a good
summary of the current status[de6]. He also assembled a very helpful
overview of Git and GitLab usage in other Linux distros[de7].

[de1] https://dep-team.pages.debian.net/deps/dep14/
[de2] https://lists.debian.org/debian-devel/2024/08/msg00229.html
[de3] https://lists.debian.org/debian-devel/2024/08/msg00212.html
[de4] https://lists.debian.org/debian-devel/2024/08/msg00232.html
[de5] https://salsa.debian.org/dep-team/deps/-/merge_requests/8#note_520426
[de6] https://lists.debian.org/debian-devel/2024/08/msg00433.html
[de7] https://lists.debian.org/debian-devel/2024/08/msg00419.html

More Salsa CI
-------------

As a result of the DEP-18 discussion, Otto Kekäläinen suggested
implementing Salsa CI for our top popcon packages[ci1].

I believe it would be a good idea to enable CI by default across Salsa
whenever a new repository is created.[ci2]

[ci1] https://lists.debian.org/debian-devel/2024/08/msg00318.html
[ci2] https://lists.debian.org/debian-devel/2024/08/msg00370.html

Progress in Salsa migration
---------------------------

In my campaign, I stated[sm1] that I aim to reduce the number of
packages maintained outside Salsa to below 2,000. As of March 28, 2024,
the count was 2,368. Today, it stands at 2,187[sm2].

After a third of my DPL term (OMG), we've made significant progress,
reducing the amount in question (369 packages) by nearly half. I'm
pleased with the support from the DDs who moved their packages to Salsa.
Some packages were transferred as part of the Bug of the Day initiative
(see below).

[s1] https://lists.debian.org/debian-vote/2024/03/msg00057.html
[sm2] UDD query:
SELECT DISTINCT count(*) FROM sources WHERE release = 'sid' and vcs_url not like '%salsa%' ;

Bug of the Day
--------------

As announced in my 'Bits from the DPL' talk at DebConf[bd1], I started
an initiative called Bug of the Day[bd2]. The goal is to train newcomers
in bug triaging by enabling them to tackle small, self-contained QA
tasks. We have consistently identified target packages and resolved at
least one bug per day, often addressing multiple bugs in a single
package.

In several cases, we followed the Package Salvaging procedure outlined
in the Developers Reference[bd3]. Most instances were either welcomed by
the maintainer or did not elicit a response. Unfortunately, there was
one exception where the recipient of the Package Salvage bug expressed
significant dissatisfaction. The takeaway is to balance formal
procedures with consideration for the recipient’s perspective.

I'm pleased to confirm that the Matrix channel[bd4] has seen an increase
in active contributors. This aligns with my hope that our efforts would
attract individuals interested in QA work. I’m particularly pleased
that, within just one month, we have had help with both fixing bugs and
improving the code that aids in bug selection.

As I aim to introduce newcomers to various teams within Debian, I also
take the opportunity to learn about each team's specific policies
myself. I rely on team members' assistance to adapt to these policies. I
find that gaining this practical insight into team dynamics is an
effective way to understand the different teams within Debian as DPL.

Another finding from this initiative, which aligns with my goal as DPL,
is that many of the packages we addressed are already on Salsa but have
not been uploaded, meaning their VCS fields are not published. This
suggests that maintainers are generally open to managing their packages
on Salsa. For packages that were not yet on Salsa, the move was
generally welcomed.

[bd1] https://debconf24.debconf.org/talks/20-bits-from-the-dpl/
[bd2] https://salsa.debian.org/tille/tiny_qa_tools/-/wikis/Tiny-QA-tasks
[bd3] https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#package-salvaging
[bd4] https://matrix.to/#/#debian-tiny-tasks:matrix.org

Publicity team wants you
------------------------

The publicity team has decided to resume regular meetings to coordinate
their efforts. Given my high regard for their work, I plan to attend
their meetings as frequently as possible, which I began doing with the
first IRC meeting.

During discussions with some team members, I learned that the team could
use additional help. If anyone interested in supporting Debian with
non-packaging tasks reads this, please consider introducing yourself to
debian-publicity@lists.debian.org. Note that this is a publicly archived
mailing list, so it's not the best place for sharing private
information.

Kind regards
Andreas.

--
https://fam-tille.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Monday, September 2, 2024 11:23:30 AM EDT Andreas Tille wrote:
...

While I’ve read several emails in agreement, Scott Kitterman made a
valid point[ru4]: "I don't think we need more process. We just need
someone to do the work of finding the packages and filing the bugs." I
agree that this is crucial to ensure an automated process doesn’t lead
to unwanted removals. However, I don’t see "someone" stepping up to file
RM bugs against other maintainers' packages. As long as we have strict ownership of packages, many people are hesitant to touch a package, even
for fixing it. Asking for its removal might be even less well-received. Therefore, if an automated procedure were to create RM bugs based on
defined criteria, it could help reduce some of the social pressure.

...

Interesting perspective. This you?

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079816

Scott K

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Scott Kitterman <debian@kitterman.com> wrote on 04/09/2024 at 06:23:50+0200:

On Monday, September 2, 2024 11:23:30 AM EDT Andreas Tille wrote:
...

While I’ve read several emails in agreement, Scott Kitterman made a
valid point[ru4]: "I don't think we need more process. We just need
someone to do the work of finding the packages and filing the bugs." I
agree that this is crucial to ensure an automated process doesn’t lead
to unwanted removals. However, I don’t see "someone" stepping up to file >> RM bugs against other maintainers' packages. As long as we have strict
ownership of packages, many people are hesitant to touch a package, even
for fixing it. Asking for its removal might be even less well-received.
Therefore, if an automated procedure were to create RM bugs based on
defined criteria, it could help reduce some of the social pressure.

...

Interesting perspective. This you?

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079816

OoC, what is your point, especially considering the quote of your own
opinion Andreas made?

This just seems passive-aggressive, and the fact he stepped up once
doesn't mean he has the time or will to step up hundreds of times.

--
PEB

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEE5CQeth7uIW7ehIz87iFbn7jEWwsFAmbY3ZYPHHBlYkBkZWJp YW4ub3JnAAoJEO4hW5+4xFsL/IcP/R4pcSD9To7BeMy65NeOKBJ1/HBtGEj5dEuK ahamGrBLVWzBVmNEjPguS8egbFRBLuekynLBHm3+SUteYdm38+6NuShUWYerwXQV PO0hKZpjb6rlRRqHCLD/s1jRdwpUP3gwDDan7HmjfOn264pcP22z6sYQ4D313M4V ZX1+WImDbglTTbgGgPxmORbjVJYtBpb9B+yNdZrC7y/j72JL7AG5wD0xT4uU8Lod KR03LhgNsWeSl9xDJYqH2EM+VjAr4scoOw78gHe1e2lL2TkDyT5nhivtyD87XeeS pAIrdQpOaFZIBVsgvlCqerGs41Gsy0SZGfWxmAB8IoGYwkn7lj3MOPYv+R54uvYw cZh1AFcHgwvWHnT9tev2bz0/EwoZxg8kkHxgxJ6FmGspkMcm+i8MFhehTuYeGUYq 6L2i4i6ahtvcsZbMggKBHx5UXU4PqqTmGzPw0jj9vBU2fe73bIeL+35d6PkY5ZFi Md4amY1GnduGkFoSbQnymUS3SkFo6yJkhVtwFhW7UgJwENlg/ADDhqZVXobCYINT H/yfdSXm+vZZ/6PIGAozMCYckX0tAngk6i3n3DLifirhugzWYCXIdpX+oVOMBhN1 9XzzySGdBy/XzWZMTP1USuJZALa290MgxElxMsg1a7LRoo3628JLgJOolsl4DQkI
Smpkb7vE
=Y9bF
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wednesday, September 4, 2024 6:22:14 PM EDT Pierre-Elliott Bécue wrote:

Scott Kitterman <debian@kitterman.com> wrote on 04/09/2024 at 06:23:50+0200:

On Monday, September 2, 2024 11:23:30 AM EDT Andreas Tille wrote:
...

While I’ve read several emails in agreement, Scott Kitterman made a
valid point[ru4]: "I don't think we need more process. We just need
someone to do the work of finding the packages and filing the bugs." I
agree that this is crucial to ensure an automated process doesn’t lead >> to unwanted removals. However, I don’t see "someone" stepping up to file >> RM bugs against other maintainers' packages. As long as we have strict
ownership of packages, many people are hesitant to touch a package, even >> for fixing it. Asking for its removal might be even less well-received.
Therefore, if an automated procedure were to create RM bugs based on
defined criteria, it could help reduce some of the social pressure.

...

Interesting perspective. This you?

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079816

OoC, what is your point, especially considering the quote of your own
opinion Andreas made?

This just seems passive-aggressive, and the fact he stepped up once
doesn't mean he has the time or will to step up hundreds of times.

I think it's odd that he would talk about how hesitant people are to touch other packages when he in fact does it himself. I'm not sure who he thinks he's speaking for, clearly not himself.

I don't have statistics, but maintainer filed RM requests a pretty rare. My impression is it's only a small fraction of the total. I processed a lot of requests last night and almost none of the requests for package removal were from maintainers.

It probably was a little passive aggressive, but I don't appreciate the DPL using the Bits from DPL message to punch down like that. If he has a point to make to further the discussion, it should be made as part of the discussion. If he's only trying to bring the issue to the wider project's attention, then I don't think picking one person's opinion to disagree with in Bits is very appropriate.

FWIW, all an automated process would do is create work for the FTP Team. Those I would feel I have to scrutinize even more closely than ones filed by a human since no one has given it a sanity check before it gets to the FTP Team to process.

Scott K

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Following what I wrote on removals and the discussion on DEP 18, I think
that the following would be very neat:

- Packages are on Salsa,
- moving the source repository to a special group called 'removed'
removes the package from Unstable.
- reverting the move of the source repository reverts the removal.
- people with insufficient privileges ask for removal with a Salsa
issue.
- people abusing the system get signalled to the community team who
can propose the people to be reomoved from Salsa by the Salsa admins
or from Debian by the DSA.

Unfortunately, architecture-specific removals can not be done under
this pattern, but maybe it could be automated that anything depending
on architecture-is-64-bit gets removed from i386, armel and armhf for
instance?

Have a nice day,

Charles

--
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from home https://framapiaf.org/@charles_plessy
- You do not have my permission to use this email to train an AI -

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

Am Wed, Sep 04, 2024 at 11:29:39PM -0400 schrieb Scott Kitterman:

On Wednesday, September 4, 2024 6:22:14 PM EDT Pierre-Elliott Bécue wrote:

OoC, what is your point, especially considering the quote of your own opinion Andreas made?

This just seems passive-aggressive, and the fact he stepped up once
doesn't mean he has the time or will to step up hundreds of times.

I think it's odd that he would talk about how hesitant people are to touch other packages when he in fact does it himself. I'm not sure who he thinks he's speaking for, clearly not himself.

I did it *after* someone with insight into the topic gave the according hint[1].
So the sequence was:
1. I filed ITS
2. Someone with insight suggested removal
3. Reassigned ITS to RM
I personally see some difference between this sequence and a straight asking for
removal.

I don't have statistics, but maintainer filed RM requests a pretty rare. My impression is it's only a small fraction of the total. I processed a lot of requests last night and almost none of the requests for package removal were from maintainers.

You are definitely the expert about package removals.

It probably was a little passive aggressive, but I don't appreciate the DPL using the Bits from DPL message to punch down like that. If he has a point to
make to further the discussion, it should be made as part of the discussion.

My intention was to highlight interesting contributions to the entire discussion. If phrases like 'Scott Kitterman made a valid point' and 'I
agree' came across as dismissive, I sincerely apologize—that was not my intent. I genuinely valued your point, and I added my own suggestion
"based on defined criteria, it could help reduce some of the social
pressure."

Item 2. above could possibly be such a criterion, since you pointed to
this actual example.

If he's only trying to bring the issue to the wider project's attention, then I don't think picking one person's opinion to disagree with in Bits is very appropriate.

I'm sorry if there was any misunderstanding, but I'm unsure how my
message gave the impression that I disagreed. Could you clarify which
part led you to this conclusion? Also, just to clarify, I avoid using
sarcasm in electronic communication, especially in Bits from the DPL, as
it often doesn't translate well.

FWIW, all an automated process would do is create work for the FTP Team. Those I would feel I have to scrutinize even more closely than ones filed by a
human since no one has given it a sanity check before it gets to the FTP Team to process.

I need to trust you here as the one who is doing the work. The
discussion also was about a semi-automatic process which. Do you have
some opinion about this?

Kind regards
Andreas.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079816#8

--
https://fam-tille.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On September 5, 2024 3:39:35 PM UTC, Andreas Tille <andreas@an3as.eu> wrote: >Hi,

Am Wed, Sep 04, 2024 at 11:29:39PM -0400 schrieb Scott Kitterman:

On Wednesday, September 4, 2024 6:22:14 PM EDT Pierre-Elliott Bécue wrote: >> >

OoC, what is your point, especially considering the quote of your own
opinion Andreas made?

This just seems passive-aggressive, and the fact he stepped up once
doesn't mean he has the time or will to step up hundreds of times.

I think it's odd that he would talk about how hesitant people are to touch >> other packages when he in fact does it himself. I'm not sure who he thinks >> he's speaking for, clearly not himself.

I did it *after* someone with insight into the topic gave the according hint[1].
So the sequence was:
1. I filed ITS
2. Someone with insight suggested removal
3. Reassigned ITS to RM
I personally see some difference between this sequence and a straight asking for
removal.

I don't have statistics, but maintainer filed RM requests a pretty rare. My
impression is it's only a small fraction of the total. I processed a lot of
requests last night and almost none of the requests for package removal were
from maintainers.

You are definitely the expert about package removals.

It probably was a little passive aggressive, but I don't appreciate the DPL >> using the Bits from DPL message to punch down like that. If he has a point to
make to further the discussion, it should be made as part of the discussion.

My intention was to highlight interesting contributions to the entire >discussion. If phrases like 'Scott Kitterman made a valid point' and 'I >agree' came across as dismissive, I sincerely apologize—that was not my >intent. I genuinely valued your point, and I added my own suggestion
"based on defined criteria, it could help reduce some of the social >pressure."

Item 2. above could possibly be such a criterion, since you pointed to
this actual example.

If he's only trying to bring the issue to the wider project's attention, then
I don't think picking one person's opinion to disagree with in Bits is very >> appropriate.

I'm sorry if there was any misunderstanding, but I'm unsure how my
message gave the impression that I disagreed. Could you clarify which
part led you to this conclusion? Also, just to clarify, I avoid using
sarcasm in electronic communication, especially in Bits from the DPL, as
it often doesn't translate well.

Thanks for the clarification. I read it as I said something and you disagree (since you proposed something different). I think it's inherently abusive for a person in a position of power (DPL speaking as DPL, e.g. in Bits from the FPL) to leverage that
position against someone who is not similarly situated, which is how it came across to me.

I'm willing to assume good faith and accept that was not your intention. It's in the past.

FWIW, all an automated process would do is create work for the FTP Team. >> Those I would feel I have to scrutinize even more closely than ones filed by a
human since no one has given it a sanity check before it gets to the FTP Team
to process.

I need to trust you here as the one who is doing the work. The
discussion also was about a semi-automatic process which. Do you have
some opinion about this?

I don't have any problem with a process that suggests to people doing QA work in Debian that package removal might be appropriate based on some criteria. I don't think that such a semi-automatic process relives the person filing the RM bug from engaging
their brain to decide if it makes sense.

I can see how having such a tool that used criteria that has been socialized within the project to some degree might reduce social pressure to not file the bug. More people working on QA is always good.

Scott K

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

(non-subscriber; please keep me in CC whenever reply to this)

ma 2.12.2024 klo 18.33 Andreas Tille (tille@debian.org) kirjoitti:

Attracting newcomers
--------------------

In my own talk[mt3], I regret not leaving enough time for questions--my apologies for this. However, I want to revisit the sole question raised, which essentially asked: Is the documentation for newcomers sufficient
to attract new contributors? My immediate response was that this
question is best directed to new contributors themselves, as they are in
the best position to identify gaps and suggest improvements that could
make the documentation more helpful.

That said, I'm personally convinced that our challenges extend beyond
just documentation. I don't get the impression that newcomers are lining
up to join Debian only to be deterred by inadequate documentation. The
issue might be more about fostering interest and engagement in the first place.

My personal impression is that we sometimes fail to convey that Debian
is not just a product to download for free but also a technical
challenge that warmly invites participation. Everyone who respects our
Code of Conduct will find that Debian is a highly diverse community,
where joining the project offers not only opportunities for technical contributions but also meaningful social interactions that can make the effort and time truly rewarding.

In several of my previous talks (you can find them on my talks page[mt4]--just search for "team," and don't be deterred if you see
"Debian Med" in the title; it's simply an example), I emphasized that
the interaction between a mentor and a mentee often plays a far more significant role than the documentation the mentee has to read. The key
to success has always been finding a way to spark the mentee's interest
in a specific topic that resonates with their own passions.

From personal experience, jumping through hoops to become a DD, or

even just a DM, in a situation where I only maintain a handful of
packages and randomly contribute patches to other packages (or
overhaul the packaging before handing the package over to its next
maintainer) simply hasn't been worth the troubles. The key problem
precisely is that free software development is presented as technical challenges to overcome. As amazing as it might sound, some of us would
rather focus on using the software for daily tasks and only resort to
packaging or patching code because we have an immediate need to
address so that we can move on with our life, and we just happen to be
using Debian on our hardware.

Martin-Éric

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-12-02 19:09:33 +0200 (+0200), Martin-Éric Racine wrote:

(non-subscriber; please keep me in CC whenever reply to this)

ma 2.12.2024 klo 18.33 Andreas Tille (tille@debian.org) kirjoitti:

Attracting newcomers

[...]

From personal experience, jumping through hoops to become a DD, or
even just a DM, in a situation where I only maintain a handful of
packages and randomly contribute patches to other packages (or
overhaul the packaging before handing the package over to its next maintainer) simply hasn't been worth the troubles.

[...]

I'll just say you're not alone. I've been around the Debian
community since pre-Y2K and, if I'd cared, could probably have been
a DD rather easily when the requirements were little more than say
'hi' and have enough DD signatures on your key. I've been
maintaining packaged software in Debian, albeit minimally, through
an uploading sponsor for about two decades. These days I'm on the
board of directors for SPI, but I'm still not a DD (nor even a DM).

Would I bother to go through NM now if the process were more simplified/streamlined? Maybe, but probably not. As you noted,
priorities matter and it's entirely possible to be involved in
Debian without that (depending on what exactly you want to do of
course). There's quite a lot that doesn't require upload permissions
in the archive, and also quite a lot of amazing people with upload
permissions who are happy to help on the occasions it's needed.
--
Jeremy Stanley

-----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEEl65Jb8At7J/DU7LnSPmWEUNJWCkFAmdODupfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk3 QUU0OTZGQzAyREVDOUZDMzUzQjJFNzQ4Rjk5NjExNDM0OTU4MjkACgkQSPmWEUNJ WCmWCRAA1xRG33D5ixG0XpbKGNSqgGvXdfYVjjCN8avqL7Ozj/BegRms/fwtW92g aLrazjrm+kQhAsz4+m1LLHBTrGzP+MG5Nd4+NBQoQf5aetChyRroIp+Erdrq6zgL l9fEuGRrOjDDFIg7nPvsq+rlyrvqJZmsLjtlJVu5TWrXIbFVIiw1cfbwkCPNNJKQ iaSWwJGY1O6Go7RLXbFl9PDhCq+z86wYw3Er7U4CGjivyXEmzJ9r+Nqa2Fmw4qO9 ssZq0QS69/3WZrty9Gq4RQMQ/NrjUWyyaAPD1uwaP1rOOu3YRwKUUtNLa5sYLfA5 z5j+vcCltPJZURn68I+afyWzWwWj/uRndTdLYeBBCFuVRgBhc7bybUSENUTLwO6Z 8CBSjmwDpKmU+08AMpLyZyhUpWXgTyuiRa+GZvRj+tlopC6r/ekMb00D9iVNW6Y0 bxEzxIFAoenSziVGCIgaHRD4g1uMg8nIs9pZuwTMGwSrVc/B7Lc9dNQxeOMrBu1i WgneIiDMSenfY2zJHQC/9W6S1grWYf5xH8bZodM/vV1Rz614fRlCa40iMaa8LJll 0+R6XQMwokWKR4h/c8uZUXS1ESi/eC+4pKf7E+FA/DHcLF/C3P8q5BmEgGJh5HyL s5ovgemWjXRJWi36cQa897W2XR8++maDIw1PtNiMOtSduRUCQLo=
=7GJA
-----END PGP SIGNATURE-----

--- SoupGate-Win32

XPost: linux.debian.devel.mentors
Copy: debian-mentors@lists.debian.org (Debian Mentors)

On Monday, December 2, 2024 9:32:27 AM MST Andreas Tille wrote:

Attracting newcomers
--------------------

In my own talk[mt3], I regret not leaving enough time for questions--my apologies for this. However, I want to revisit the sole question raised, which essentially asked: Is the documentation for newcomers sufficient
to attract new contributors? My immediate response was that this
question is best directed to new contributors themselves, as they are in
the best position to identify gaps and suggest improvements that could
make the documentation more helpful.

That said, I'm personally convinced that our challenges extend beyond
just documentation. I don't get the impression that newcomers are lining
up to join Debian only to be deterred by inadequate documentation. The
issue might be more about fostering interest and engagement in the first place.

I think one of the best things we could do to attract new contributors, and to encourage those who are currently Sponsored Maintainers to become Debian Maintainers, and those who are current Debian Maintainers to become Debian Developers would be to create an official DPL Mentors Delegation. This would build on the excellent work Phil Wyett is currently doing as the unofficial Mentors Triage.

Too many contributors prepare a Debian package, submit it to Mentors, and then never have it reviewed and sponsored by a Debian Developer. This can be highly demotivating for the contributor. I think that having a team of Debian Developers dedicated to reviewing every package submitted to Mentors would do more to encourage more contributions to Debian, and more people becoming Debian Maintainers and Debian Developers, than anything else I could name.

In my own case, I was lucky enough that my first contribution to Mentors caught
the eye of a Debian Developer who responded in a timely fashion and mentored me through the process of getting the package into shape for sponsorship. At the time, I assumed such a response was common for every submission. It was only later that I discovered that my experience was the exception.

Shortly after becoming a Debian Developer, I tried to make a contribution to Guix. With each submission, there was a long delay without any response. Each person who did eventually respond suggested some change, which was quickly made. However, the person making the suggestion then didn’t respond,
and much time passed before a different person responded with a different suggestion. Eventually, I just gave up and the submission was never merged.

Unfortunately, I think that many contributor’s experiences with Debian are closer to what I experienced with Guix than what I experienced with Debian. If we can change that, I think we would see an influx of contributions to the project.

--
Soren Stoutner
soren@debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmdOW6oACgkQwufLJ66w tgOpvw//bQpoDKsUnZeVwA3612C3Qb4TI01KWJceg0+dDweN/sI/3RGV7j9uM5zV gFJZPNhidCmqnXdfVWWcI6IWkxhh2EweOihXZOSR2SFpPNauOsUalWY+mPoHVA9A in1KYUaeZjFjFoc9XDeDUE3giwMK6YuvnShkQ3yO+6pMMWC7WMZjdPqVm8r7FkD2 5sdIkmjbhUCj6MOyFuEFVsRq1qACP+5OUX/1yujsJWc7PLSLpw7NrKme0T0IIQwK SUwvYDRjW6b1C5SXl9tzXQPfZVpJcNJaRrZw7ICqGYGvPZLP2rptZyvjnWVOu3cn 4gxRWF2yoqiLZ6qPXakugyoeJpWKe0ZsaiJmLzmC70mEW18BCW0TUaxFNi8iXSkh pr35l8p0vw+D7NKwvHu4bpcZhrMygyDGr5CWvrg6jxbxWAb04G/uI3PT714HgtrC 4zx/EnQZHGuReN8JgFfFbrTroPVZ4yhpGsMSr7vgaJDSBCfw720IOvoi1aWIUUDq KMmBOO7YuBjl52sH//1vCbP0jD6eaY1FFziC1nT+vqBnGcMUfOZTHcKn95BBe2JZ IEUYpahb/lnghJCtTW9NgWxr3K9HjOHtmNi3m3NdBLgmG19+4N6SBJRQCb5DmuxK FePc+twEsQPwyUlidvWY9x0PDhIYLu/jqTZj0EhVSC7bAs8kGz8=
=c8/W
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Dec 03, 2024 at 09:56:44AM +0200, Martin-Éric Racine wrote:

Would I bother to go through NM now if the process were more simplified/streamlined? Maybe, but probably not. As you noted,
priorities matter and it's entirely possible to be involved in
Debian without that (depending on what exactly you want to do of
course). There's quite a lot that doesn't require upload permissions
in the archive, and also quite a lot of amazing people with upload permissions who are happy to help on the occasions it's needed.

The fallacy is to assume that just because someone contributed a
patch, their next step is to quit their dayjob and become a full-time contributor.

I don't think "get upload rights to do the same thing but in an easier
way" is related to what you wrote.

Though I can see a point in this: if you can upload directly, we
implicitly assume you also have sufficient knowledge to upload a correct
thing, and that requires being uptodate on requirements and practices.
(This is not true for many DDs, unfortunately, but it's implicitly
assumed)

This also reminded me of another assumed thing: when someone is a sole maintainer of some package, we assume that that person cares about that package, expect certain commitment from that person and raise certain
barriers between the package and other people. At the same time, many maintainers who in your words did not "quit their dayjob and become a
full-time contributor" touch the package less often than expected and may
even discard and forget it, without doing any official steps to record
that fact in the project. This is sometimes a problem.

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmdOxh0tFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh 3coP/RFxYdwdNjIaDeZtSRCeFSgj+TYZfSwIgt1HeWl3XHOVUjWSyGHqBDxZI+Ju Q/kLetSldxLK5silFcxOnH4B8o7ayOcAZ92VU0IAZmgCvx9YsH8o9j+Olm6uKYGo 53gFWtsAVU6rxhEQB5OG6A3ByR5NzRcHkaQ5jZSUfoQYgpdLQEg3UKGYfRnn/O2W 2Gs7q5yyIvBsep758gRSjyjtzQZg55+ou8jsIEA/zyBeWnnDcHTkUbgJudfGx+qt g66vC+0txgJ+J924O/DsP7273x4Y5Ji067KVfrgXPY9yHo8Fz90p/uM14t1wsLiq abZ9Mm/7QNCj1cs3vb86P2MBZ8ElGtRbi01+XXkIg/EjBtZiGRJsQ/A3Q1su85Xb GRvZBpNr4BMV2Uqf7zNYqdaKvCb4VP9/obn9S496+z7yTClUWwRp1PATXmWN2NT7 qUBSZ8MyWS5+0XDO1hqEQumHzKjWAm5O5A0ufhX/7Np5yzyE7M/Mq8kECOCcoiDu GFIrZplsaLZKnDMVcUo+0ZaQeEp+37EX4JDRAQT6MyX0u10hy9F9ZAOnEuBFnhLi /2JYuxnGiSIEQPAADFxRuhsa+kl5KkyDyAhIc+fe8PITpMCxoz1KatvL0TXIgAMb p5FJyfmtnIDp00/ol4590poDtp0cpL+q7HpDwok0CkBMkBII
=7D+O
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

ma 2.12.2024 klo 21.48 Jeremy Stanley (fungi@yuggoth.org) kirjoitti:

On 2024-12-02 19:09:33 +0200 (+0200), Martin-Éric Racine wrote:

(non-subscriber; please keep me in CC whenever reply to this)

ma 2.12.2024 klo 18.33 Andreas Tille (tille@debian.org) kirjoitti:

Attracting newcomers

[...]

From personal experience, jumping through hoops to become a DD, or
even just a DM, in a situation where I only maintain a handful of
packages and randomly contribute patches to other packages (or
overhaul the packaging before handing the package over to its next maintainer) simply hasn't been worth the troubles.

[...]

I'll just say you're not alone. I've been around the Debian
community since pre-Y2K and, if I'd cared, could probably have been
a DD rather easily when the requirements were little more than say
'hi' and have enough DD signatures on your key.

The days when having enough signatures on your key and knowing Elmo on
IRC. I remember.

Would I bother to go through NM now if the process were more simplified/streamlined? Maybe, but probably not. As you noted,
priorities matter and it's entirely possible to be involved in
Debian without that (depending on what exactly you want to do of
course). There's quite a lot that doesn't require upload permissions
in the archive, and also quite a lot of amazing people with upload permissions who are happy to help on the occasions it's needed.

The fallacy is to assume that just because someone contributed a
patch, their next step is to quit their dayjob and become a full-time contributor. I keep on thinking of Con Kolivas, who contributed a very
popular Linux kernel patch while working as a paramedic. He didn't
quit his dayjob. Worse, once it became clear that his immensely
popular patch didn't fit the server-centric focus that prevailed on
the LKML back then, he stepped back from software development
altogether. I did something similar with Debian. I still primarily use
Debian, I still maintain a decreasing number of packages but,
otherwise, I really don't have the patience for ever trying NM again
and, quite frankly, I purposely keep my distances from Debian politics
and simply shake my head in disgust whenever yet another inconsiderate
decision impacts the life of rank-and-file users.

Martin-Éric

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.devel.mentors

Soren Stoutner <soren@debian.org> writes:

On Monday, December 2, 2024 9:32:27 AM MST Andreas Tille wrote:

Attracting newcomers
--------------------

In my own talk[mt3], I regret not leaving enough time for questions--my
apologies for this. However, I want to revisit the sole question raised,
which essentially asked: Is the documentation for newcomers sufficient
to attract new contributors? My immediate response was that this
question is best directed to new contributors themselves, as they are in
the best position to identify gaps and suggest improvements that could
make the documentation more helpful.

That said, I'm personally convinced that our challenges extend beyond
just documentation. I don't get the impression that newcomers are lining
up to join Debian only to be deterred by inadequate documentation. The
issue might be more about fostering interest and engagement in the first
place.

I think one of the best things we could do to attract new contributors, and to
encourage those who are currently Sponsored Maintainers to become Debian Maintainers, and those who are current Debian Maintainers to become Debian Developers would be to create an official DPL Mentors Delegation.

I dont disagree with anything you wrote, but i think people are looking
at "Needs a DD to make the process work" and assuming that the only
solution is to increase the number of DDs. But the process itself can
also be changed.

at least some of the feedback so far is that people want to contribute
without having to be a DD

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.devel.mentors
Copy: debian-mentors@lists.debian.org (Debian Mentors)

On Wednesday, December 4, 2024 2:30:05 PM MST Richard Lewis wrote:

Soren Stoutner <soren@debian.org> writes:

On Monday, December 2, 2024 9:32:27 AM MST Andreas Tille wrote:

Attracting newcomers
--------------------

In my own talk[mt3], I regret not leaving enough time for questions--my
apologies for this. However, I want to revisit the sole question raised, >> which essentially asked: Is the documentation for newcomers sufficient
to attract new contributors? My immediate response was that this
question is best directed to new contributors themselves, as they are in >> the best position to identify gaps and suggest improvements that could
make the documentation more helpful.

That said, I'm personally convinced that our challenges extend beyond
just documentation. I don't get the impression that newcomers are lining >> up to join Debian only to be deterred by inadequate documentation. The
issue might be more about fostering interest and engagement in the first >> place.

I think one of the best things we could do to attract new contributors,

and

to encourage those who are currently Sponsored Maintainers to become

Debian

Maintainers, and those who are current Debian Maintainers to become Debian Developers would be to create an official DPL Mentors Delegation.

I dont disagree with anything you wrote, but i think people are looking
at "Needs a DD to make the process work" and assuming that the only
solution is to increase the number of DDs. But the process itself can
also be changed.

at least some of the feedback so far is that people want to contribute without having to be a DD

That is true. Not everyone who wants to contribute to Debian would like to become a Debian Maintainer or a Debian Developer. And we want to make sure that we always have a welcoming environment for such contributions.

But my personal experience working with people making contributions to Debian Mentors is that more than half of them do have interest in becoming a Debian Maintainer or a Debian Developer, but are stymied in the process along the
way. When thinking about increasing the number of Debian Developers, I consider these people to be the low-hanging fruit. They have already
expressed a desire to contribute to Debian. They have already put forth
enough effort to do some level of packaging and upload it to mentors.debian.net. They often need some further technical guidance (I certainly did). But it would take a lot less effort to get them over the hump than it would to start fresh with someone who has no exposure to Debian, which is where it seems that the majority of our recruitment efforts focus.

--
Soren Stoutner
soren@debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmdQzS8ACgkQwufLJ66w tgMyvg//VjbO80BmjU62PJdMfbPYYtA8a+qjIImGHWJvkqeugvmxpywNP1i9xNO7 oksrar266rEN3MZJrBuFm/cCz+b3LVVFvsS8cJ+ke6w84Rsv57tx/cXZ26ku1tHh GQz2xUxCjdwt2x9+n3R/C2fuSZng2KDOBM/wGP1e3E9JxCd+QZuU+O7KXTdDNXhb qxTWiDWpLhOeJZLwxR/H39IKRYNidr5DjRFvDy1Y3MB+gLxVnXnwvuIolpI/cCKT t538IWpPmDhbFc3pxAXQqpM0e3L0MHaLPh2la4GGGmThwNirQbmUtQIDStQYa0Sd AckhU+mFCqgB2Z8y3MZmwqFa/zN/l8892M7Fk7gLWbw67ExRdb7o+99bT7grffTO +fTa/t0wPZY449xBVyXIjgJszF15laKQbi/M7wR/OftjVV+4w1OKpyGzKq9FVhwU ut6JBTrPhpQ58Reux45yj3rz6BlnJMOfDsZnrmNlddJgdgXSqXGDnft29O7FHwHc cuLQZHrRPO7pMWB6+d3phCOf426N70qQQZYdO5pKFtkKScrytmCi7zgMKSqO+0vh PqlAZb9v7i8XylYLDAJNZqBN6dfBDLkOSceCbAtjeojSeEHNttKUjvQ/wtmQji0T I8OupQJlfceyuA0KO6B02ZCxYJvkN3IgJo84rzaWIIqk15+tcGY=
=kwvt
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi!

Number of packages not on Salsa
-------------------------------

In my campaign, I stated [os1] that I aimed to reduce the number of
packages maintained outside Salsa to below 2,000. As of March 28, 2024,
the count was 2,368. As of this writing, the count stands at 1,928
[os2], so I consider this promise fulfilled. My thanks go out to
everyone who contributed to this effort. Moving forward, I’d like to set
a more ambitious goal for the remainder of my term and hope we can
reduce the number to below 1,800.

[os1] https://lists.debian.org/debian-vote/2024/03/msg00057.html
[os2] UDD query:
SELECT DISTINCT count(*) FROM sources WHERE release = 'sid' and vcs_url not like '%salsa%' ;

For a slightly bigger window of context, note that non-Salsa hosted
packages in 2023 hovered around 2600-2500, and starting from April
2024 it has been going down rapidly, reaching1928 as your latest
figure shows. I am glad to see this progressing.

20230701 2596
20230801 2577
20230901 2549
20231001 2550
20231101 2570
20231201 2564
20240101 2542
20240201 2542
20240301 2538
20240401 2524
20240501 2439
20240601 2349
20240701 2296
20240801 2274
20240901 2221
20241001 2180
20241101 2117
20241201 1990

Hopefully DEP-18 in
https://salsa.debian.org/dep-team/deps/-/merge_requests/12 can be
finalized in early 2025 and help foster a culture of collaboration,
where it is easy to contribute to any package, in which being hosted
on salsa.debian.org is a key advantage.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am Tue, Jan 07, 2025 at 10:46:25AM +1100 schrieb Stuart Prescott:

Without seeking to rain on the parade, that query is only the packages that list a non-salsa VCS. That's not counting the packages that don't list a VCS at all and therefore are also maintained outside salsa:

udd=> SELECT COUNT(DISTINCT source) FROM sources WHERE release = 'sid' AND vcs_url IS NULL;
count
-------
2008

That's a very valuable hint. Thank you.

(both SQL "LIKE" and "NOT LIKE" don't match NULL values; there 2030 source packages in UDD that match but only 2008 distinct ones)

So for completeness:

udd=> SELECT COUNT(DISTINCT source) FROM sources WHERE release = 'sid' AND (vcs_url IS NULL OR vcs_url NOT LIKE '%salsa%');
count
-------
3906

Lets think about some better fine tuning. "NOT LIKE '%salsa%'" might
catch also Vcs URLs that are intentionally somewhere else. While I'd
love to see all packages on Salsa, it might be sensible to start with
packages that are unintentionally not in Salsa so

udd=> SELECT COUNT(DISTINCT source) FROM sources WHERE release = 'sid' AND (vcs_url IS NULL OR vcs_url like '%alioth%' OR vcs_url like '%git.debian.org%' OR vcs_url like '%svn.debian.org%') ;
count
-------
2213

That might make a real challenge to bring that number below 2000 until
end of my term. Any help to approach this is welcome.

Thanks again for the hint
Andreas.

--
https://fam-tille.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 2025-01-07 20:03, Andreas Tille a écrit :

While I'd love to see all packages on Salsa

I think that being able to host the primary git repository of packages elsewhere is a freedom worth maintaining for many reasons.

What the Debian Project could (and probably should) do in these cases is
to host a read-only mirror of the repository with most features disabled
by default (no issues, no merge requests, no CI unless the maintainers
switch them on), just keeping the possibility to fork the repository.
This would mitigate the risk that the repository just vanishes, maybe
help to alleviate some scaling issues like API rate limits on some
platforms, and make it easier for would-be contributors to maintain a
public fork for the platforms that make it complicated or impossible or
have unreasonable ToS.

Cheers,

--
Julien Plissonneau Duquène

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Jan 07, 2025 at 09:24:54PM +0100, Julien Plissonneau Duquène wrote:

Le 2025-01-07 20:03, Andreas Tille a écrit :

While I'd love to see all packages on Salsa

I think that being able to host the primary git repository of packages elsewhere is a freedom worth maintaining for many reasons.

What the Debian Project could (and probably should) do in these cases is to host a read-only mirror of the repository with most features disabled by default (no issues, no merge requests, no CI unless the maintainers switch them on), just keeping the possibility to fork the repository. This would mitigate the risk that the repository just vanishes, maybe help to alleviate some scaling issues like API rate limits on some platforms, and make it easier for would-be contributors to maintain a public fork for the platforms that make it complicated or impossible or have unreasonable ToS.

Hm. That sounds interesting, but I think the Debian project cannot
protect such a mirror from automatically bringing in non-DFSG content
that appears in the remote repository. One might even take this one step further and go to content forbidden by law in various jurisdictions.

Having a Git forge where developers (who have manually created accounts and agreed to terms of use) will always choose what to push and what not to
push takes care of this problem, or at least moves the responsibility on
to the developers themselves. An automatic mirror cannot do that.
(and no, even if one says "well the responsibility is on the developer who first marked that remote repo for mirroring", no, I don't think there is
a way that developer can know that, two weeks later, somebody will push
bad stuff there)

G'luck,
Peter

--
Peter Pentchev roam@ringlet.net roam@debian.org peter@morpheusly.com
PGP key: https://www.ringlet.net/roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmd9lBEACgkQZR7vsCUn 3xMRCw//T/FRalDcCZD1eRALAtF4C/DPlXcM4dEte7zif5UmjM7BpRDkYlsjbVdE BIUAGGu1fDLoXNFzIIWvdrtPDLcScLeOKxR8YE2RABtr7aSvhhSawWiLgTymr1re aM/1X9xkoSkdxWm3fn9dAv2sKnbnn4mMMFePLktlk1CO1nHTofmWg8G6aJXidkpc y+MJ9R79zCUuK/Vd/00ZHzn9zJRvIaAXmS3Mza679qaNdwhf2JcINm5pn4h5pPEm rs1Mi9q7xNdmCmvR0eEDmhMWTTQqJFX7xWjcXUEKNVCE51SdP95DOe5hunhPjpIg 3mRU35giGKSxzU9iWmVREkVRlW5gKO3O4/H+GaXk48TvsLZ7/6aiQtI5lyrYNYCA JHlXFryHWR3fl/OE+lw6+/Nx9eK+Oim1jf8qk2SF90awW3Lv5tj16nY4+7vNmkuH Oxl5duvlzE2UgJHfltzmvhMo01xXrBzpyAVB4q1QwRe3cTqARtO5KQgsiaV/aMUe IHwRnDFrwXbmI8rLn0PoksNGanErhVGaPwr5nh3RtEt05+OpLizgq7HFaqW/Whll pD9c6Pi4b4AnLFDEDowCkD5A4oSR9Z3UspdW0gmCzQJlQG2JTzl6jTywphlTguHE gbayG+o9jJubwr3UXGo3uzff0y07WmFUeU/rnTLrHeCv0Gl3uuM=
=kXZg

On 2025-01-07 21:24:54, Julien Plissonneau Duquène wrote:

Le 2025-01-07 20:03, Andreas Tille a écrit :

While I'd love to see all packages on Salsa

I think that being able to host the primary git repository of packages elsewhere is a freedom worth maintaining for many reasons.

No, I don't think this is a good idea, and at my first thought, I
personally don't see any practical reasons.

You can always keep _another_ copy on another git repository, either by client-side push to both salsa and your server, or by making salsa push automatically to your server - your choice. But having the main
repository on Salsa for all packages gives tremendous advantages.

So, from my side, +1 to "all Salsa".

regards,
iustin

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2025-01-07 23:21:36 +0100 (+0100), thomas@goirand.fr wrote:
[...]

I don't think we should continue to allow the "freedom" to be
annoying for every other contributors. Even if there may be some
"technical excuses" to do so.

That's fair. I maintain a package of a project where I eventually
moved the upstream codebase into revision control but have been too lazy/distracted to do the same for the debian directory (which I
realistically only update once every year or two). I'm committed to
importing that into Salsa eventually, it's just a question of when
I'll find the time.
--
Jeremy Stanley

-----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEEl65Jb8At7J/DU7LnSPmWEUNJWCkFAmd9rY1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk3 QUU0OTZGQzAyREVDOUZDMzUzQjJFNzQ4Rjk5NjExNDM0OTU4MjkACgkQSPmWEUNJ WClxiQ/+KA/mMwrJhZW/nHTyQDAbQ32xNyqPUAMgS5h2F4j3Kgft8XJYON7bm/Z9 4mE8A2JTQqEER8GIMgYIhtu21Z7uKDM5CmEaEHfxN6i7jmb00undMNLNYQV6BMQU u8q9iVdyz6TBsRv5QmF/eqkORQhXBGKCow5HJcSxRqZjy8x8j4Nx9yOFdVXRGeIY 0+3z5627KRliST3g4fkeVo3+hoIg/umvuTGwTr8AOHHYCUuVXIZDuUgo+JAnKMr/ QXzT8jZj4VQQSUNI2wprQDJr+N8Kxut+xcG57Mp7Vp99ntnLd6SFJ5Qo4YdPChiC p+dXEaaj1F3Fm0L+HA12colq47JAkCFQOolX0PoDB9JbzQt4H17HlGRbgSZb/sVu oGHiL+aDHM6oKZnF6SW5XtFly3Bv6p7pX/QBnUzQAU/yE96Rn1fnQeblvpylV1Fg MkczNML8kq0K6dSc1jcrtJQWROLWR5nObWhsOIGQbmORWU1mbNQDAjiuKn657XH1 ftD6yY+dkFMyuvDdwotroQlh/8V8NDDXeMWJvvo5Lz80pAE7cbD0oTKfGSYWZ/sk MJcJNX+y7d7/x8t9uTgOce43i1bFvsSIV65a1xjA1Zb6yed0wpwUKa990h7Z92qY oIrGRDUFJQ5uyKzvQhLdJNCE0i/WF9Qnwx9P4y9RNswqoCU+SEI=
=CCLW
-----END PGP SIGNATURE-----

--- SoupGate-Win32

CgpPbiBKYW4gNywgMjAyNSAyMToyNSwgSnVsaWVuIFBsaXNzb25uZWF1IER1cXXDqG5lIDxzcmU0 ZXZlckBmcmVlLmZyPiB3cm90ZToKCj4gSSB0aGluayB0aGF0IGJlaW5nIGFibGUgdG8gaG9zdCB0 aGUgcHJpbWFyeSBnaXQgcmVwb3NpdG9yeSBvZiBwYWNrYWdlcyAKCj4gZWxzZXdoZXJlIGlzIGEg ZnJlZWRvbSB3b3J0aCBtYWludGFpbmluZyBmb3IgbWFueSByZWFzb25zLiAKCgpJIGRvbid0IHRo aW5rIHdlIHNob3VsZCBjb250aW51ZSB0byBhbGxvdyB0aGUgImZyZWVkb20iIHRvIGJlIGFubm95 aW5nIGZvciBldmVyeSBvdGhlciBjb250cmlidXRvcnMuIEV2ZW4gaWYgdGhlcmUgbWF5IGJlIHNv bWUgInRlY2huaWNhbCBleGN1c2VzIiB0byBkbyBzby4KCgpUaG9tYXMgR29pcmFuZCAoemlnbykK Cgo= PGh0bWw+PGJvZHk+PGJyPjxkaXYgZGlyPSJsdHIiPk9uIEphbiA3LCAyMDI1IDIxOjI1LCBKdWxp ZW4gUGxpc3Nvbm5lYXUgRHVxdcOobmUgJmx0O3NyZTRldmVyQGZyZWUuZnImZ3Q7IHdyb3RlOjwv ZGl2Pgo8ZGl2IGRpcj0ibHRyIj4mZ3Q7IEkgdGhpbmsgdGhhdCBiZWluZyBhYmxlIHRvIGhvc3Qg dGhlIHByaW1hcnkgZ2l0IHJlcG9zaXRvcnkgb2YgcGFja2FnZXMgPC9kaXY+CjxkaXYgZGlyPSJs dHIiPiZndDsgZWxzZXdoZXJlIGlzIGEgZnJlZWRvbSB3b3J0aCBtYWludGFpbmluZyBmb3IgbWFu eSByZWFzb25zLiA8L2Rpdj4KPGJyPjxkaXYgZGlyPSJsdHIiPkkgZG9uJiMzOTt0IHRoaW5rIHdl IHNob3VsZCBjb250aW51ZSB0byBhbGxvdyB0aGUgJnF1b3Q7ZnJlZWRvbSZxdW90OyB0byBiZSBh bm5veWluZyBmb3IgZXZlcnkgb3RoZXIgY29udHJpYnV0b3JzLiBFdmVuIGlmIHRoZXJlIG1heSBi ZSBzb21lICZxdW90O3RlY2huaWNhbCBleGN1c2VzJnF1b3Q7IHRvIGRvIHNvLjwvZGl2Pgo8YnI+ PGRpdiBkaXI9Imx0ciI+VGhvbWFzIEdvaXJhbmQgKHppZ28pPC9kaXY+Cjxicj48L2JvZHk+PC9o dG1sPg==

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Jan 07, 2025 at 11:21:36PM +0100, thomas@goirand.fr wrote:

I think that being able to host the primary git repository of packages elsewhere is a freedom worth maintaining for many reasons.

same here.

I don't think we should continue to allow the "freedom" to be annoying for every other contributors. Even if there may be some "technical excuses" to do so.

the same could be said about using cdbs or anything really.

please be careful in your efforts to make contributing easier to not alienate those who already contribute, sometimes for decades. also: it's rather easy to kill motivation but very hard to revive it, once killed.


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

“It's easy to be a naive idealist. It's easy to be a cynical realist. It's
quite another thing to have no illusions and still hold the inner flame.”
(Marie-Louise von Franz)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmd9rqoACgkQCRq4Vgaa qhxd0Q/+IpEx0seNYQnfYIZdknOeaNXP2TuLwZpyeg5pSWqpFry2ysH0fIx2teFt An0Wu1WhrtnQfu/r1o/mGXNS5g8xvn1MPnsLFOrotr02uZIMDI3IKgcqGlYOjtbY wzTUfnc5x4rct7rW1uKIrosMTSkxC7Lkh/eqs7CCPZGkv2FnlffJrfljTHJGWw1B XX8CXqF/46UTCjiHa21vY13wab5JgayE18eMYAlQsopTQyj83TAOlIs3KybaWnKr ldPknn1T1BmH9Wsq/Uv6DC7FE0ocQgURXqhj+1+3c7f+ncRFkyjBW/7E2lLjnTGi AQ2NhIJuEyryrkOAuI9TESXt3dBMrT53wlvpr4sKCUte14UuXCY8ds3Uu6TujBOR MEjGqlXh7/v8hb4eLac7syrZ5TOoQqb1jBCljdA2cMChu6AXh5yGHhBe/OsGawn8 ShyHmjCHGnR73zy6Q2cEvZKh+zj7+YUoo5RXNgNrssnsI7Ks5h0d+wATdepnpkJ

That's fair. I maintain a package of a project where I eventually
moved the upstream codebase into revision control but have been too lazy/distracted to do the same for the debian directory (which I realistically only update once every year or two). I'm committed to
importing that into Salsa eventually, it's just a question of when
I'll find the time.

Are you aware that you can almost fully automatically create the git
history from existing uploads with git-buildpackage?

gbp import-dscs --verbose --pristine-tar --create-missing-branches <packagename>

Then you just push that as a new repo on Salsa and you are done with
the migration.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

While I'd love to see all packages on Salsa

I think that being able to host the primary git repository of packages elsewhere is a freedom worth maintaining for many reasons.

No, I don't think this is a good idea, and at my first thought, I
personally don't see any practical reasons.

You can always keep _another_ copy on another git repository, either by client-side push to both salsa and your server, or by making salsa push automatically to your server - your choice. But having the main
repository on Salsa for all packages gives tremendous advantages.

Yes, exactly: The fact that Debian wants to have your packages on salsa.debian.org is a huge enabler for collaboration. At the same time
it does not really remove anything from you.

Thanks to how git works as a distributed version control system, you
can still host your code in parallel elsewhere.

For an example of this check out
https://salsa.debian.org/debian/debcraft with mirrors at https://gitlab.com/ottok/debcraft and
https://github.com/ottok/debcraft. Salsa is the "authorative" place
referenced by the package Vcs-Git field, but there are mirrors on
GitLab and GitHub, and I have recieved Merge Requests and Pull
Requests on all three platforms. It is almost no extra work for having
this. I get an email for MR/PR posted anywhere, so there is just one
inbox for me to monitor.

Once I merge a contribution somewhere I just pull it to my laptop and
the next git push will sync it to all other repos without me having to
do any extra work. As you can see all of them have the same git HEAD
at 7bd51c1d.

For reference, my local checkout has this config:

± git remote -v
origin git@salsa.debian.org:debian/debcraft.git (fetch)
origin git@salsa.debian.org:debian/debcraft.git (push)
origin git@gitlab.com:ottok/debcraft.git (push)
origin git@github.com:ottok/debcraft.git (push)
otto git@salsa.debian.org:otto/debcraft.git (fetch)
otto git@salsa.debian.org:otto/debcraft.git (push)
otto git@gitlab.com:ottok/debcraft.git (push)
otto git@github.com:ottok/debcraft.git (push)
otto git@git.sr.ht:~ottok/debcraft (push)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 2025-01-07 21:52, Peter Pentchev a écrit :

Hm. That sounds interesting, but I think the Debian project cannot
protect such a mirror from automatically bringing in non-DFSG content
that appears in the remote repository. One might even take this one
step
further and go to content forbidden by law in various jurisdictions.

Then we are going to have the same issue implementing automated upstream release imports in packaging repositories, e.g. with the Janitor, and
this is a service I would very much like to have.

I would worry more about malicious content getting automatically pulled
in. But anyway this can probably be mitigated the way large platforms
do: make it possible to easily report abuse and being diligent in
investigating them, eventually putting the repository offline until the
issue is cleared. Additional automated checks could be implemented to
suspend updates and require human review e.g. with LICENSE changes
unless the file contents matches a whitelist.

Alternatively the mirroring could be implemented to pull only the
release tags after a package is uploaded to the archive (which means
that someone reviewed the changes), and dealt with on a case-by-case
basis for non-free packages or packages that have +dfsg repacking.

Cheers,

--
Julien Plissonneau Duquène

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Jan 08, 2025 at 10:19:34AM +0100, Julien Plissonneau Duquène wrote:

Le 2025-01-07 21:52, Peter Pentchev a écrit :

Hm. That sounds interesting, but I think the Debian project cannot
protect such a mirror from automatically bringing in non-DFSG content
that appears in the remote repository. One might even take this one step further and go to content forbidden by law in various jurisdictions.

Then we are going to have the same issue implementing automated upstream release imports in packaging repositories, e.g. with the Janitor, and this
is a service I would very much like to have.

Unfortunately you are correct that the same problem would arise.

I would worry more about malicious content getting automatically pulled in. But anyway this can probably be mitigated the way large platforms do: make
it possible to easily report abuse and being diligent in investigating them, eventually putting the repository offline until the issue is cleared.

Hm, I would be really, really surprised if there was even one "large
platform" that did not shift the responsibility to the user by having
them sign a terms of service document upon account registration.
Also, I'm not sure that some issues can really be cleared; see below.

Additional automated checks could be implemented to suspend updates and require human review e.g. with LICENSE changes unless the file contents matches a whitelist.

That would put the responsibility on the uploader to review not only
the actual changes (as in a diff) between the releases, but each and every individual file in each and every commit between the two releases.
I don't think this is completely realistic.

Why each and every individual file? Well, consider this:
- version 3.14.1 is tagged
- version 3.14.1 is uploaded to Debian
- somebody pushes a commit to the upstream repo that adds a file that
really does not belong there
- two more "real" commits are pushed
- somebody pushes a commit that reverts the "add a bad file" one
- three more "real" commits are pushed
- version 3.14.2 is tagged
- version 3.14.2 is uploaded to Debian

...so, if at this point the mirror pulls in the Git commits between
versions 3.14.1 and 3.14.2, there will exist several publicly-accessible
blobs that will contain the file that really does not belong there.
Clearing the issue would require rewriting Git history, squashing commits or dropping them altogether, which would make the Debian version of
the "upstream" Git repository no longer be a mirror.

Alternatively the mirroring could be implemented to pull only the release tags after a package is uploaded to the archive (which means that someone reviewed the changes), and dealt with on a case-by-case basis for non-free packages or packages that have +dfsg repacking.

In Git repositories, pulling the release tag involves pulling (and making available) all the commits leading up to it, even the reverted ones, so...
see above.

In general, automatically mirroring Git repository content is... fraught
with various issues.

G'luck,
Peter

--
Peter Pentchev roam@ringlet.net roam@debian.org peter@morpheusly.com
PGP key: https://www.ringlet.net/roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmd+jSgACgkQZR7vsCUn 3xNmHxAAz8rE8lzBpF+tMlAQH+e9p8cTHw+lxldC0e9eYeVULbEZLM3AIASgHc6x OYL2KvIVsXpcs0OcZzCCipwT8LHwerDQVefQFBZzHZdh9c2Fzq0tTR/6jXKlrWO5 FB/yVAzInsHv+oShNdu8QI+5CWbzLdn+2h88Bki3I/g+M6bV48HXk8JnRYuHq/pb 3tN7oz9cNr+wtplgZ0ticbHn66RO8xOAGptKPVXkS3jgzS8zRYb+me4MYLPt+StQ A/heO1C1CCqtUUq2adRjf1tRMMDXmwcWDZ1YLzFFG10EbvtJu8mZd06Y7LtCnYL+ NG+863nRPeimhUJyU4FICumw/Hqz7Ypd8opnDctmv0OgENDOtFYrJabYZieea2C9 Au/EEdSMHiwzTqBlykAxFnJFKqQX8+Ahp0E9E7LCPIL3KTy4FXqS1hE5idmrhhfJ 6wd8m0LTqCSjuPRJHB3qyvcBRgTS8oJYLszEnijW76TkLoZ1kZzLWTLiULgGRlxD 8lVlFEHtM9GAcmOQi2E5BTjpga2bP04EkAz1FQyex+Ngk87o72v3z9OYnrTJMGIo 5qyGi8sbHBIwDHsP6vxA6LG9E4JLjW3Tw8L6jq+sT5Sg86vtZbKxKDtfnxAwXMgk jUSB85Zmfv/lKjkaP0sEe2GHeFHV2jrBlLerfnTJ5Nel7y2F6sI=
=q29e

On Wed, 8 Jan 2025 at 14:35, Peter Pentchev <roam@ringlet.net> wrote:

On Wed, Jan 08, 2025 at 10:19:34AM +0100, Julien Plissonneau Duquène wrote:

Le 2025-01-07 21:52, Peter Pentchev a écrit :

Hm. That sounds interesting, but I think the Debian project cannot protect such a mirror from automatically bringing in non-DFSG content that appears in the remote repository. One might even take this one step further and go to content forbidden by law in various jurisdictions.

Then we are going to have the same issue implementing automated upstream release imports in packaging repositories, e.g. with the Janitor, and this is a service I would very much like to have.

Unfortunately you are correct that the same problem would arise.

Note that there aren't, and never were, rules concerning DFSG content
and git repositories. In Salsa (and also in its predecessor forge,
Alioth) you can find repositories for packages uploaded to non-free - firmwares, drivers, etc. And that makes sense, as the rules apply to
the 'main' section of the archive, which is what we ship to users, not
to development infrastructure, otherwise you couldn't upload non-free
packages to buildds to get them built, or deb.debian.org to be
published in the non-free section, and so on.
So it's entirely ok if mirroring brings in non-DFSG content, as long
as packages are uploaded to the appropriate non-free or firmware
sections of the archive.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Stuart,

Am Wed, Jan 08, 2025 at 12:46:58PM +1100 schrieb Stuart Prescott:

Lets think about some better fine tuning. "NOT LIKE '%salsa%'" might
catch also Vcs URLs that are intentionally somewhere else. While I'd
love to see all packages on Salsa, it might be sensible to start with packages that are unintentionally not in Salsa so

udd=> SELECT COUNT(DISTINCT source) FROM sources WHERE release = 'sid' AND (vcs_url IS NULL OR vcs_url like '%alioth%' OR vcs_url like '%git.debian.org%' OR vcs_url like '%svn.debian.org%') ;
count
-------
2213

For completeness I need to add `OR vcs_url like '%anonscm.debian.org%'`
which bumps the counter to 2947 ...

That might make a real challenge to bring that number below 2000 until
end of my term. Any help to approach this is welcome.

... and my challenge to bring that number below 2000 nearly out of reach (except if lots of people might subscribe this effort).

Well, let's look at some of these other d.o URLs.

- Not our alioth: There are 16 vcs URLs in there that have 'alioth'
in them but aren't alioth.debian.org; they are git hosted but not
on Debian infrastructure (and perhaps not in a place that facilitates
collaboration in the way being discussed)

Ahhh, you mean https://evolvis.org/anonscm/git/alioth ? Thank you for
the hint. So the updated query is

SELECT COUNT(DISTINCT source) FROM sources WHERE release = 'sid' AND
(vcs_url IS NULL OR vcs_url like '%alioth.debian.org%' OR vcs_url like '%git.debian.org%' OR vcs_url like '%svn.debian.org%' OR vcs_url like '%anonscm.debian.org%') ;

2930

- dgit.debian.org: There are 30 in there that are dgit.debian.org.
That surprised me, maybe I don't know enough about dgit.

I consider dgit.debian.org a valid Vcs field. It might preferable to
have Salsa the main repostory and dgit.d.o just a clone of this, but for
the moment I'm trying to seek for obviously unmaintained Vcs fields or
no Vcs at all.

- git.debian.org: There are 146 with git.debian.org - none of these VCS
URLs work any more

Yes, that's my point: Fix things that don't work.

- svn.debian.org: !4 list svn.d.o but like git.d.o that's dead. svn.d.o
doesn't even exist as a hostname any more.

Same here.

There's 161 packages in sid with old d.o URLs pointing to alioth. There's a reasonable chance that a good portion of them are also not maintained.

- 11% of them list their maintainer as Debian QA Group
- 13% of them have a current O bug (another 1 with an RFA)
- who knows how many are otherwise abandoned with MIA maintainers or
maintainers who have just moved on to other things

Spotting obviously broken Vcs fields (or no Vcs fields) is one way to
seek for unmaintained packages. It might turn out that this indicator
is misleading but to my experience from Bug of the Day this is really
a rare exception.

There was a recent discussion about what to do with VCSes for orphaned packages. Maybe if it doesn't exist on salsa, it's worth creating one in the salsa.d.o/debian/ namespace as part of doing the QA upload?
(gbp import-dscs --debsnap) That would be a good outcome and a good little project for someone...

... which I would really welcome but we need "someone" who volunteers.

The vast majority of these packages have seen post-alioth uploads but with the broken Vcs fields still in place.

Do you have numbers backing up this "vast majority" statement? To my experience these Uploads where NMUs but not maintainer uploads. This
brings me back to my argument that restrictions on NMUs for acceptable
changes are preventing NMUers to look for such issues. In most cases
where I salvaged packages NMUs where not even pushed to a repository
that might exist on Salsa. So having repositories on Salsa without
doing an upload with fixed Vcs fields (I've seen lots of these with
changelog entries by Janitor) are potentially triggering regressions.
The maintainer might simply continue working on the status of the Git repository bumping the Debian revision to something higher than the NMU
and the changes of NMU might become lost.

That's perhaps offering the opposite
of collaborative development? The question is whether the repo has actually moved to salsa but d/control hasn't been updated, or whether the repo has just vanished. An MBF that the VCS fields are out of date is easy, but checking and fixing is likely manual work.

Its definitely manual work. In most cases you also have to check the
Homepage and the watch file of the project. My gut feeling is about
30% of the Homepages of the Bug of the Day-salvaged packages were
broken.

year | count
-----+-------
2011 | 1
2012 | 4
2013 | 3
2014 | 4
2015 | 1
2016 | 1
2017 | 2
2018 | 2 (salsa.d.o general availability)
2019 | 1
2020 | 13
2021 | 95
2022 | 20
2023 | 7
2024 | 6
2025 | 1

Most of these until 2019 will be probably fetched by Bug of the Day
sooner or later. Helping hands are always welcome.

I noticed that some teams have some lintian tags checking this from a team policy perspective - doing this more broadly for other teams would help provide teams with visibility via lintian.d.o reports.

lintian-explain-tags -t team/pkg-perl/vcs/no-git \
team/pkg-perl/vcs/no-team-url

Nice.

(I accidentally found 2 python-team packages without Vcs URLs yesterday -
the repos were on salsa, just not listed in d/control)

Not so nice. Did you just injected these? If not would you mind naming
the packages?

Over half of these old alioth URLs can be addressed by Teams doing some data normalisation and uploads:

maintainer_name | count -------------------------------+-------
Debian Perl Group | 72
Debian Java Maintainers | 10
Debian X Strike Force | 7
Debian XML/SGML Group | 4
Debian Science Maintainers | 3
Debian CLI Applications Team | 2
Debian Ruby Extras Maintainers | 1
Debian Javascript Maintainers | 1
Debian Telepathy maintainers | 1
Debian Fonts Task Force | 1
Debian CLI Libraries Team | 1
Debian-IN Team | 1
Debichem Team | 1
NeuroDebian Team | 1
The Debian Lua Team | 1

I find even 13 in Science team and will try to tackle these (or
ask for removal).
( SELECT source, maintainer, vcs_url FROM sources WHERE release = 'sid' AND vcs_url not like '%salsa%' AND maintainer like '%science%' ; )

So in terms of where to start... perhaps there's a couple of teams that
would like to do some data cleansing?

It would be really great if this thread would have
this effect.

Thanks a lot for your analysis
Andreas.



SELECT
s.source, date, vcs_url
FROM
sources AS s
JOIN upload_history AS h
ON s.source = h.source AND s.version = h.version
WHERE
release = 'sid' AND
vcs_url ~ '/(git|svn|alioth).debian.org'
ORDER BY
date DESC;



SELECT
DATE_PART('year', date) AS year,
COUNT(*)
FROM
sources AS s
JOIN upload_history AS h
ON s.source = h.source AND s.version = h.version
WHERE
release = 'sid'
AND vcs_url ~ '/(git|svn|alioth).debian.org'
GROUP BY
year
ORDER BY
year ASC;



SELECT
maintainer, COUNT(*)
FROM sources
WHERE
release = 'sid'
AND vcs_url ~ '/(git|svn|alioth).debian.org'
AND maintainer ~ '(team|group|lists)'
GROUP BY
maintainer
ORDER BY
count DESC;


--
https://fam-tille.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Jan 08, 2025 at 02:59:16PM +0000, Luca Boccassi wrote:

On Wed, 8 Jan 2025 at 14:35, Peter Pentchev <roam@ringlet.net> wrote:

On Wed, Jan 08, 2025 at 10:19:34AM +0100, Julien Plissonneau Duquène wrote:

Le 2025-01-07 21:52, Peter Pentchev a écrit :

Hm. That sounds interesting, but I think the Debian project cannot protect such a mirror from automatically bringing in non-DFSG content that appears in the remote repository. One might even take this one step
further and go to content forbidden by law in various jurisdictions.

Then we are going to have the same issue implementing automated upstream release imports in packaging repositories, e.g. with the Janitor, and this
is a service I would very much like to have.

Unfortunately you are correct that the same problem would arise.

Note that there aren't, and never were, rules concerning DFSG content
and git repositories. In Salsa (and also in its predecessor forge,
Alioth) you can find repositories for packages uploaded to non-free - firmwares, drivers, etc. And that makes sense, as the rules apply to
the 'main' section of the archive, which is what we ship to users, not
to development infrastructure, otherwise you couldn't upload non-free packages to buildds to get them built, or deb.debian.org to be
published in the non-free section, and so on.
So it's entirely ok if mirroring brings in non-DFSG content, as long
as packages are uploaded to the appropriate non-free or firmware
sections of the archive.

Right, and that's why in my next sentence I mentioned content that
might actually be illegal and bring trouble to the administrators.

Sorry, the DFSG part was mostly a red herring, although a part of
me does wonder whether putting a file up for download is not
a type of redistribution, but I guess that has already been
discussed many times among the administrators of alioth and salsa.
I am mostly concerned with content that may be viewed as illegal,
in the context of "this was pulled in automatically, there was no
human being who initiated that action, so there is nobody but
the site admins to be held responsible".

G'luck,
Peter

--
Peter Pentchev roam@ringlet.net roam@debian.org peter@morpheusly.com
PGP key: https://www.ringlet.net/roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmd+sMMACgkQZR7vsCUn 3xOThw/+Mypxzy/pUS5k+AQ2sr3Sy6VmCPpU/o54/mKFGZyYwSPDZS/EsO4U9ejc i0DhsIx8vDj3m0OawChYORm++piQrdTJofvau8BgR2dJQbTftcv8fabSx2p3GAaG CQwIC+2gZgyYUGaowK9yvmW49hjGoqyk/A1TXZtv5Azw2QU63kVXk7b4M4y+BSaL uHy4BrE4c8rsviLdg0pho9sj2gKAPbauPZnVz8PYwY/6T/pKpZmrEqOMZF+T1MN4 C6oAadZSSrPbDYg5QwBLDUpa1Veiz9Yd9D0c+Kdc1n3J/owuCT0ZXS5bPwPA3IMs B8XCMz9vFKS4g8n5CfDy0/z1CXXaGnPAWPJ/YRHFbaYLrPVXjNv5g1ZpHKHGU1q6 Blpqr7HeMEF5Otj9YwzUviM56+3e+gYwWCQ5jlXU7hMCtULL3F/oFx4eec2CaqOX cDQp/+SsfU29k1xUax2tt4dD/rj5DN74cBy5Srbmy8PiFuqZGhGY4p44ExFRBdnL XxF1ArWO8YXyi6jqCdDEX/eyaf6tTEusF8Dpi2JSM06RMVjQuFo8fdMIxGuvq6O7 yA1/5F8iNSePvhB89ppcPq4r4YyHERcDC2zUe+bbpj7z7kzb6qMkd9+pW1mvl7QZ 8k1zYcptRCRSkI4iOZKlAV4yEE12lYIMuMU6ILU74JX6NgNzSuA=
=ApcS

Le 2025-01-08 15:35, Peter Pentchev a écrit :

Hm, I would be really, really surprised if there was even one "large platform" that did not shift the responsibility to the user by having
them sign a terms of service document upon account registration.

They don't make you sign anything, and most of the time they don't even
make you explicitly accept or read anything. A good example is there: https://pastebin.com/
(trigger warning: ads and loads of tracking junk and cookie consent pop-in-your-face featuring dark patterns)

Once you've cleared the cookie stuff, that's it. You can write and paste
and share whatever, nobody will ask for your real name or a government
ID or make you print a form and sign it and scan it and upload it or
review the content of what you publicly share before you share it.

Note that this is not a new service: according to Wikipedia it has been
online since 2002. It's still online. It is fairly certain that it has
seen some of the worst kind of abuse since its inception, yet it's still
there and almost as free to use as when it was created (actually the
worst impediment is probably the mandatory cookie consent stuff).

Now if you pay attention to details, somewhere at the bottom of the
page, in small letters with reduced contrast next to “cookie policy” you will find a “terms of service” link that brings you to a wall of
legalese prose where you can read ”Please read this Terms of Service agreement carefully before accessing or using this Website” among other
silly absurdities that are so typical of the legalese of common-law jurisdictions. It probably says somewhere that by using the service you
consent to these terms, and that you can't use the service to post
illegal or abusive content.

Back to the bottom of the page, you will notice that there are not just
one but three different links that will offer you three different ways
to report abuse: “dmca”, “report abuse” and “contact”.

Then if you click on a random public paste on the right, in the banner
above the shared contents, next to “print” you will find a “report” button that brings you to a pre-filled report form.

That's all what's needed, and still probably way more than the strict
minimum necessary to CYA. And the contact forms don't even make it
really easy to report abuse as they feature captchas.

Also, I'm not sure that some issues can really be cleared; see below.

Here I'm not sure the perceived issues are that much of an issue. We
would have no Internet today if network and system operators tried to
reach that level of safety back in the eighties and nineties.

Cheers,

--
Julien Plissonneau Duquène

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 2025-01-08 18:07, Peter Pentchev a écrit :

in the context of "this was pulled in automatically, there was no
human being who initiated that action, so there is nobody but
the site admins to be held responsible".

Actually the chain of responsibility can be traced back to another human
even in that case:
- the mirroring should be activated by an identified individual after validating that it is permitted by the license of the project and the
ToS (if any) of the remote site
- the remote project is supervised by identified individuals
- the remote project should only allow contributions from identified individuals (some may even require a formal CLA), and these
contributions must be comply with the licensing of the project, the ToS
of the platform if any, and the code of conduct of the platform if any.

Here "identified" means that they have reasonably stable e-mail
addresses and registered accounts, not necessarily that we know their
real names or anything else about their real identity. That's still
enough for law enforcement to issue search warrants should some serious wrongdoing happen.

We can probably expect some "interesting" issues in the future with
automated (AI) contributions in the future though ....

BTW I'm not sure that the Debian Machine Usage Policy covers online
services such as Salsa in its current form. This might be worth fixing,
and advertising on the services.

Cheers,

--
Julien Plissonneau Duquène

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

CgpPbiBKYW4gOCwgMjAyNSAxODowNywgUGV0ZXIgUGVudGNoZXYgPHJvYW1AcmluZ2xldC5uZXQ+ IHdyb3RlOi4KCj4gSSBhbSBtb3N0bHkgY29uY2VybmVkIHdpdGggY29udGVudCB0aGF0IG1heSBi ZSB2aWV3ZWQgYXMgaWxsZWdhbCwgCgo+IGluIHRoZSBjb250ZXh0IG9mICJ0aGlzIHdhcyBwdWxs ZWQgaW4gYXV0b21hdGljYWxseSwgdGhlcmUgd2FzIG5vIAoKPiBodW1hbiBiZWluZyB3aG8gaW5p dGlhdGVkIHRoYXQgYWN0aW9uLCBzbyB0aGVyZSBpcyBub2JvZHkgYnV0IAoKPiB0aGUgc2l0ZSBh ZG1pbnMgdG8gYmUgaGVsZCByZXNwb25zaWJsZSIuCgoKSGksCgoKSSBkb24ndCBzZWUgd2h5IHdl IHdvdWxkIG1ha2UgYSBzcGVjaWFsIGNhc2UgZm9yIG1pcnJvciByZXBvcyBvbiBTYWxzYS4gSnVz dCBsaWtlIG90aGVyIHJlcG9zLCB0aG9zZSBtYWludGFpbmluZyB0aGUgbWlycm9yIGNvdWxkIGJl IGhlbGQgcmVzcG9zc2libGUgZm9yIHdoYXQgaXMgaG9zdGVkIGluIHRoZSBtaXJyb3IsIEkgc3Vw cG9zZS4gSWYgeW91IGZlYXIgaWxsZWdhbCBjb250ZW50IG1heSBnZXQgaW4gYXMgeW91IG1lbnRp b25lZCwgcGxlYXNlIGNvbnNpZGVyIG5vdCBzZXRpbmcgdXAgc3VjaCBhIG1pcnJvci4KCgpIb3Bl ZnVsbHksIG5vIFNhbHNhIGFkbWluIHdpbGwgZ2V0IGludG8gbGVnYWwgdHJvdWJsZXMgYmVjYXVz ZSBvZiBhbm90aGVyIHBlcnNvbiBtaXN0YWtlIG9yIG1pc3NiZWhhdmlvci4gSWYgb25lcyBiZWNv bWUgYXdhcmUgb2YgYWJ1c2UsIHBsZWFzZSByZXBvcnQgaXQgbGlrZSBldmVyeXRoaW5nIGVsc2Ug YXQgL3NhbHNhL3N1cHBvcnQgb24gc2Fsc2EuZC5vcmcuCgoKSWYgdGhlIHNvdXJjZSBvZiB0aGUg bWlycm9yIGlzIHdlbGwga25vd24gYW5kIGFjY291bnRhYmxlIGZvciwgYW5kIGl0IGlzIHlvdXIg b3BpbmlvbiBpdCBpcyB1c2VmdWwsIGRvIGl0LgoKClRob3VnaCBhIG1pcnJvciBqdXN0IHRvIHBy ZXRlbmQgeW91ciBwYWNrYWdlIGlzIGhvc3RlZCBpbiBTYWxzYSwgd2l0aCBhbGwgdGhlIHRvb2xp bmcgbGlrZSBNUiBkZXNhY3RpdmF0ZWQgYnJpbmdzIElNTyBubyB2YWx1ZSwgYW5kIGlzIGp1c3Qg YSB3YXN0ZSBvZiByZXNvdXJjZXMuCgoKQ2hlZXJzLAoKClRob21hcyBHb2lyYW5kICh6aWdvKQoK ClAuUzogdGhlIGFib3ZlIGlzIG9ubHkgbXkgcGVyc29uYWwgb3BpbmlvbiwgYnV0IEkgc3VzcGVj dCBvdGhlciBTYWxzYSBhZG1pbnMgY291bGQgYWdyZWUgd2l0aCBzdWNoIGNvbW1vbiBzZW5zZS4g OikKCgo= PGh0bWw+PGJvZHk+PGJyPjxkaXYgZGlyPSJsdHIiPk9uIEphbiA4LCAyMDI1IDE4OjA3LCBQZXRl ciBQZW50Y2hldiAmbHQ7cm9hbUByaW5nbGV0Lm5ldCZndDsgd3JvdGU6LjwvZGl2Pgo8ZGl2IGRp cj0ibHRyIj4mZ3Q7IEkgYW0gbW9zdGx5IGNvbmNlcm5lZCB3aXRoIGNvbnRlbnQgdGhhdCBtYXkg YmUgdmlld2VkIGFzIGlsbGVnYWwsIDwvZGl2Pgo8ZGl2IGRpcj0ibHRyIj4mZ3Q7IGluIHRoZSBj b250ZXh0IG9mICZxdW90O3RoaXMgd2FzIHB1bGxlZCBpbiBhdXRvbWF0aWNhbGx5LCB0aGVyZSB3 YXMgbm8gPC9kaXY+CjxkaXYgZGlyPSJsdHIiPiZndDsgaHVtYW4gYmVpbmcgd2hvIGluaXRpYXRl ZCB0aGF0IGFjdGlvbiwgc28gdGhlcmUgaXMgbm9ib2R5IGJ1dCA8L2Rpdj4KPGRpdiBkaXI9Imx0 ciI+Jmd0OyB0aGUgc2l0ZSBhZG1pbnMgdG8gYmUgaGVsZCByZXNwb25zaWJsZSZxdW90Oy48L2Rp dj4KPGJyPjxkaXYgZGlyPSJsdHIiPkhpLDwvZGl2Pgo8YnI+PGRpdiBkaXI9Imx0ciI+SSBkb24m IzM5O3Qgc2VlIHdoeSB3ZSB3b3VsZCBtYWtlIGEgc3BlY2lhbCBjYXNlIGZvciBtaXJyb3IgcmVw b3Mgb24gU2Fsc2EuIEp1c3QgbGlrZSBvdGhlciByZXBvcywgdGhvc2UgbWFpbnRhaW5pbmcgdGhl IG1pcnJvciBjb3VsZCBiZSBoZWxkIHJlc3Bvc3NpYmxlIGZvciB3aGF0IGlzIGhvc3RlZCBpbiB0 aGUgbWlycm9yLCBJIHN1cHBvc2UuIElmIHlvdSBmZWFyIGlsbGVnYWwgY29udGVudCBtYXkgZ2V0 IGluIGFzIHlvdSBtZW50aW9uZWQsIHBsZWFzZSBjb25zaWRlciBub3Qgc2V0aW5nIHVwIHN1Y2gg YSBtaXJyb3IuPC9kaXY+Cjxicj48ZGl2IGRpcj0ibHRyIj5Ib3BlZnVsbHksIG5vIFNhbHNhIGFk bWluIHdpbGwgZ2V0IGludG8gbGVnYWwgdHJvdWJsZXMgYmVjYXVzZSBvZiBhbm90aGVyIHBlcnNv biBtaXN0YWtlIG9yIG1pc3NiZWhhdmlvci4gSWYgb25lcyBiZWNvbWUgYXdhcmUgb2YgYWJ1c2Us IHBsZWFzZSByZXBvcnQgaXQgbGlrZSBldmVyeXRoaW5nIGVsc2UgYXQgL3NhbHNhL3N1cHBvcnQg b24gc2Fsc2EuZC5vcmcuPC9kaXY+Cjxicj48ZGl2IGRpcj0ibHRyIj5JZiB0aGUgc291cmNlIG9m IHRoZSBtaXJyb3IgaXMgd2VsbCBrbm93biBhbmQgYWNjb3VudGFibGUgZm9yLCBhbmQgaXQgaXMg eW91ciBvcGluaW9uIGl0IGlzIHVzZWZ1bCwgZG8gaXQuPC9kaXY+Cjxicj48ZGl2IGRpcj0ibHRy Ij5UaG91Z2ggYSBtaXJyb3IganVzdCB0byBwcmV0ZW5kIHlvdXIgcGFja2FnZSBpcyBob3N0ZWQg aW4gU2Fsc2EsIHdpdGggYWxsIHRoZSB0b29saW5nIGxpa2UgTVIgZGVzYWN0aXZhdGVkIGJyaW5n cyBJTU8gbm8gdmFsdWUsIGFuZCBpcyBqdXN0IGEgd2FzdGUgb2YgcmVzb3VyY2VzLjwvZGl2Pgo8 YnI+PGRpdiBkaXI9Imx0ciI+Q2hlZXJzLDwvZGl2Pgo8YnI+PGRpdiBkaXI9Imx0ciI+VGhvbWFz IEdvaXJhbmQgKHppZ28pPC9kaXY+Cjxicj48ZGl2IGRpcj0ibHRyIj5QLlM6IHRoZSBhYm92ZSBp cyBvbmx5IG15IHBlcnNvbmFsIG9waW5pb24sIGJ1dCBJIHN1c3BlY3Qgb3RoZXIgU2Fsc2EgYWRt aW5zIGNvdWxkIGFncmVlIHdpdGggc3VjaCBjb21tb24gc2Vuc2UuIDopPC9kaXY+Cjxicj48L2Jv ZHk+PC9odG1sPg==

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le Tue, Jan 07, 2025 at 10:46:25AM +1100, Stuart Prescott a écrit :

It's great to see more packages being maintained on salsa. I've certainly noticed that it is making working on packages much simpler.

In my campaign, I stated [os1] that I aimed to reduce the number of packages maintained outside Salsa to below 2,000. As of March 28, 2024, the count was 2,368. As of this writing, the count stands at 1,928
[os2], so I consider this promise fulfilled. My thanks go out to
everyone who contributed to this effort. Moving forward, I’d like to set
a more ambitious goal for the remainder of my term and hope we can
reduce the number to below 1,800.

Without seeking to rain on the parade, that query is only the packages that list a non-salsa VCS. That's not counting the packages that don't list a VCS at all and therefore are also maintained outside salsa:

Also we should only count as 'maintained on Salsa' packages that are effectively maintained.

Packages that are on salsa but never uploaded to sid or whose source
code does not match salsa, due to NMU or otherwise should not be
counted.

We do not need more bureaucracy. I will not let packages be removed from testing just to keep the Salsa repositories in sync.

Cheers,
Bill.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

please be careful in your efforts to make contributing easier to not alienate those who already contribute, sometimes for decades. also: it's rather easy to
kill motivation but very hard to revive it, once killed.

The above got quoted in the latest LWN, so it may be a sign that the
above view has a lot of support. I am by far no longer "new" myself,
but I mentor many who are new, and to me it looks like we are
definitely alienating new contributors way more than old.

I would like to argue, that the opposite of Holger's quote holds true
as well: If those who have been contributing for multiple decades
continue to ignore new tools and refuse to adopt workflows invented in
past 20 years, it will totally kill the motivation for a lot of
talented and industrious new contributors.

For example, Michael Stapelberg was very active in Debian in 2009-2019
until he "had enough". His retirement blog post [1] from 2019 raises
the many of the same issues we have been talking (yet again) on this
very debian-devel@ list in past weeks (e.g. some people refusing to
host their packages in git and on a common platform, bugs.debian.org
being too cumbersome to use via email only, project-wide changes being
too hard to drive etc).

Ideally, I'd like to see both the old guard spend some time on
re-assessing their workflows and adopting new ones, AND have new be
humble enough to learning about Debian history and the multitude of
different package types we need to support and why some tooling might
not universally work for good reasons. This is one of the reasons I
like the DEP process: unlike the policy, it does not enforce anything,
but it still provides a way to define shared and common workflows and interfaces to make collaboration more efficient.

The best outcome would be for both old and new contributors to feel
welcome. Hopefully all the recent work in documentation and DEPs can
lead to a good balance of revival without loosing things that are good
already.

[1] https://michael.stapelberg.ch/posts/2019-03-10-debian-winding-down/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

unsubscribe

Andreas Tille <tille@debian.org> ezt írta (időpont: 2025. márc. 4., K, 9:41):

Dear Debian community,

this is bits from DPL for February.

Ftpmaster team is seeking for new team members ==============================================

In December, Scott Kitterman announced his retirement from the project.
I personally regret this, as I vividly remember his invaluable support
during the Debian Med sprint at the start of the COVID-19 pandemic. He
even took time off to ensure new packages cleared the queue in under 24 hours. I want to take this opportunity to personally thank Scott for his contributions during that sprint and for all his work in Debian.

With one fewer FTP assistant, I am concerned about the increased
workload on the remaining team. I encourage anyone in the Debian
community who is interested to consider reaching out to the FTP masters
about joining their team.

If you're wondering about the role of the FTP masters, I'd like to share
a fellow developer's perspective:

"My read on the FTP masters is:
- In truth, they are the heart of the project.
- They know it.
- They do a fantastic job."

I fully agree and see it as part of my role as DPL to ensure this
remains true for Debian's future.

If you're looking for a way to support Debian in a critical role where
many developers will deeply appreciate your work, consider reaching out
to the team. It's a great opportunity for any Debian Developer to
contribute to a key part of the project.

[1] https://ftp-master.debian.org/

Project Status: Six Months of Bug of the Day ============================================

In my Bits from the DPL talk at DebConf24[1], I announced the Tiny Tasks effort, which I intended to start with a Bug of the Day project[2].
Another idea was an Autopkgtest of the Day, but this has been postponed
due to limited time resources-I cannot run both projects in parallel.

The original goal was to provide small, time-bound examples for
newcomers. To put it bluntly: in terms of attracting new contributors,
it has been a failure so far. My offer to explain individual bug-fixing commits in detail, if needed, received no response, and despite my
efforts to encourage questions, none were asked.

However, the project has several positive aspects: experienced
developers actively exchange ideas, collaborate on fixing bugs, assess whether packages are worth fixing or should be removed, and work
together to find technical solutions for non-trivial problems.

So far, the project has been engaging and rewarding every day, bringing
new discoveries and challenges-not just technical, but also social. Fortunately, in the vast majority of cases, I receive positive responses
and appreciation from maintainers. Even in the few instances where help
was declined, it was encouraging to see that in two cases, maintainers
used the ping as motivation to work on their packages themselves. This reflects the dedication and high standards of maintainers, whose work is essential to the project's success.

I once used the metaphor that this project is like wandering through a
dark basement with a lone flashlight-exploring aimlessly and discovering
a wide variety of things that have accumulated over the years. Among
them are true marvels with popcon >10,000, ingenious tools, and
delightful games that I only recently learned about. There are also some packages whose time may have come to an end-but each of them reflects
the dedication and effort of those who maintained them, and that
deserves the utmost respect.

Leaving aside the challenge of attracting newcomers, what have we
achieved since August 1st last year?
* Fixed more than one package per day, typically addressing multiple bugs.
* Added and corrected numerous Homepage fields and watch files.
* The most frequently patched issue was "Fails To Cross-Build From Source"
(all including patches).
* Migrated several packages from cdbs/debhelper to dh.
* Rewrote many d/copyright files to DEP5 format and thoroughly reviewed them.
* Integrated all affected packages into Salsa and enabled Salsa CI.
* Approximately half of the packages were moved to appropriate teams,
while the rest are maintained within the Debian or Salvage teams.
* Regularly performed team uploads, ITS, NMUs, or QA uploads.
* Filed several RoQA bugs to propose package removals where appropriate.
* Reported multiple maintainers to the MIA team when necessary.

With some goodwill, you can see a slight impact on the trends.debian.net graphs[3] (thank you Lucas for the graphs), but I would never claim that
this project alone is responsible for the progress. What I have also
observed is the steady stream of daily uploads to the delayed queue[4], demonstrating the continuous efforts of many contributors. This ongoing
work often remains unseen by most-including myself, if not for my
regular check-ins on this list. I would like to extend my sincere thanks
to everyone pushing fixes there, contributing to the overall quality and progress of Debian's QA efforts.

If you examine the graphs for "Version Control System" and "VCS Hosting"
with the goodwill mentioned above, you might notice a positive trend
since mid-last year. The "Package Smells" category has also seen
reductions in several areas: "no git", "no DEP5 copyright", "compat <9",
and "not salsa". I'd also like to acknowledge the NMUers who have been working hard to address the "format != 3.0" issue. Thanks to all their efforts, this specific issue never surfaced in the Bug of the Day
effort, but their contributions deserve recognition here.

The experience I gathered in this project taught me a lot and inspired
me to some followup we should discuss at a Sprint at DebCamp this year.

Finally, if any newcomer finds this information interesting, I'd be
happy to slow down and patiently explain individual steps as needed. All
it takes is asking questions on the Matrix channel[5] to turn this into
a "teaching by example" session.

By the way, for newcomers who are interested, I used quite a few abbreviations-all of which are explained in the Debian Glossary[6].

[1] https://debconf24.debconf.org/talks/20-bits-from-the-dpl/
[2] https://salsa.debian.org/qa/tiny_qa_tools/-/wikis/Tiny-QA-tasks#bug-of-the-day
[3] https://trends.debian.net/
[4] https://ftp-master.debian.org/deferred.html
[5] https://app.element.io/#/room/#debian-tiny-tasks:matrix.org
[6] https://wiki.debian.org/Glossary

Sneak Peek at Upcoming Conferences
==================================

I will join two conferences in March-feel free to talk to me if you spot
me there.

1. FOSSASIA Summit 2025 (March 13-15, Bangkok, Thailand)
Schedule: https://eventyay.com/e/4c0e0c27/schedule

2. Chemnitzer Linux-Tage (March 22-23, Chemnitz, Germany)
Schedule: https://chemnitzer.linux-tage.de/2025/de/programm/vortraege

Both events will have a Debian booth-come say hi!

Kind regards
Andreas.

--
Jecs Attila
Power Alarm Kft.

<div dir="ltr"><div class="gmail_default" style="font-family:comic sans ms,sans-serif;font-size:large">unsubscribe</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">Andreas Tille &lt;<a href="mailto:tille@
debian.org">tille@debian.org</a>&gt; ezt írta (időpont: 2025. márc. 4., K, 9:41):<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Dear Debian community,<br>

this is bits from DPL for February.<br>


Ftpmaster team is seeking for new team members<br> ==============================================<br>

In December, Scott Kitterman announced his retirement from the project.<br>
I personally regret this, as I vividly remember his invaluable support<br> during the Debian Med sprint at the start of the COVID-19 pandemic. He<br>
even took time off to ensure new packages cleared the queue in under 24<br> hours. I want t

unsubsribe

Sean Whitton <spwhitton@spwhitton.name> ezt írta (időpont: 2025. márc. 5., Sze, 12:17):

Hello everyone,

On Tue 04 Mar 2025 at 09:40am +01, Andreas Tille wrote:

Dear Debian community,

this is bits from DPL for February.

Ftpmaster team is seeking for new team members ==============================================

No, we are not.

Andreas asked us whether we would like a call for volunteers included in Bits. Multiple team members explicitly told him that we now would not
be a good time for that, for us.

For the FTP team,
--
Sean Whitton

--
Jecs Attila
Power Alarm Kft.

<div dir="ltr"><div class="gmail_default" style="font-family:comic sans ms,sans-serif;font-size:large">unsubsribe</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">Sean Whitton &lt;<a href="mailto:spwhitton@
spwhitton.name">spwhitton@spwhitton.name</a>&gt; ezt írta (időpont: 2025. márc. 5., Sze, 12:17):<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello everyone,<br>

On Tue 04 Mar 2025 at 09:40am +01, Andreas Tille wrote:<br>

&gt; Dear Debian community,<br>
&gt;<br>
&gt; this is bits from DPL for February.<br>
&gt;<br>
&gt;<br>
&gt; Ftpmaster team is seeking for new team members<br>
&gt; ==============================================<br>

No, we are not.<br>

Andreas asked us whether we would like a call for volunteers included in<br> Bits.  Multiple team members explicitly told him that we now would not<b

On 05/03/25 4:47 pm, Sean Whitton wrote:

On Tue 04 Mar 2025 at 09:40am +01, Andreas Tille wrote:

Dear Debian community,

this is bits from DPL for February.


Ftpmaster team is seeking for new team members
==============================================

No, we are not.

Andreas asked us whether we would like a call for volunteers included in Bits. Multiple team members explicitly told him that we now would not
be a good time for that, for us.

Do you mind clarifying why that's the case, unless the reason is truly personal or undisclosable?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------CEfS7k0a0PrkpXNNqrWhI866
Content-Type: multipart/alternative;
boundary="------------xZ6iJq0MJ784x1RRBGz96cHq"

--------------xZ6iJq0MJ784x1RRBGz96cHq
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

T24gMDUuMDMuMjUgMTI6MTcsIFNlYW4gV2hpdHRvbiB3cm90ZToNCj4+IEZ0cG1hc3RlciB0 ZWFtIGlzIHNlZWtpbmcgZm9yIG5ldyB0ZWFtIG1lbWJlcnMNCj4+ID09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NCj4gTm8sIHdlIGFyZSBub3QuDQoN ClRoZSBORVcgcXVldWUgY3VycmVudGx5IGNvbnRhaW5zIH4xMzUgcGFja2FnZXMuIFRoZSBt ZWRpYW4gd2FpdCB0aW1lIG9uIA0KdGhlIGxpc3QoKikgaXMgdGhyZWUgd2Vla3MsIGFuZCB0 aGUgb2xkZXN0IHBhY2thZ2VzIGhhdmUgYmVlbiwgd2VsbCwgDQpsYW5ndWlzaGluZywgZm9y IG5pbmUgbW9udGhzIG9yIHNvLg0KDQooKikgWWVzIEkga25vdyB0aGF0IHRoaXMgbWF5IHdl bGwgYmUgYW4gaW5mbGF0ZWQgbWVkaWFuOiBhZnRlciBhbGwsIHRoZSANCnBhY2thZ2VzIHdo aWNoIGZ0cG1hc3RlciAqZGlkKiBwcm9jZXNzIGxhdGVseSBhcmUgbm90IG9uIHRoZSBsaXN0 IGJ5IA0KZGVmaW5pdGlvbi4gSG93ZXZlciwgdGhhdCdzIHN0aWxsIDUwIHBlb3BsZSB3aG8n dmUgYmVlbiB3YWl0aW5nIGZvciBhdCANCmxlYXN0IGEgbW9udGggdG8gZ2V0IHRoZWlyIHBh Y2thZ2UgaW50byBEZWJpYW4uDQoNCk9mIHRoZSBJVFAgYnVncyBJIHNwb3QtY2hlY2tlZCBy YW5kb21seSwgbm9uZSBjb250YWluZWQgYSBoaW50IHdoeSB0aGUgDQpwYWNrYWdlIHdhcyBu b3QgeWV0IHByb2Nlc3NlZC4NCg0KSWYgbm8gY3VycmVudCB0ZWFtIG1lbWJlciBoYXMgZnJl ZSB0aW1lIGZvciBwcnVuaW5nIHRoaXMgbGlzdCwgYWRkaW5nIA0KbmV3IG1lbWJlcnMgaXMg dGhlIG9idmlvdXMgc29sdXRpb24uIFdoaWxlIHdlIGFsbCBrbm93IHRoYXQgYnJpbmdpbmcg bmV3IA0KcGVvcGxlIHVwIHRvIHNwZWVkIGVhdHMgdGltZSB0b28sIG5vdCBmaXhpbmcgdGhl IHJvb2YgYmVjYXVzZSB5b3UncmUgdG9vIA0KYnVzeSBlbXB0eWluZyBidWNrZXRzIGlzIG5v dCBhIHZpYWJsZSBsb25nLXRlcm0gc3RyYXRlZ3kuDQoNCklmIHlvdSBoYXZlIGEgYmV0dGVy IGlkZWEgaG93IHRvIGltcHJvdmUgdGhlIHNpdHVhdGlvbiwgYnkgYWxsIG1lYW5zIA0KbGV0 J3MgaGVhciBpdC4NCg0KTkI6ICJub3cgd291bGQgbm90IGJlIGEgZ29vZCB0aW1lIiBiZWdz IHRoZSBxdWVzdGlvbiBob3cgbG9uZyB5b3UgZXhwZWN0IA0Kc2FpZCAibm93IiB0byBsYXN0 Lg0KDQotLSANCi0tIHJlZ2FyZHMNCi0tIA0KLS0gTWF0dGhpYXMgVXJsaWNocw0KDQo= --------------xZ6iJq0MJ784x1RRBGz96cHq
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 05.03.25 12:17, Sean Whitton wrote:<br>
</div>
<blockquote type="cite"
cite="mid:87v7snybeo.fsf@melete.silentflame.com">
<pre class="moz-quote-pre" wrap=""><blockquote type="cite"
style="color: #007cff;"><pre wrap="" class="moz-quote-pre">Ftpmaster team is seeking for new team members
==============================================
</pre></blockquote><pre wrap="" class="moz-quote-pre">No, we are not.</pre></pre>
</blockquote>
<p>The NEW queue currently contains ~135 packages. The median wait
time on the list(*) is three weeks, and the oldest packages have
been, well, languishing, for nine months or so.</p>
<p>(*) Yes I know that this may well be an inflated median: after
all, the packages which ftpmaster *did* process lately are not on
the list by definition. However, that's still 50 people who've
been waiting for at least a month to get their package into
Debian.<br>
</p>
<p>Of the ITP bugs I spot-checked randomly, none contained a hint
why the package was not yet processed. <br>
</p>
<p>If no current team member has free time for pruning this list,
adding new members is the obvious solution. While we all know that
bringing new people up to speed eats time too, not fixing the roof
because you're too busy emptying buckets is not a viable long-term
strategy.</p>
<p>If you have a better idea how to improve the situation, by all
means let's hear it.</p>
<p>NB: "now would not be a good time" begs the question how long you
expect said "now" to last.<br>
</p>
<pre class="moz-signature" cols="72">--
-- regards
--
-- Matthias Urlichs</pre>
</body>
</html>

--------------xZ6iJq0MJ784x1RRBGz96cHq--

--------------CEfS7k0a0PrkpXNNqrWhI866--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEr9eXgvO67AILKKGfcs+OXiW0wpMFAmfIyZAFAwAAAAAACgkQcs+OXiW0wpNM 1RAAv2AnWNaS7XR2dmhqMJIoUI5KIIXyHkreoooMm1JLBIt8dfzJT8CdjyjzbthtQu8IitH0J3Nl cpK3GQDxVAX3P6UtTgTQvAib2fQxsxkovPXhWvNZ0judp8ifPQVk9QEZ5rmuTNNVueKgvP25aNS7 Zc8mfk5lDIFpdicMdSi3K+Ff3VApt0hzVXLAa8XaLvlB1CLH/FLfY73w4hiX/Yl65KIIUW8ecUit rWE4pzAj508tvRRzDhprbg//+bstXDSurirjCgACDDkKEC4qChCquPbKEt7LbsIHvfYkwnMSXBin 6RN6D39H8zhXjjVTrc2o7k0aPhKaF3AOwGAXKn67GX/8DwgLnLrOSF+PrRNxDZiT5ZdbWdYTPvGe LeU3VexVnghaphPBgENf/xovoeHnTv72fYqS0LQ0QLxNImv2aqgDQpSeSLdJ8hU6NkrlbVJpnjH+ AYfTQgL+M4IJyBmkwWHnx7oGL+1rjWDUG32L5itL+sUsMUehm7nZ3huLIqprUd1PR2IP78XFf+Mq Nn2gY05tkcaM7wQxh//GT2qAzctAcGubOWj3xLpV0zFq4M+dSmKmsXdzZGCGzFbeeab4iNsV23dl FRozkYA7mWwqtjrH6YEz6sW72P9eFgZ4B2eZ+JpHTAnAX4v3HEly8s1KbubdeEZBYPyH62H8whj6 6vo=
=KL6J
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05

Hello,

On Wed 05 Mar 2025 at 11:35pm +0530, Nilesh Patra wrote:

Do you mind clarifying why that's the case, unless the reason is truly personal or undisclosable?

It's pretty simple -- there is no-one with the free time to train them
right now, in which case trainees will simply burn out, because they
won't get enough feedback on their NEW reviews.

We try to recruit only when there is someone who is able to dedicate
some time to training. That depends on what the other team members are
busy with, in and outside of Debian, at a given time.

This was made very clear to Andreas.

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmfI89kZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQPEgEACtCy34pRG15+Zv4dN7VRVF uciFA8k4JfPHoV1+Y6C7CJt8HIwBQ4IdX5IXhHjJJmTqp8sXm6Z/f8k6JGrZPQMB Hplk4tOSjBPrurjxZg+iVf7BmrsM1JlEsFXL/Jp3ywzhGexYFYULllNinTwwQFM/ jJ7Y6Qv+lfj4xb5YBAGfe4jjt/Eo7hrA59CuMzQRRU4PqUJ6+63RD0fsyZg2ct6l M62970RxOtAMjfAx2v17H7miP6c3NMIKSKke8BuLQ4xiJ44JmjYH2tP8JS6/uHXf 3WI/BaFOpj0VW0hmoIQLITby/YgCnkrTTOgr6weoOjAPs56u3N29EI++JAUd5k7S yZwP2A03FU2QEA67SvEG7pJBIxM9IgVppR4phgfNPobiZfiZqlBUo3FeorlJpDGq R9KxBrgTcBm17yFi7MrfJx8py45qY7jofZUc/F8m9OUfGQd3txfHgqPaZsaj12+d dk1u1o3depy6scpZdmthqaj2tldqLhvPD4FGvzgT3ARRRisXU7WC5oXMtxwuG1WS NcwLqSQurZYeo5l8fQ582TTlM0KLdCBhI6vQzvGqaOafpzVjmypTQxg3YWz7ksVg qa1UGLnf1DHQIFZzvd2asiiSgctfTYY0d/CV8qA+ucXddqKrlFVRiYzqN8IKTYmA pZn7vZdnI67CYUppY/AEdQ==KMYR
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

On Thu, Mar 06, 2025 at 09:01:13AM +0800, Sean Whitton wrote:

On Wed 05 Mar 2025 at 11:35pm +0530, Nilesh Patra wrote:

Do you mind clarifying why that's the case, unless the reason is truly
personal or undisclosable?

It's pretty simple -- there is no-one with the free time to train them
right now, in which case trainees will simply burn out, because they
won't get enough feedback on their NEW reviews.

This sounds like a self-amplifying situation. The project should do
something against that, especially in such a core position.

I thank the DPL for putting this to public attention.

Greetings
Marc. I'll take my Popcorn with salt please.


-- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------0ReWH8pR9PUD5f9xRE5J4ROh
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

T24gMDYuMDMuMjUgMDg6NTgsIE1hcmMgSGFiZXIgd3JvdGU6DQo+IEkgdGhhbmsgdGhlIERQ TCBmb3IgcHV0dGluZyB0aGlzIHRvIHB1YmxpYyBhdHRlbnRpb24uDQo+DQpXZWxsIE9LIGJ1 dCBtYXl5YmUgaGUgc2hvdWxkIGhhdmUgaGFuZGxlZCB0aGlzIGEgYml0IG1vcmUgZGlwbG9t YXRpY2FsbHkuDQoNCk9yIG1heWJlIGhlIHRyaWVkIHRvLCBhbmQgZmFpbGVkIHRvIGdldCB0 cmFjdGlvbi4gSSBhc3N1bWUgaGUnbGwgdGVsbCB1cyANCnByZXNlbnRseSwgaWYgb25seSB0 byByZWR1Y2UgdGhlIHBvcGNvcm4tdG8tc2VyaW91cy1kaXNjdXNzaW9uIHJhdGlvLg0KDQo+ IEdyZWV0aW5ncw0KPiBNYXJjLiBJJ2xsIHRha2UgbXkgUG9wY29ybiB3aXRoIHNhbHQgcGxl YXNlLiANCg0KUGxlYXNlIGRvbid0LiBXZSdsbCBnZXQgZW5vdWdoIG9mIHRoaXMgc29ydCBv ZiByZW1hcmsgZnJvbSBMV04gc29vbiANCmVub3VnaDsgdHJlYXRpbmcgcGVvcGxlcycgaG9u ZXN0IGNvbmNlcm5zIChub3QgdG8gbWVudGlvbiB0aGVpciBhY3R1YWwgDQp3b3JrIGZvciB0 aGUgcHJvamVjdCkgYXMgZW50ZXJ0YWlubWVudCBvbi1saXN0IGlzIGRpc2luZ2VuaW91cy4N Cg0KLS0gDQotLSByZWdhcmRzDQotLSANCi0tIE1hdHRoaWFzIFVybGljaHMNCg0K

--------------0ReWH8pR9PUD5f9xRE5J4ROh--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEr9eXgvO67AILKKGfcs+OXiW0wpMFAmfJY2UFAwAAAAAACgkQcs+OXiW0wpNb HhAAj0xR3fwFEgPMpV59+QylWC3D4ZOBLJY3SZ+1LMSaMp3UvZgA03omcmxKyHk+UHRfMQmFUlcE G/MzW+Gho+VjGjswix74T850dHM7tT2i9Go/yaDqcI3JKB/0tQU+bh6ZYiErH1miM4FHVBraPgGd cAshj3pnEaHx3AerG+MRb4EONAKfxtr7wMF/tgBFvP6CZXU/3kGsMPkeiZMNYX0XvBbQ7iAeVErV u0mHFeyOCyXi/Da937tGuSzQpVnV1evurRL5RsMXlRa7pkM5mX4F6FK7TAsPJVvux9HImweK9iWU bhvsVdJXpXTKQggoUb4f0e19ePEumJFimMVaMLDielQKbXsy7Q0GUnjPq828qjJ1mk4tai54OTAb aD7KMgRq8GTulnIc9mmQoucJYy5KHDsVpFFCkCktbP8MMa7NJn3d3LIXo9fGim9KPlFYPDejDXr1 6N0vsvxt4uuPDrqIvx5wcbZtGFf0e/xrmtuYIVpjMSqDtTd03R2LEuHUm/r0p5mGB5eYRP0YnB1T sadUT/1LPdovZ6hoDnR4PormoawCcLJXcdrV4VHZ7eUjVwqfb5hPYlnAemmzuGuwJRgiofD5/CwA JiQIJHgRX6DsKNs7tWMUR1Nj7AVyM0hF8eYdzCNjwfPi1tHN0aEUOe44JWlYmoH16+Tg6HEzaLzq 30U=
=HWRL
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

Sean Whitton <spwhitton@spwhitton.name> wrote on 06/03/2025 at 02:01:13+0100:

Hello,

On Wed 05 Mar 2025 at 11:35pm +0530, Nilesh Patra wrote:

Do you mind clarifying why that's the case, unless the reason is truly
personal or undisclosable?

It's pretty simple -- there is no-one with the free time to train them
right now, in which case trainees will simply burn out, because they
won't get enough feedback on their NEW reviews.

We try to recruit only when there is someone who is able to dedicate
some time to training. That depends on what the other team members are
busy with, in and outside of Debian, at a given time.

This was made very clear to Andreas.

There is a risk for such a situation to become auto-feeded.

I acknowledge the position of the ftpmasters team, but do you have a
plan to avoid it becoming a vicious circle?

Bests,
--
PEB

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEE5CQeth7uIW7ehIz87iFbn7jEWwsFAmfOxEIPHHBlYkBkZWJp YW4ub3JnAAoJEO4hW5+4xFsLtr4QAJrx26FGWHxNBqO16KM5q8vQroYRyHYy2UNp AVltbmir7h7OWGZkTvkpFdqMzbDXs9H5YVv8WBHfipf2TtArVCME/iS6khIHShPE gsQ0C6m6FeFcdv/y39H8dj+OdILjptQh4wSaS9zytuR1YqaBcNnodhGcUjfMjKVQ mSaakfLfXN1pOkl3G3FB7xbsuJIlWX7fCdJ4Sl4L5xMK/+Du66SpvZ9gmxsjiIr6 e+xgHraokYv40qiEbW/SZUbhidLhkJJmfiZSi16iLaY2FXGNUtacj0yiJvQ98wl8 KkxvR6UStS1Pe2/o5hDxxoNDdCECvmOaJeGw50pejRVbvhPDoVHNA8Ir7rDOfOz2 R+uvrDRsLnnBJbyC6He+MlUw7tNFbs0SeKVaJT7A0o0wuPfjsv8PfDvaYu5uMsjD UofwxGG/b2UGUBNHhZOEyMQOuZdiDQFPi/htbnfEsa/xkp9BIKo5FAWESdlgZgmA pe0AQTe8UifLIpn+Ge0qZrNgpLErKv9MR18DxHiqKBFr+3+kwRr+vrhC0VoHoLqY AEj0eqW5K06sGkVFjXqlbkfAeOWmLW0N+5q8zhP+QVZojVQDAb2JbiLS6757aG/h eMGVbvtuJQD4INiT2yBe1mCfvu2Y2cyt/xaiytNevvqfYzEbAsS5D+2LCO+bhcAZ
3HkVTskc
=nVjN
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)