Debian stable release manager quits [LWN.net]

No Good Deed Goes Unpunished

Posted Mar 9, 2006 17:15 UTC (Thu) by Junior_Samples (guest, #26737) [Link]

Like the corporate world, the free software community is subject to the laws of human nature too. Looks like the "ftpmasters" want to protect their turf. They probably don't know how hard, boring, and tedious release engineering can be.

One possible answer would be to use the Fedora "solution" and create a Debian "legacy" project for out-of-date branches. Of course Fedora Legacy may not be very good at its stated primary goal. However it does free up the main line developers, and allows them to wash their hands of their past mistakes.

Thanks to Fedora Legacy, real Fedora developers can proudly hold their heads high when they answer "Security issues with FC3? Hey, that's not my problem . . ."

Debian stable release manager quits

Posted Mar 9, 2006 17:42 UTC (Thu) by dilinger (subscriber, #2867) [Link]

As people seem to be picking on the FTP Masters, let me make two points:

1) the work that the FTP Masters do is just as important, and arguably more tedious than the work that the stable RM does. The demands that I've seen of the FTP Masters have been completely justified (ie, no stable release until Joey releases a $#!* kernel update).

2) Joey himself essentially runs the stable Security Team, which is the most opaque team within Debian. No one outside the team gets to see inside how the team operates, because of unreleased security information. It's also very difficult for someone new to join the team, as they have to gain Joey's trust.

Pot, meet Kettle.

For more ranting^Winformation, see <http://squishy.cc/blog/?p=85>, <http://squishy.cc/blog/?p=86>, and <http://squishy.cc/blog/?p=87>.

Debian stable release manager quits

Posted Mar 10, 2006 1:59 UTC (Fri) by lordsutch (subscriber, #53) [Link]

Probably a fair helping of blame on both sides here. My perception, though, was that historically Joey and James were pretty much peas in a pod (for example, back during the interminable new maintainer debacle); I guess something changed.

Anyway, nice to see some new blood on the stable RM team; hopefully we'll see some on ftpmaster too in the not so distant future.

Transparancy issues in community driven projects

Posted Mar 10, 2006 9:07 UTC (Fri) by fredrik (subscriber, #232) [Link]

I'm just a mere debian user, although I do try to follow the devel mailing list, I _know_ I don't have the full picture of this particular issue.

Still I think it is pretty obvious that there is a general issue with lack of transparancy in some of the Debian teams and roles. Not that this is unique for Debian, but fact is that the larger a project gets, the more important is communication. This is valid for _any_ kind of project and organisation.

Debian has what, around 1000 developers? In a such large organisation disagreement and misunderstanding is bound to occur. Especially when people don't communicate their plans and work. So, when handing out roles to members of a such large community, hacking skills and devotion isn't the only thing that is important. It is just as important to have a willingness to communicate, and a good grasp of how to maintain transparancy in ones leadership. And yes, even "technical" roles are a whole lot about communication. In fact I cant really see any role in the Debian community that doesn't require good communication skills.

Open source development is a matter of meritocracy, but these transparancy problems in the Debian community illustates perfectly just how vital it is to include communication skills in the merits of that meritocracy.

Fredrik Jonson

Debian stable release manager quits

Posted Mar 12, 2006 11:22 UTC (Sun) by neilm (subscriber, #28422) [Link]

2) Joey himself essentially runs the stable Security Team, which is the most opaque team within Debian. No one outside the team gets to see inside how the team operates, because of unreleased security information. It's also very difficult for someone new to join the team, as they have to gain Joey's trust.

Come on, that isn't entirely fair. There is a lot of work going on at the moment into making the security team a lot more transparent. To some extent, this has already been done, see the testing secuirty team and model.
The aim is to integrate these teams and simply have updates for all releases that have either embargoed issues (ie: ones that arrive via vendor-sec) and unembergoed which arrive by other means.

Debian stable release manager quits

Posted Mar 12, 2006 19:07 UTC (Sun) by dilinger (subscriber, #2867) [Link]

I agree that there is a lot going on right now to make the security team more transparent; however, that is happening in spite of Joey, not because of him. Kudos to mortiz, micah, aj, and the others that are working hard to make this happen.

One ftp-master comments

Posted Mar 10, 2006 11:48 UTC (Fri) by mbanck (subscriber, #9035) [Link]

James Troup, one of the ftp-masters, has commented on Joey's assertion that he was rejected for ftp-master without reason:

| The problem with the current point release is sudo.  If you want the
| point release to happen, please work with the sudo maintainer or
| convince someone to work with the sudo maintainer to get the package
| into a state where he is happy for it to be released.

The implication is that the reason for turning down the request was
that the point release was not being blocked by lack of an available
ftp-master, so making Joey one seemed orthogonal to the actual goal of
getting the next point release out.

It seems that this was a misunderstanding between the two parties on what needs to get done before something can happen. Joey's past frustration with ftp-master then made him give up.

Michael

Debian stable release manager quits

Posted Mar 11, 2006 3:55 UTC (Sat) by jpick (subscriber, #29470) [Link]

This is too bad.

I haven't maintained a Debian package in years, but it sounds like politics are just as bad as ever.

The only reason Debian ever really prospered in the first place is because packaging tools like dpkg meant that the individual developers could just go off and do their own thing and ignore the politics.

But there are some core functions that were never automated. Things that would have been really easy to automate. But that would put somebody out of a job. A lot of the core stuff has been left to non-responsive individuals with BOFH powers who like to bludgeon others with their "control". Debian needs to automate those guys out of a job. Of course, the guys that are willing to write the code to do exactly that are the same guys being bludgeoned on a daily basis.

I'm still a loyal Debian user - it's a great system. But with all the politics, it seems a little stuck in the mud sometimes...

Debian stable release manager quits

Posted Mar 16, 2006 11:12 UTC (Thu) by nix (subscriber, #2304) [Link]

Find a distro without politics. Find *any* human endeavour involving more than a dozen or so people without politics.

Just because hackers often suck at interpersonal stuff doesn't mean we don't get politics: it means the politics is *worse* than normal, because while we may not get subtle trickery and betrayal, we *do* get positive-feedback loops running out of control all the time. This is a major cause of failure of projects when new developers start piling in.

I hate politics too, but there's no getting away from it. It's as central to human existence as air.

Debian stable release manager quits

Posted Mar 24, 2006 15:26 UTC (Fri) by cortana (subscriber, #24596) [Link]

I don't think it's that simple. One of the jobs of the ftpmasters is to review packages in the NEW queue. When packages are uploaded by maintainers, they go into the NEW queue if they contain new binary package components. This can happen for two reasons:

A package contains new binary package components, such as libfoo1 being renamed to libfoo2.
A package is new to the archive.

In the second case, the package needs to be scrutinised by the ftpmasters to make sure that the license or licenses it is released under are DFSG-free; all the files in the package must be checked to make sure that they are actually released under the licenses listed in the package's copyright file; and various quality assurance tests must be performed, as well as checks to make sure that the package doesn't contain any nasty surprises such as a call to rm -rf / in a postinst script.

None of these tasks can be automated. The license-related work requires those that undertake it to have legal expertise; and the consequences of letting a bad package through could be disastrous! In a way, the ftpmasters are Debian, they run the servers and so it is they who would be sued if Debian began to distribute software without hte permission of the copyright holder. If I were in their position, I would be reluctant to delegate these tasks to others, knowing that if they screwed up I would be the one who ended up in court.

This is not to say that the process cannot be made much more transparent. If you look at the NEW queue you can see that some packages have languished in there for over a year. According to the changelog.Debian from the mplayer package, version 1.0pre6a-4 was uploaded on the 5th of March, 2005! Since then, all enquiries about its status have been ignored by the ftpmasters, and I'm surprised the maintainer of the package can be bothered to continue working on it.