WEBVTT 99:59:59.999 --> 99:59:59.999 [Talkmeister]: Welcome, our next talk will be about the Debian Long Term support 99:59:59.999 --> 99:59:59.999 team and the speaker is Raphaël Hertzog. 99:59:59.999 --> 99:59:59.999 [Raphaël Hertzog]: Hello. 99:59:59.999 --> 99:59:59.999 Today I will speak a bit about Debian long term support. 99:59:59.999 --> 99:59:59.999 I guess most of you already know about it. 99:59:59.999 --> 99:59:59.999 Are there some people who have no idea what this is about? 99:59:59.999 --> 99:59:59.999 No, good. 99:59:59.999 --> 99:59:59.999 I will make my talk in 3 parts. 99:59:59.999 --> 99:59:59.999 First I will present the team, how it works 99:59:59.999 --> 99:59:59.999 I will give some facts about how it evolved over the first years. 99:59:59.999 --> 99:59:59.999 I took some time to collect statistics and believe they are rather interesting 99:59:59.999 --> 99:59:59.999 I will also speak about the future 99:59:59.999 --> 99:59:59.999 but there will be a separate discussion about this in a BoF later this week. 99:59:59.999 --> 99:59:59.999 I will show you how to help because, like any other team in Debian it is open 99:59:59.999 --> 99:59:59.999 to anyone. We welcome help. 99:59:59.999 --> 99:59:59.999 At the end I will answer your questions. 99:59:59.999 --> 99:59:59.999 What is LTS about? 99:59:59.999 --> 99:59:59.999 The idea is really simple. 99:59:59.999 --> 99:59:59.999 We wanted to extend the support period of all Debian releases. 99:59:59.999 --> 99:59:59.999 Currently it is basically for 1 year after the next stable release comes out. 99:59:59.999 --> 99:59:59.999 We wanted to extend this to 5 years to match, at least, Ubuntu's offering. 99:59:59.999 --> 99:59:59.999 which is not our competitor, but for the companies that are making choices 99:59:59.999 --> 99:59:59.999 it is one of the important criteria. So we wanted to do as well. 99:59:59.999 --> 99:59:59.999 Since we publish new stable releases every 2 years it is roughly 3 years. 99:59:59.999 --> 99:59:59.999 A nice side benefit is that the user can skip a full release. 99:59:59.999 --> 99:59:59.999 We don't officially support dist-upgrade over going from Debian 6 to 8 99:59:59.999 --> 99:59:59.999 but you can do 2 dist-upgrades at the same time, limiting the downtime 99:59:59.999 --> 99:59:59.999 to once every 5 years. 99:59:59.999 --> 99:59:59.999 By the way, in practice, in simple server configurations, dist-upgrades tend to 99:59:59.999 --> 99:59:59.999 work rather well even across 2 releases. 99:59:59.999 --> 99:59:59.999 Keeping a distribution secure for 5 years is a real challenge. 99:59:59.999 --> 99:59:59.999 It is hard work that not everybody is willing to do. 99:59:59.999 --> 99:59:59.999 In Debian all the work is done by volunteers who do the work they enjoy. 99:59:59.999 --> 99:59:59.999 Generally we enjoy working on new features on top of latest releases 99:59:59.999 --> 99:59:59.999 and not really on backporting patches to crud that was written 5 years ago. 99:59:59.999 --> 99:59:59.999 The security team has limited resources so we could not just ask the security 99:59:59.999 --> 99:59:59.999 team to now do twice the work. 99:59:59.999 --> 99:59:59.999 But they were still really interested in the project and wanted to support the idea 99:59:59.999 --> 99:59:59.999 and really helped to get it bootstrapped. 99:59:59.999 --> 99:59:59.999 The security team has a slightly larger scope. 99:59:59.999 --> 99:59:59.999 They support all architectures, which means you have lots of problems of 99:59:59.999 --> 99:59:59.999 coordination when security updates do not compile and stuff like that. 99:59:59.999 --> 99:59:59.999 What did we do? 99:59:59.999 --> 99:59:59.999 We restricted the scope by picking the 2 most popular architectures 99:59:59.999 --> 99:59:59.999 that most users care about. 99:59:59.999 --> 99:59:59.999 We have had some demand for ARM architectures but up to now we only 99:59:59.999 --> 99:59:59.999 support amd64 and i386. 99:59:59.999 --> 99:59:59.999 We also excluded some packages from security support. 99:59:59.999 --> 99:59:59.999 Either because they are taking too much time, like a security issue every 2 weeks 99:59:59.999 --> 99:59:59.999 or that upstream is not cooperative enough to be able to support it. 99:59:59.999 --> 99:59:59.999 This list was basically made by the current security team based on their 99:59:59.999 --> 99:59:59.999 experience of doing security support. 99:59:59.999 --> 99:59:59.999 If you look at the list there are some important restrictions. 99:59:59.999 --> 99:59:59.999 There's no xen, no kvm, no rails, no browser. It sucks a bit. 99:59:59.999 --> 99:59:59.999 But it's a way to get it started. 99:59:59.999 --> 99:59:59.999 I think we can do better for wheezy. 99:59:59.999 --> 99:59:59.999 Basically there is no virtualization support on the host, only on the guest. 99:59:59.999 --> 99:59:59.999 The security team helped to bootstrap the LTS team but it is not the same team. 99:59:59.999 --> 99:59:59.999 Obviously there are members of the security team who also work on the LTS 99:59:59.999 --> 99:59:59.999 team. They work in close collaboration. 99:59:59.999 --> 99:59:59.999 We have regular contact and they watch our mailing lists etc. 99:59:59.999 --> 99:59:59.999 But the policies are different and the infrastructure is separate, 99:59:59.999 --> 99:59:59.999 which is a problem but I will talk about that later. 99:59:59.999 --> 99:59:59.999 We have a dedicated mailing list 99:59:59.999 --> 99:59:59.999 and a dedicated IRC channel as well. 99:59:59.999 --> 99:59:59.999 You are welcome to subscribe and to join. 99:59:59.999 --> 99:59:59.999 It's a new team which means new people and new members. 99:59:59.999 --> 99:59:59.999 Where do they come from? 99:59:59.999 --> 99:59:59.999 The first idea was to get help from people in various companies 99:59:59.999 --> 99:59:59.999 who are already doing such in-house support. 99:59:59.999 --> 99:59:59.999 We had contact with EDF, and still have, but they were one of the first 99:59:59.999 --> 99:59:59.999 companies who were pushing for this because they basically said 99:59:59.999 --> 99:59:59.999 we are doing this already and we can share with other companies. 99:59:59.999 --> 99:59:59.999 The idea was to pool security support of multiple companies. 99:59:59.999 --> 99:59:59.999 We sent a press release asking companies to join. 99:59:59.999 --> 99:59:59.999 We had a few responses. 99:59:59.999 --> 99:59:59.999 But I'll come back later to how it evolved It's not really satisfying. 99:59:59.999 --> 99:59:59.999 The other thing that we did is that we offered companies the option to 99:59:59.999 --> 99:59:59.999 fund the project to bring money and use this to pay the work of 99:59:59.999 --> 99:59:59.999 actual Debian contributors to do the security updates that we need. 99:59:59.999 --> 99:59:59.999 We have wiki pages listing all the ways that companies can help with money. 99:59:59.999 --> 99:59:59.999 In practice, most of the (wanting to be) paid contributors joined together 99:59:59.999 --> 99:59:59.999 under a single offer managed by Freexian SARL which is my own company. 99:59:59.999 --> 99:59:59.999 I'll quickly explain how this works. 99:59:59.999 --> 99:59:59.999 Most companies don't want to bother bringing human resources ??? (08:25) 99:59:59.999 --> 99:59:59.999 They buy long term support contracts from Freexian. 99:59:59.999 --> 99:59:59.999 We have a rate. When you give €85 you fund 1 hour of LTS work. 99:59:59.999 --> 99:59:59.999 This is the current list of sponsors. 99:59:59.999 --> 99:59:59.999 Top level gold sponsors sponsoring more than 1 day of work per month. 99:59:59.999 --> 99:59:59.999 On the other side we have Debian contributors that are doing the work 99:59:59.999 --> 99:59:59.999 and Freexian is paying them. There is a small difference between the rate 99:59:59.999 --> 99:59:59.999 to cover administration costs because I have to handle the invoices 99:59:59.999 --> 99:59:59.999 and some customers are using Paypal which is taking a cut. 99:59:59.999 --> 99:59:59.999 We ask contributors to follow some rules. 99:59:59.999 --> 99:59:59.999 There is a requirement to publish a monthly report on work done 99:59:59.999 --> 99:59:59.999 on paid time. So they won't get paid until they have published a report. 99:59:59.999 --> 99:59:59.999 So everybody can know how the money has been spent. 99:59:59.999 --> 99:59:59.999 Currently we have 7 Debian contributors and about 30 sponsors. 99:59:59.999 --> 99:59:59.999 Some figures. 99:59:59.999 --> 99:59:59.999 Who uploaded packages? How has it evolved since June last year? 99:59:59.999 --> 99:59:59.999 How is the funding evolving? 99:59:59.999 --> 99:59:59.999 I just updated those figures a few days ago. 99:59:59.999 --> 99:59:59.999 I used this talk before at the mini DebConf in Lyon in March, 99:59:59.999 --> 99:59:59.999 but I updated it again. 99:59:59.999 --> 99:59:59.999 The number of uploads is roughly over one year since we started last year. 99:59:59.999 --> 99:59:59.999 Over 300 uploads so it is not so much but it is almost 1 per day. 99:59:59.999 --> 99:59:59.999 So it is significant work. 99:59:59.999 --> 99:59:59.999 I have given a state here of who paid for the work and who did it on the left 99:59:59.999 --> 99:59:59.999 The sponsors of Freexian are paying for most of the uploads. ??? 99:59:59.999 --> 99:59:59.999 None is a separate category grouping all Debian maintainers. 99:59:59.999 --> 99:59:59.999 There are maintainers who are taking care of their own packages in LTS. 99:59:59.999 --> 99:59:59.999 Security team is members of the security team who also work within the LTS team. 99:59:59.999 --> 99:59:59.999 EDF is Électricité de France 99:59:59.999 --> 99:59:59.999 Individuals are Debian developers that have listed themselves as members of 99:59:59.999 --> 99:59:59.999 the LTS team and did uploads for packages of other maintainers not their own. 99:59:59.999 --> 99:59:59.999 Credativ is a German company that you probably know. 99:59:59.999 --> 99:59:59.999 They have a booth here if you want a job. 99:59:59.999 --> 99:59:59.999 Toshiba, Univention, Catalyst etc are other lower ??? 99:59:59.999 --> 99:59:59.999 On the right are people. The top 5 people are paid by Freexian. 99:59:59.999 --> 99:59:59.999 Raphaël Geissert is working for EDF. 99:59:59.999 --> 99:59:59.999 Thijs is a member of the security team. 99:59:59.999 --> 99:59:59.999 Kurt is openssl maintainer ??? 99:59:59.999 --> 99:59:59.999 Mike Gabriel is also paid by Freexian. 99:59:59.999 --> 99:59:59.999 Christoph Bieldl is mainly maintaining the debian-security-support in Squeeze LTS 99:59:59.999 --> 99:59:59.999 Nguyen Cong is employed by Toshiba. 99:59:59.999 --> 99:59:59.999 Christoph Berg is employed by creditv doing postgresql maintainence. 99:59:59.999 --> 99:59:59.999 How did it evolve over the year? 99:59:59.999 --> 99:59:59.999 (13:04)