[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,[Talkmeister]: Welcome, our next talk will\Nbe about the Debian Long Term support
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,team and the speaker is\NRaphaël Hertzog.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,[Raphaël Hertzog]: Hello.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Today I will speak a bit about Debian\Nlong term support.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I guess most of you already know about\Nit.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Are there some people who have no\Nidea what this is about?
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,No, good.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I will make my talk in 3 parts.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,First I will present the team, how it\Nworks
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I will give some facts about how it\Nevolved over the first years.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I took some time to collect statistics\Nand believe they are rather interesting
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I will also speak about the future
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,but there will be a separate discussion\Nabout this in a BoF later this week.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I will show you how to help because, like\Nany other team in Debian it is open
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,to anyone. We welcome help.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,At the end I will answer your questions.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,What is LTS about?
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The idea is really simple.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We wanted to extend the support period\Nof all Debian releases.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Currently it is basically for 1 year after\Nthe next stable release comes out.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We wanted to extend this to 5 years to\Nmatch, at least, Ubuntu's offering.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,which is not our competitor, but for the\Ncompanies that are making choices
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,it is one of the important criteria.\NSo we wanted to do as well.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Since we publish new stable releases\Nevery 2 years it is roughly 3 years.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,A nice side benefit is that the user can\Nskip a full release.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We don't officially support dist-upgrade\Nover going from Debian 6 to 8
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,but you can do 2 dist-upgrades at\Nthe same time, limiting the downtime
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,to once every 5 years.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,By the way, in practice, in simple server\Nconfigurations, dist-upgrades tend to
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,work rather well even across 2 releases.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Keeping a distribution secure for 5 years\Nis a real challenge.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,It is hard work that not everybody is\Nwilling to do.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,In Debian all the work is done by\Nvolunteers who do the work they enjoy.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Generally we enjoy working on new\Nfeatures on top of latest releases
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and not really on backporting patches to\Ncrud that was written 5 years ago.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The security team has limited resources\Nso we could not just ask the security
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,team to now do twice the work.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,But they were still really interested in\Nthe project and wanted to support the idea
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and really helped to get it bootstrapped.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The security team has a slightly larger\Nscope.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,They support all architectures, which\Nmeans you have lots of problems of
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,coordination when security updates do\Nnot compile and stuff like that.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,What did we do?
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We restricted the scope by picking\Nthe 2 most popular architectures
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,that most users care about.\N
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We have had some demand for ARM\Narchitectures but up to now we only
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,support amd64 and i386.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We also excluded some packages from\Nsecurity support.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Either because they are taking too much\Ntime, like a security issue every 2 weeks
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,or that upstream is not cooperative\Nenough to be able to support it.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,This list was basically made by the\Ncurrent security team based on their
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,experience of doing security support.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,If you look at the list there are some\Nimportant restrictions.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,There's no xen, no kvm, no rails,\Nno browser. It sucks a bit.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,But it's a way to get it started.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I think we can do better for wheezy.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Basically there is no virtualization\Nsupport on the host, only on the guest.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The security team helped to bootstrap\Nthe LTS team but it is not the same team.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Obviously there are members of the\Nsecurity team who also work on the LTS
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,team. They work in close collaboration.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We have regular contact and they watch our\Nmailing lists etc.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,But the policies are different and the\Ninfrastructure is separate,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,which is a problem but I will talk about\Nthat later.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We have a dedicated mailing list
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and a dedicated IRC channel as well.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,You are welcome to subscribe and to\Njoin.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,It's a new team which means new people\Nand new members.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Where do they come from?
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The first idea was to get help from\Npeople in various companies
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,who are already doing such in-house\Nsupport.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We had contact with EDF, and still have,\Nbut they were one of the first
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,companies who were pushing for this\Nbecause they basically said
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,we are doing this already and we can\Nshare with other companies.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The idea was to pool security support of\Nmultiple companies.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We sent a press release asking\Ncompanies to join.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We had a few responses.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,But I'll come back later to how it evolved\NIt's not really satisfying.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The other thing that we did is that we\Noffered companies the option to
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,fund the project to bring money and use\Nthis to pay the work of
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,actual Debian contributors to do the\Nsecurity updates that we need.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We have wiki pages listing all the ways\Nthat companies can help with money.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,In practice, most of the (wanting to be)\Npaid contributors joined together
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,under a single offer managed by\NFreexian SARL which is my own company.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I'll quickly explain how this works.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Most companies don't want to bother\Nbringing human resources ??? (08:25)
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,They buy long term support contracts\Nfrom Freexian.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We have a rate. When you give €85 you\Nfund 1 hour of LTS work.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,This is the current list of sponsors.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Top level gold sponsors sponsoring\Nmore than 1 day of work per month.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,On the other side we have Debian \Ncontributors that are doing the work
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and Freexian is paying them. There is a\Nsmall difference between the rate
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,to cover administration costs because I\Nhave to handle the invoices
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and some customers are using Paypal\Nwhich is taking a cut.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We ask contributors to follow some rules.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,There is a requirement to publish a\Nmonthly report on work done
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,on paid time. So they won't get paid until\Nthey have published a report.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,So everybody can know how the money\Nhas been spent.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Currently we have 7 Debian contributors\Nand about 30 sponsors.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Some figures.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Who uploaded packages?\NHow has it evolved since June last year?
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,How is the funding evolving?
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I just updated those figures a few\Ndays ago.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I used this talk before at the mini\NDebConf in Lyon in March,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,but I updated it again.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The number of uploads is roughly over\None year since we started last year.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Over 300 uploads so it is not so much\Nbut it is almost 1 per day.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,So it is significant work.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I have given a state here of who paid\Nfor the work and who did it on the left
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The sponsors of Freexian are paying for\Nmost of the uploads. ???
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,None is a separate category grouping all\NDebian maintainers.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,There are maintainers who are taking\Ncare of their own packages in LTS.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Security team is members of the security\Nteam who also work within the LTS team.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,EDF is Électricité de France
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Individuals are Debian developers that\Nhave listed themselves as members of
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,the LTS team and did uploads for packages\Nof other maintainers not their own.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Credativ is a German company that you\Nprobably know.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,They have a booth here if you want a\Njob.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Toshiba, Univention, Catalyst etc\Nare other lower ???
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,On the right are people. The top 5 people\Nare paid by Freexian.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Raphaël Geissert is working for EDF.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Thijs is a member of the security team.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Kurt is openssl maintainer ???
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Mike Gabriel is also paid by Freexian.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Christoph Bieldl is mainly maintaining\Nthe debian-security-support in Squeeze LTS
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Nguyen Cong is employed by Toshiba.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Christoph Berg is employed by creditv\Ndoing postgresql maintainence.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,How did it evolve over the year?
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Again it is by affiliation.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The big blue part is paid contributors
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,You don't see it very well but the part\Nabout maintainers is this one [points]
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,It tends to do better over the months\Nbecause here we started to
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,contact maintainers every time that we\Nhave a new upload coming up
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and ask them first 'do you want to handle\Nit yourself' so it slightly increased.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,but the contribution of other companies\Nhas not really increased over time.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Rather it has disappeared. It is\Nunfortunate but it looks like paid
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,contributors are more productive than\Nothers.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,In particular with EDF, they do the work,\Nbut with some lag and we are faster
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,so they just reuse what we have done. I\Nwant to talk to Raphaël to see
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,how we can do better towards this.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,How did the sponsorship level evolve?
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We have a steady increase, which is\Nrather nice. It is not a huge amount but
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,it is significant because we fund almost\N80 hours per month.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,It is close to our first goal. We wanted\Nthat amount to be able to sustain
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,ourselves.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,If you look at the sponsors, we have a\Nfew big ones, possibly one very big
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We can't give the name officially yet so\NI won't.It will be a big jump in the graph
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,A few gold and many small sponsors.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I don't want to be dependent too much on\None big sponsor. I really prefer many
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,sponsors who are doing small donations\Nbut donations which are sustainable
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,year after year because we are not here\Nfor 1 year or 2.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We want to do it over the long term.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We have some figures about how many\Nhours have been funded since the start
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Feel free to interrupt me if you have any\Nquestions. I can take them at any time
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,That's it for evolution. Now, the future.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,What do we expect for the future?
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,First keep doing what we have been up\Nto\N
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Keep supporting the current set of packages.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,But for wheezy long term support we\Nwould really like to have more
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,supported packages. A browser would\Nbe nice for desktop deployment.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Virtualization support is also important\Nfor many companies so we should be
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,able to support something here.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Also we want to avoid some pitfalls that\Nwe had with squeeze LTS.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,As you know LTS users are currently\Nrequired to add a separate source
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,list entry with squeeze-lts repository. The\Nsecurity.debian.org squeeze
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,repository is unused. It should be\Npossible for the LTS team to
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,continue using the same repository as\Nthe security team once it no longer
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,use it. This will be the topic of a BoF\Nnext week on Tue at 1800.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,What's the problem with supporting the\Ncurrent set of packages?
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,For example, we have MySQL right now in\NSqueeze LTS in version 5.1
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,which is no longer supported by Oracle.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We don't even know if it's affected by\Nsecurity issues because
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Oracle doesn't give info on\N??? release.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,This is a problem, we should consider\Nswitching to a newer version,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,but newer versions involve library\Ntransition, which is not really nice
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,in Long Term Support releases.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,There is some work to do here if we want\Nto do something serious.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,And we have other problems, other\Npackages which are similar.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,From time to time, we backport, we take\Nnewer upstream versions.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We did that for wireshark for example.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,This is what I said before, the limited\Nscope sucks, we want to be able to
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,support more packages and we need more\Nsupport for this.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,[Q] Speaking of wireshark, we switched to\NWheezy's version, so it's solved.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,[Raphael] Yes, exactly, that's what I just\Nsaid.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,It used to be a problem.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,That's a part I did no update since March.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Additionally, the problem with a separate\Nrepository is that
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,there is a propagation delay to the\Nmirrors
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,that we don't have with\Nsecurity.debian.org.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,I will speak a bit of how the team works.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Basically, the first step is triaging new\Nsecurity issues.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,We have a list of CVEs that comes in and\Nthere are added to a text file
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,data/CVE/list.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Some dispatches those on source packages\Nand then someone else reviews
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,status in each release.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Then the LTS team reviews the status in\NSqueeze and members of security team
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,review status in Wheezy and Jessie.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,And then, we decide what we must do with\Nthe package.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Depending on the analysis, either we say
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,"We need to prepare an update", so we add\Nit to data/dla-needed.txt
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and someone will have to take care of\Npreparing the update.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Or we say "The issue does not apply, does\Nnot affect the current version"
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,or we ignore it because the package is\Nunsupported or because
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,the issue is really minor, not severe\Nenough.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Sometimes, it can be that the issue is\Nalready fixed in Debian
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,due to some maintainer choices.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,When we do this classification, we contact\Nthe maintainer to keep him in the loop
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,and offer him the possibility to help us.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Here's what such a text file looks like.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,The bold line is the line that we are\Nadding when we have decided
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,what we're doing with the packages.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,This is all in the Subversion repository\Non Alioth.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Then, someone has to prepare the security\Nupdate.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Basically, looking for a patch, it's often\Nuseful to be able to look up at
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,RedHat or Ubuntu or upstream.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Best case is upstream because there are\Nnice upstream who are providing
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,patches also for older versions.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Usually there are already patches\Navailable,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,not always for the good version.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Sometimes we have to backport it.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Then we prepare an upload with this\N+deb6uX suffix that we're using now
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,for security updates, stable updates.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,This is a rather known territory for\Npackage maintainers.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,This is the hardest part sometimes,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,testing the update, making sure the issue\Nis fixed.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,When tools have test suites, it's nice,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,but sometimes we have to set it up\Nourselves.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,Sometimes it is too hard, so we tend to,\Nout of safety measure,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,to mail the mailing list and say
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,"Ok, I've done my best, but please double\Ncheck"
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,It doesn't happen often that we have\Ntesters
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,but some lts users are willing to test it\Nbefore ???
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,It would be really nice if we had\Nmore of those.
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,And if we don't get any negative feedback,
Dialogue: 0,9:59:59.99,9:59:59.99,Default,,0000,0000,0000,,then we upload.