Grassroots Free Software In-Depth Case Study: Debian

(1)

Grassroots Free Software

In-Depth Case Study: Debian

Stefano Zacchiroli Debian Project Leader Université Paris Diderot

IRILL 21 June 2012

Insubria International Open Source Summer School Como, Italy

(2)

Outline

1 FOSS concepts 2 _{Debian overview} 3 Philosophy 4 Organization 5 _Processes 6 Derivatives

7 _{Appendix: packaging tutorial} 8 Appendix: contribute

(3)

About the speaker

Research

ñ _{associate professor (}_{maître de conférences}_{) at Paris Diderot} ñ _{research fellow at IRILL (}_{Initiative de Recherche et Innovation sur}

le Logiciel Libre) —http://www.irill.org

Research interests

ñ _{component based software engineering (CBSE)} ñ _{formal methods for component upgrades and QA} ñ _{case in point: FOSS distribution packages}

Debian

ñ _{Debian Developer since March 2001}

ñ _{packages: OCaml, Vim, Python, math-related sw} ñ _{QA & infrastructure (PTS)}

(4)

Outline

(5)

Free Software

1 _{an idea: software users should be in}_control_{of their software}

ñ _{AKA: software users should enjoy a set of fundamental}_freedoms

while “using” it

2 _{a social and political movement to promote software freedoms}

world-wide

ñ _{rooted in the}_{hacker culture}_{of the 70s and of the early UNIX-es} ñ _{started in 1983 by Richard Stallman, launching the GNU Project} ñ _{promoted since 1985 by the Free Software Foundation}

(6)

Free Software — why it matters

Lester picked up a screwdriver. “You see this? It’s a tool. You can pick it up and you can unscrew stuff or screw stuff in. You can use the handle for a hammer. You can use the blade to open paint cans. You can throw it away, loan it out, or paint it purple and frame it.” He thumped the printer. “This [ Disney in a Box ] thing is a tool, too, but it’s not your tool. It belongs to someone else — Disney. It isn’t interested in listening to you or obeying you. It doesn’t want to give you more control over your life.” [. . . ]

“If you don’t control your life, you’re miserable. Think of the people who don’t get to run their own lives: prisoners, reform-school kids, mental patients. There’s something inherently awful about living like that. Autonomy makes us happy.”

— Cory Doctorow, Makers http:// craphound.com/ makers/

(7)

Free Software, defined

Definition (Free Software)

A program is free software if the program’s users have thefour essential freedoms:

0 _{The freedom to}_run _{the program, for any purpose (freedom 0).} 1 _{The freedom to}_study_{how the program works, and change it so}

it does your computing as you wish (freedom 1).

2 _{The freedom to}_{redistribute copies}_{so you can help your}

neighbor (freedom 2).

3 _{The freedom to}_distribute_{copies of your}_{modified versions}_to

others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source is a precondition for freedoms 1 and 3.

(8)

What About “Open Source”?

A different point of view on similar objectives

Free Software best practices as adevelopment methodology. . . . . . that leads tobetter software

major influence from “The Cathedral and the Bazaar”, by Eric S. Raymond

that later influenced Netscape “open source”-ing

synthesized by theOpen Source Initiative(OSI) in theOpen Source Definition(1981)

ñ _{derived from the Debian Free Software Guidelines (more on this}

later. . . )

Origin of a heated debate since then

(9)

Distributing Free Software — the early days

Actors:

1 _upstream_{software developer} 2 _final_users

Notable flows: software, fixes, bug report, patches

Highlights:

source distribution

ñ _{compilation is done on}

user machines. . .

(10)

Distributing Free Software — the early days (cont.)

Practically, users need to:

1 _download

ñ _{bonus point: verify checksums and GPG-sig}

2 untar 3 _./configure 4 _make 5 _{make install}

(or language-specific variants) Example

Let’s have a look at:

http://www.gnu.org/prep/standards/html_node/ Managing-Releases.html

(11)

Distributing Free Software — the early days (cont.)

Pros:

tight relationships between upstream and users

encourage becoming involved with development

Cons:

confuses user and developer roles→ developer knowledge needed to run the software scalability

ñ _{update frequency} ñ _trust

(12)

Example — installation issues in the early days

foo is cool, let’s install it!

1 _{download foo-1.0.tar.gz}

ñ _{checksum mismatch, missing public key, etc.}

2 _./configure

ñ _{error: missing bar, baz, . . .}

3 foreach (bar, baz, . . . ) go to 1

until (recursive) success

4 _make

ñ _{error: symbol not found}

5 _{make install}

ñ _{error: cp: cannot create regular file /some/weird/path}

now try scale that up to 17’000 sources releasing3’000 new versions/month

(13)

The notion of “distribution”

distributions are meant to easesoftware management key notion: the abstraction ofpackage

offercoherent collectionsof software killer application: package managers

(14)

Package manager

React to user requeststo alter (upgrade / install / remove) software installation:

1 _{dependency solving} 2 _{software download} 3 _{software installation}

ñ _{as in: putting files in the right places}

4 _{software configuration}

(15)

Package manager — example

Phase Trace

User request # apt-get install aterm

Constraint resolution                                 

Reading package lists... Done Building dependency tree... Done

The following extra packages will be installed: libafterimage0

The following NEW packages will be installed aterm libafterimage0

0 upgraded, 2 newly installed, 0 to remove and 1786 not upgraded. Need to get 386kB of archives.

After unpacking 807kB of additional disk space will be used. Do you want to continue [Y/n]? Y

Package retrieval     

Get: 1 http://debian.ens-cachan.fr testing/main libafterimage0 2.2.8-2 [301kB] Get: 2 http://debian.ens-cachan.fr testing/main aterm 1.0.1-4 [84.4kB] Fetched 386kB in 0s (410kB/s) Pre-configuration { Unpacking             

Selecting previously deselected package libafterimage0.

(Reading database ... 294774 files and directories currently installed.) Unpacking libafterimage0 (from .../libafterimage0_2.2.8-2_i386.deb) ... Selecting previously deselected package aterm.

Unpacking aterm (from .../aterm_1.0.1-4_i386.deb) ... Configuration    Setting up libafterimage0 (2.2.8-2) ... Setting up aterm (1.0.1-4) ...

(16)

Distribution concerns

Distributions act asintermediariesbetween upstream software authors and final users. Distributions are meant to ease Free Software life cycle management.

Within distributions scope: package management trusted sw delivery swintegration initial installation

sw packaging

upstream release tracking bug triage and forwarding (porting)

Outside distribution scope: upstream sw development (but beware of overlaps)

“shielding” users from upstream and vice-versa

(17)

Source vs binary distribution

Source distribution

packages contain source code which get compiled

(automatically) on user machines

distribution takes care of compilability

Binary distribution packages contain compiled (or “binary”) code

which get installed on user machines

distribution takes care of compilation

ñ _{on all supported platforms}

(18)

Packages — a closer look

zack@usha:~% ls -al apache2-bin_2.4.2-2_amd64.deb

-rw-r--r-- 1 zack zack 1288852 mag 28 19:17 apache2-bin_2.4.2-2_amd64.deb

Contains:

1 _{the actual files that come with the Apache HTTP server}

ñ _{/usr/sbin/apache2}

ñ _{/usr/share/doc/apache2/README} ñ _{. . .}

2 _{configuration programs that get executed before/after}

installation

ñ _{start automatically Apache after installation} ñ _{stop automatically Apache before removal}

⇒ so that Apache is down during upgrade and up again immediately after

(19)

Package metadata

zack@usha:~% apt−cache show apache2−bin Package: apache2−bin

Version: 2.4.2−2 I n s t a l l e d−Size : 3321

Maintainer: Debian Apache Maintainers <debian−apache@lists . debian . org> Architecture: amd64

Replaces: apache2.2−bin (<< 2.3~) , apache2.2−common Provides: apache2−api−20120211, httpd , httpd−cgi

Depends: libapr1 (>= 1 . 4 . 2 ) , l i b a p r u t i l 1−dbd−s q l i t e 3 | l i b a p r u t i l 1−dbd−mysql | [ . . . ] , l i b a p r u t i l 1−ldap , l i b c 6 (>= 2 . 4 ) , l i b l d a p−2.4−2 (>= 2 . 4 . 7 ) , l i b l u a 5 .1−0,

libpcre3 (>= 8.10) , l i b s s l 1 . 0 . 0 (>= 1 . 0 . 1 ) , libxml2 (>= 2 . 7 . 4 ) , zlib1g (>= 1 : 1 . 1 . 4 ) , p e r l

Suggests: www−browser , apache2−doc , apache2−suexec−p r i s t i n e | apache2−suexec−custom Conflicts: apache2.2−bin (<< 2.3~) , apache2.2−common

Description−en : Apache HTTP Server ( binary f i l e s and modules )

The Apache Software Foundation ’ s goal i s to build a secure , e f f i c i e n t and extensible HTTP server as standards−compliant open source software . The r e s u l t has long been the number one web server on the I n t e r n e t . [ . . . ] Homepage : http : / / httpd . apache . org/

Section: httpd P r i o r i t y: optional Size : 1288852

MD5sum: 0f2988d78c7653ed9f967437f477059a SHA1 : 31f3015b2b94dd8f9fc2f573784fe98178ccbadc

(20)

Distributions

easing software distribution: major concern in the early Free Software days

distribution: a “somewhat” successful idea

≈300+activedistribution nowadays

source:http://distrowatch.com

a distribution timeline: http://futurist.se/gldt/

(21)

Distributions (cont.)

Some axes to compare distributions: package management

ñ _{source vs binary distribution}

ñ _{low-level package format (most notably: deb vs rpm)} ñ _{high-level package managers}

other technical features

ñ _{included/default software} ñ _{architectures}

ñ _{. . .}

organization

ñ _{manpower: company vs volunteer} ñ _{decision making}

ñ _community

availability of commercial support / expertise Review of major distributions:

(22)

This class

In-depth case study of how a major volunteer Free Software project—and in particular a distribution: Debian—is organized.

Points of view:

philosophical (volunteer motivation, social structure, etc.)

management (decision making, project structure, etc.)

(23)

Outline

(24)

Debian: once upon a time

Fellow Linuxers,

This is just to announce the imminent completion of a

brand-new Linux release, which I’m calling theDebian

Linux Release. [. . . ]

Ian A Murdock, 16/08/1993 comp.os.linux.development

http:// deb.li/ bigbang

make GNU/Linuxcompetitivewith commercial OS easyto install

builtcollaborativelyby software experts

1st major distro developed “openlyin the spirit of GNU” FSF-supported for a while

(25)

Since then — 15 releases

1993 development snapshots 1994 0.91 1995 0.93r5, 0.93r6, 1.0 1996 1.1 (Buzz), 1.2 (Rex) 1997 1.3 (Bo) 1998 2.0 (Hamm) 1999 2.1 (Slink) 2000 2.2 (Potato) 2002 3.0 (Woody) 2005 3.1 (Sarge) Apr 2007 4.0 (Etch) Feb 2009 5.0 (Lenny) Feb 2011 6.0 (Squeeze) Q4 2012 (?) 6.0 (Wheezy) trivia:

why does Buzz have a (Debian) swirl on his chin?

(26)

Since then — 12 Debian Project Leaders (DPL)

1993–1996 Ian Murdock 1996–1997 Bruce Perens 1997–1998 Ian Jackson 1999–2001 Wichert Akkerman 2001–2002 Ben Collins 2002–2003 Bdale Garbee 2003–2005 Martin Michlmayr 2005–2006 Branden Robinson 2006–2007 Anthony Towns 2007–2008 Sam Hocevar 2008–2010 Steve McIntyre 2010–2013 yours truly

(27)

What is Debian?

3 aspects, interlinked:

1 _{an operating system} 2 _{a project}

(28)

Debian: the operating system

flagship product: Debian stable

binary distribution completely Free (DFSG)

ñ _DFSG

ñ _contrib_,_non-free

released every 24 months (≈) a dozen architectures

amd64, armel, armhf, ia64, mips, mipsel, powerpc, s390, s390x, sparc

archive-wide security support

2.0 2.1 2.2 3.0 3.1 4.0 5.0 6.0 0 5000 10000 15000 20000 25000 30000

Source packages Binary packages

one of the largest GNU/Linux porting platforms

renowned for

ports, stability, packaging system, old hardware support, documentation, smooth upgrades, i18n/l10n, thetestingsuite, runs anywhere, technical policy, package choice, . . .

(29)

Debian 6.0 “Squeeze” — highlights

What could happen in a release cycle?

dependency-based boot system (faster, more robust)

completelyFree Linux kernel, firmware included GNU/kFreeBSDas technology preview improveddebian-installer ñ _{ext4, btrfs} ñ _{ZFS (kFreeBSD)}

ñ _{better support for complex setups}

e.g. LVM + RAID + encryption

get Squeeze

(30)

Debian 6.0 “Squeeze” — highlights (cont.)

Debian Pure Blends

ñ _{DebianEdu, Debian Med, Debian}

Science, Debian Accessibility, DebiChem, Debian EzGo, Debian GIS, Debian Multimedia, . . .

ñ _{blends.alioth.debian.org/} newservices ñ _{snapshot.debian.org} ñ _{backports.debian.org} ñ _{squeeze-updates}_suite (ex-volatile) ñ _{screenshots.debian.net} ñ _{ask.debian.net}

updatesthroughout the archive choice: GNOME, KDE Plasma, Xfce, LXDE, . . .

get Squeeze

(31)

Debian: the Project

Common goal:

Create the best, Free operating system.

Debian Social Contract (1997)

100% Free Software give back

don’t hide problems

priorities: users & Free Software

Debian Constitution (1998)

Structures and rules of a Free-Software-compatible democracy

(32)

(33)

Demography (cont.)

Developer’s per country

2012 statistics:

http://www.perrier.eu.org/weblog/2012/06/06# devel-countries-201206

(34)

Demography (cont.)

Figure:age histogram

(35)

Debian: the community

Open development

we don’t hide problem

easy to have an impact (just “show me the code!”) Large amounts of communication

mailing lists IRC

(a few) social media (growing)

ñ _social:_@debian_,_!debian_{on identi.ca}

Large number of tech-savvy users

(36)

Debian: one of a kind?

1993 — not many distros back then 19 years later —lotsof other distros

openSUSE, Linux Mint, PCLinuxOS, Slackware, Gentoo Linux, CentOS, FreeBSD, Arch, Sabayon, Puppy, Lubuntu, MEPIS, Ultimate, NetBSD, Tiny Core, Zenwalk, CrunchBang, Dreamlinux, Vector, Kubuntu, Maemo, Red Hat, aptosid, Peppermint, PC-BSD, Chakra, Salix, ClearOS, KNOPPIX, Xubuntu, Super OS, BackTrack, gOS, TinyMe, Zentyal, EasyPeasy, Frugalware, Clonezilla, Pardus, Meego, OpenBSD, Quirky, PC/OS, Zorin,Debian, SystemRescue, Element, Unity, SliTaz, Macpup, wattOS, Scientific, Mythbuntu, Slax, DragonFLY, Elive, linux-gamers, 64 Studio, Ubuntu, mageia, Nexenta, Parisx, NuTyX, GhostBSD, Kongoni, moonOS, LFS, Lunar, Imagineos, Untangle, Fedora, Yellow Dog, aLinux, Yoper, IPFire, BlankOn, Mandriva, PureOS, FreeNAS, Moblin, Linpus, TurboLinux, blackPanther, . . .

with manydifferences: technical choices release management release schedule target user community support packaging system user base

look & feel . . .

(37)

Debian’s special #1: package quality

“ Culture of technical excellence ” packagedesign: Policy

i.e. “how a package should look like” packagetesting: lintian,piuparts, archive rebuilds (FTBFS), . . .

package maintainers aresoftware experts no 2nd class packages, all are equal

Debian release mantra

(38)

Debian’s special #2: freedom

Firm principles: developers and users bound by theSocial Contract

1 _{promoting the “culture of Free Software” since 1993} 2 _{Free the bottom up}

ñ _{in its software}

firmware included !

ñ _{in its infrastructure}

no non-free web services (for users) no non-free services (for developers)

Community awareness users know

users trust Debian not to betray Free Software principles high bar for software freedomadvocates

(39)

Debian’s special #3: independence

Debian is an independentproject

no (single) company babysitting us living up on:

1 _{donations (money & hardware)} 2 _gift-economy

. . . truly remarkable in today “big” distro world

(40)

Debian’s special #4: decision making

1 _do-ocracy

An individual Developer may make any technical or nontechnical decision with regard to their own work;

— Debian Constitution, §3.3.1.1

2 democracy

Each decision in the Project is made by one or more of the following:

1. The Developers, by way of General Resolution [...]

— Debian Constitution, §2 that means:

reputation follows work

no benevolent dictator, no oligarchy no imposed decisions

(41)

Outline

(42)

Social Contract

History

1996 early worries about companies involvement in distro development “will RedHat always remain Free?”

FOSS licenses are not enough to guarantee that Debian solution: a “contract” on project commitments

1996 drafted by Bruce Perens (as DPL) + discussion

1997 ratified version 1.0

2004 ratified version 1.1

one of DebianFoundation Documents

tacit agreement between Debian and the FOSS community volunteer project→ very important for developers’ motivation

(43)

Social Contract — details

We declare that:

1 _{Debian will remain 100% free}

We provide the guidelines that we use to determine if a work is “free” in the document entitled “The Debian Free Software Guidelines”. We promise that the Debian system and all its components will be free according to these guidelines. We will support people who create or use both free and non-free works on Debian. We will never make the system require the use of a non-free component.

Depends: DFSG

allow users to live 100% Free digital life . . . but does notforcethem to

(44)

Social Contract — details (cont.)

2 _{We Will Give Back to the Free Software Community}

When we writenew componentsof the Debian system, we will license them in a manner consistent with the Debian Free Software Guidelines. We will make the best system we can, so that free works will be widely distributed and used. We will communicate things such as bug fixes, improvements and user requests to theupstream authors of works included in our system.

dogfooding

commitment to the Free Software ecosystem

encourage ecosystem sustainability, rather than Debian’s only principle: Free Software success is more important than Debian’s

(45)

Implied distribution ecosystem

shortcut the 1-to-many user-upstream relationship

does nothideupstream existence (they’re in the social contract!) encourages:

ñ _{contributing distro-originated bugs and fixes upstream} ñ _{software selection and integration at the distro level}

(46)

Social Contract — details (cont.)

3 _{We Won’t Hide Problems}

We will keep our entire bug report database open for public view at all times. Reports that people file online will promptly become visible to others.

historically relevant: firstcommunity distro

ñ _{possibly the single greatest Debian contribution to Free Software}

induced a culture of project-widetransparency

ñ _{folklore: “}_{social contract 3 is not only for bugs}_” ñ _{folklore: “}_{there is no cabal}_”

con: it is hard, really; makes harder interaction with actors that have different values

(47)

Social Contract — details (cont.)

4 _{Our priorities are our users and free software}

We will be guided by the needs of ourusersand thefree software community. We will place their interests first in our priorities. [. . . ] We will not object tonon-free worksthat are intended to be used on Debian systems, or attempt to charge a fee to people who create or use such works. We will allow others tocreate distributionscontaining both the Debian system and other works, without any fee from us. [. . . ]

attempted balance: user and free software interests

ñ _{often at stake: non-free graphic/network drivers in Debian?}

(48)

Social Contract — details (cont.)

5 _{Works that do not meet our free software standards}

We acknowledge that some of our users require the use of works that do not conform to the Debian Free Software Guidelines. We have

createdcontribandnon-freeareas in our archive for these works.

The packages in these areas are not part of the Debian system, although they have been configured for use with Debian. We

encourage CD manufacturers to read the licenses of the packages in these areas and determine if they can distribute the packages on their CDs. Thus, although non-free works are not a part of Debian, we support their use and provide infrastructure for non-free packages (such as our bug tracking system and mailing lists).

Debian pragmatismat its peek

(49)

Debian Free Software Guidelines (DFSG)

the Social Contract relies ona “definition” of Free Software the other Debian Foundation Document

guidelinesonly — not hard rules

used to help decide what ispart of Debian

apply to the “freedoms” attached to a given package

ñ _{usually: copyright license}

ñ _{but also: trademark license, and your favorite}_$monopoly

havede factomade Debian a renowned authority about software free-ness

ñ _{together with major authorities: FSF, OSI}

trivia: basis for Open Source Definition / Initiative

(50)

DFSG — details

1 _{Free Redistribution}

The license of a Debian componentmay not restrictany party from selling orgiving awaythe software as a component of an aggregate software distribution containing programs from several different sources. The licensemay not require a royalty orother feefor such sale.

(51)

DFSG — details

2 _{Source Code}

The program must include source code, and must allow distribution in source code as well as compiled form.

explicit the “open source” requirement of freedoms 1 (study) and 3 (distribute modifications)

“open source” heritage of those days, then become part of its definition

3 _{Derived Works}

The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.

(52)

DFSG — details

2 _{Source Code}

The program must include source code, and must allow distribution in source code as well as compiled form.

explicit the “open source” requirement of freedoms 1 (study) and 3 (distribute modifications)

“open source” heritage of those days, then become part of its definition

3 _{Derived Works}

The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.

(53)

DFSG — details (cont.)

4 _{Integrity of The Author’s Source Code}

The license may restrict source-code from being distributed in modified form only if the license allows the distribution of patch files with the source code for the purpose of modifying the program at build time. The license must explicitly permit distribution of software built from modified source code. The license may require derived works to carry a different name or version number from the original software.

trademarksare not (necessarily) incompatible with software freedoms

But:

(This is acompromise. The Debian group encourages all authors not to restrict any files, source or binary, from being modified.)

(54)

DFSG — details (cont.)

5 _{No Discrimination Against Persons or Groups}

The license must not discriminate against any person or group of persons.

6 _{No Discrimination Against Fields of Endeavor}

The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

Exercise (Free Software ethics)

Why a license that states the softwarecannot be used for warfare purposes is unacceptable from the Free Software point of view? What would be the loss for the Free Software ecosystem?

(55)

DFSG — details (cont.)

5 _{No Discrimination Against Persons or Groups}

The license must not discriminate against any person or group of persons.

6 _{No Discrimination Against Fields of Endeavor}

The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

Exercise (Free Software ethics)

Why a license that states the softwarecannot be used for warfare purposes is unacceptable from the Free Software point of view? What would be the loss for the Free Software ecosystem?

(56)

DFSG — details (cont.)

7 _{Distribution of License}

The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties.

(57)

DFSG — details (cont.)

8 _{License Must Not Be Specific to Debian}

The rights attached to the program must not depend on the program’s being part of a Debian system. If the program is extracted from Debian and used or distributed without Debian but otherwise within the terms of the program’s license, all parties to whom the program is redistributed should have the same rights as those that are granted in conjunction with the Debian system.

no special casing: it is free for us only if it is free for everybody coherent with the “Free Software first” view

(58)

DFSG — details (cont.)

9 _{License Must Not Contaminate Other Software}

The license must not place restrictions on other software that is distributed along with the licensed software. For example, the license must not insist that all other programs distributed on the same medium must be free software.

license modularity

(59)

Debian Free

Software

(?) Guidelines

Spot the differences!

Debian Will Remain 100% Free Software (SC 1.0)

We promise to keep the Debian GNU/Linux Distribution entirely free software. As there are many definitions of free software, we include the guidelines we use to determine if software is “free” below. We will support our users who develop and run non-free software on Debian, but we will never make the system depend on an item of non-free software.

vs

Debian will remain 100% free (SC 1.1)

We provide the guidelines that we use to determine if a work is “free” in the document entitled “The Debian Free Software Guidelines”. We promise that the Debian system and all its components will be free according to these guidelines. We will support people who create or use both free and non-free works on Debian. We will never make the system require the use of a non-free component.

(60)

Debian Free

Software

(?) Guidelines (cont.)

SC “editorial” changes of 2004

http://www.debian.org/vote/2004/social_contract_reform.3 all content is equaland subject to DFSG

no double standardfor

ñ _software ñ _{documentation} ñ _firmware ñ _{data collections} ñ _{. . .}

radical position at the time

ñ _{increasingly popular today in the}_{free culture}_movement ñ _{objected by major actors (e.g. FSF for “political” texts)}

Source of ethical doubts and technical issues within the community for Debian releases up to Squeeze. Today: no non-free firmware in main and no (new) non-free firmware in Linux upstream.

(61)

DFSG in practice

DFSG are no laws, butguidelines

no judges, no tribunals, just judgement (with responsibles in charge)

For complex cases, a series ofthought experimentshave been developed and are used as “benchmark” forsomeDFSG features

(62)

DFSG thought experiments

Example (The Desert Island test)

Imagine a castaway on a desert island with a solar-powered computer.

This would make it impossible to fulfill any requirement to make changes publicly available or to send patches to some particular place. This holds even if such requirements are only upon request, as the castaway might be able to receive messages but be unable to send them. To be free, software must be modifiable by this

unfortunate castaway, who must also be able to legally share modifications with friends on the island.

(63)

DFSG thought experiments (cont.)

Example (The Desert Island test)

Imagine a castaway on a desert island with a solar-powered computer.

This would make it impossible to fulfill any requirement to make changes publicly available or to send patches to some particular place. This holds even if such requirements are only upon request, as the castaway might be able to receive messages but be unable to send them. To be free, software must be modifiable by this

unfortunate castaway, who must also be able to legally share modifications with friends on the island.

(64)

DFSG thought experiments (cont.)

Example (The Dissident test)

Consider a dissident in a totalitarian state who wishes to share a modified bit of software with fellow dissidents, but does not wish to reveal the identity of the modifier, or directly reveal the

modifications themselves, or even possession of the program, to the government.

Any requirement for sending source modifications to anyone other than the recipient of the modified binary—in fact any forced

distribution at all, beyond giving source to those who receive a copy of the binary—would put the dissident in danger. For Debian to consider software free it must not require any such excess distribution.

(65)

DFSG thought experiments (cont.)

Example (The Dissident test)

Consider a dissident in a totalitarian state who wishes to share a modified bit of software with fellow dissidents, but does not wish to reveal the identity of the modifier, or directly reveal the

modifications themselves, or even possession of the program, to the government.

Any requirement for sending source modifications to anyone other than the recipient of the modified binary—in fact any forced

distribution at all, beyond giving source to those who receive a copy of the binary—would put the dissident in danger. For Debian to consider software free it must not require any such excess distribution.

(66)

DFSG thought experiments (cont.)

Example (The Tentacles of Evil test)

Imagine that the author is hired by a large evil corporation and, now in their thrall, attempts to do the worst to the users of the program: to make their lives miserable, to make them stop using the program, to expose them to legal liability, to make the program non-free, to discover their secrets, etc. The same can happen to a corporation bought out by a larger corporation bent on destroying free software in order to maintain its monopoly and extend its evil empire.

The license cannot allow even the author to take away the required freedoms!

(67)

DFSG thought experiments (cont.)

Example (The Tentacles of Evil test)

Imagine that the author is hired by a large evil corporation and, now in their thrall, attempts to do the worst to the users of the program: to make their lives miserable, to make them stop using the program, to expose them to legal liability, to make the program non-free, to discover their secrets, etc. The same can happen to a corporation bought out by a larger corporation bent on destroying free software in order to maintain its monopoly and extend its evil empire.

The license cannot allow even the author to take away the required freedoms!

(68)

DFSG vs common licenses

someDFSG-free licenses:

strong copyleftlicenses: GPL, AGPL, (CC BY-SA 3.0,) . . . weak copyleftlicenses: LGPL, MPL

liberallicense: BSD, MIT/X11, Apache, . . .

somenon-DFSG-free licenses: all the “bad” ones

(69)

DFSG — exercises

Exercise

Which of the following Creative Commons licenses is DFSG-free? CC BY 3.0http:// creativecommons.org/ licenses/ by/ 3.0/

CC BY-ND 3.0http:// creativecommons.org/ licenses/ by-nd/ 3.0/ CC BY-NC-SA 3.0

http:// creativecommons.org/ licenses/ by-nc-sa/ 3.0/

Exercise

Is the TeX license DFSG-free?

http:// en.wikipedia.org/ wiki/ TeX#License

Exercise

Is the GNU Free Documentation License DFSG-free?

(70)

DFSG — exercises

Exercise

Is the GNU Free Documentation License DFSG-free?

(71)

DFSG — exercises

Exercise

Is the GNU Free Documentation License DFSG-free? http:// www.gnu.org/ copyleft/ fdl.html

(72)

Outline

(73)

Constitution

structure and rules for decision making in aFree Software-compatible democracy

volunteers

minimal “people management” “do-ocracy”

ñ _{anybody can decide how to do their job} ñ _{nobody can impose to others what to do}

relationships with the real “fiscal” world

(74)

Constitution — changelog

Need: project-wide decisions

Solution: project-wide voting (AKA general resolution)

1998 drafted by Ian Jackson (as DPL) + discussion 1998 v1.0: ratified

2003 v1.1: clarifyvoting method: Condorcet/clone proof SSD 2003 v1.2: clearly definefoundation documents

2006 v1.3: generalizeasset management 2007 v1.4: reduce thelength of DPLelection

Note: equipped with typical constitutionalself-defense mechanisms. All changes above needed to pass, and obtained,3:1 majority

(75)

Constitution — bodies

individual “developers” (or, better,project members) Debian Project Leader(DPL) elected each year

technical committee(tech-ctte) secretary

(76)

Project members

akin to Debian Projectcitizens

everybody can work on Debian without being a project member. . .

but project members do have specific rights:

ñ _voting _{(and being voted)}

ñ _{right to use project}_{technical infrastructure}

(77)

Project leader

represents Debian

delegates “area of ongoing responsibility” to developers

ñ _AKA_{appoint delegates}

coordinate project activities, “lead discussions” decide uponproject assets

ñ _money ñ _hardware

ñ _{“IP”, e.g. trademarks}

decision “garbage collector”

ñ _urgency

(78)

Technical committee

“tribunal” fortechnicaldisputes, 4–8 members

the only formalized dispute resolution body in Debian

ñ _{everything else (e.g. social issues) dealt with via mediation} ñ _{often by the DPL}

members: skilled, (project-)elderly, well-respected developers

ñ _{appointed by DPL}

formal voting process that mimics project-wide votes Example (some recent tech-ctte issues)

#614907 node: name conflicts with node.js interpreter #552688 Please decide how Debian should enable hardening build flags

#665851 GNU parallel, name conflict with moreutils #573745 Please decide on Python interpreter packages maintainership

(79)

Constitution — decision making

golden rule

do-ocracy, no formal process

formally, decisions are taken by:1

1 _{developers as a whole}

ñ _with_{general resolutions}_{or elections}

2 _{the DPL}

3 _{the technical committee (CTTE)}

4 _{individual developers working on some task} _←_- _default 5 _{DPL delegates}

6 _{the project secretary}

(80)

General resolutions

decision making heavy weapon, not to be abused

used for project-wide decisions and position statement folklore: “thou shalt not use GRs for technical decisions”

1 _{initial proposal}

ñ _{post to the}_debian-vote_{mailing list}

ñ _requires_seconds_{, depend on n. of developer}

2 discussionperiod

ñ _{might lead to alternative proposals} ñ _{can put “on hold” decisions of any body}

3 _{vote with Condorcet-based method} 4 single winner

ñ _{super majority (3:1) required to change Foundation Documents}

(81)

Voting method

Definition (Condorcet winner)

A candidate that would win majority against anysingleother candidate.

If there is a Condorcet winner, it will win in anyCondorcet methodelection

Debian:Schulze method(most popular Condorcet method) Sample ballot:

[4] bar [2] baz [1] foo [2] quux

[3] None Of The Above

foo 14.11 baz 9.62 1 9 8 quux 1.19 3 4 0 bar 7.62 1 4 7

None Of The Above 3 6 7 2 8 7 3 3 6 3 4 3 0 2 7 9 3 1 8

(82)

Secretary

appointed conjointly by DPL and incumbent secretary responsible for election procedures

ñ _{de facto}_{authority for Constitution interpretation in electoral}

matters

maintains and run the voting softwaredevotee

ñ _{voting artifacts (software, ballots, etc.) available for review} ñ _{software allows to rerun and verify election results, e.g.:}

« http://www.debian.org/vote/2010/vote_001_tally.txt

Pop quiz: e-voting

(83)

Secretary

appointed conjointly by DPL and incumbent secretary responsible for election procedures

ñ _{de facto}_{authority for Constitution interpretation in electoral}

matters

maintains and run the voting softwaredevotee

ñ _{voting artifacts (software, ballots, etc.) available for review} ñ _{software allows to rerun and verify election results, e.g.:}

Pop quiz: e-voting

(84)

Fiscal sponsorship

DoFree Software projectsexist in the “real world”, the one made of money, laws (and lawyers), taxes, etc?

They do have needsthat relate them to it, e.g.: receive (tax exempt)donations

ñ _{. . . and provide (tax deductible) receipts} ownhardware, potentially expensive

ñ _{Debian hardware cost per year: 29’000 USD}

owncopyrightandtrademarks

ñ _{that might want/need to enforce. . .}

use donated money toreimburse or pay developers developers mightget sued

ñ _{$evil_proprietary_software_company} ñ _{patent trolls}

(85)

Fiscal sponsorship

DoFree Software projectsexist in the “real world”, the one made of money, laws (and lawyers), taxes, etc? They do have needsthat relate them to it, e.g.:

receive (tax exempt)donations

ñ _{. . . and provide (tax deductible) receipts}

ownhardware, potentially expensive

ñ _{Debian hardware cost per year: 29’000 USD}

owncopyrightandtrademarks

ñ _{that might want/need to enforce. . .}

use donated money toreimburse or pay developers developers mightget sued

ñ _{$evil_proprietary_software_company} ñ _{patent trolls}

(86)

Fiscal sponsorship (cont.)

Definition (Fiscal sponsorship)

Fiscal sponsorship is the practice of non-profit organizations (NPO) to offer legal and tax-exempt status to groups related to the organization’s missions.

By extension, in Free Software it commonly refers to providing all the “real world”-related needs that a project needs.

high-profile FOSS projects have set up their own NPO but it is a lot of work!

. . . and hackers are not necessarily good at it

umbrella organizationsthat do fiscal sponsorship for Free Software projects are more and more common, e.g.:

ñ _{Software Freedom Conservancy,}_{http://sfconservancy.org/}

ñ _{Software in the Public Interest (SPI)}_,_{http://spi-inc.org/}

(87)

Trusted Organization

1997 Debian founds SPI for the needs of Free Software projects

ñ _{including Debian itself, but with the usual “give back” intent}

1998 the Constitution entrusts SPI to handle Debian assets 2006 Constitution amended to not special case SPI

introducing the notion of. . .

Trusted Organizations (TO):

hold assets “in trust” for the Project

ñ _{DPL as liaison / decision maker}

link with the real bureaucratic world

ñ _{donations, legal advice, tax exemption, reimbursements, . . .}

(88)

Day to day organization: teams!

Luckily, day to day organization is much easier and more informal: http://wiki.debian.org/Teams/

teams grow as jobs get bigger

some “core teams” are DPL delegates, most are not examples

ñ _{packaging teams for related packages} ñ _ftp-master ñ _{release team} ñ _{security team} ñ _{kernel team} ñ _{debian-installer} ñ _debian-cd ñ _{. . .}

(89)

Joining — an ethical moment

1993 as most FOSS projects, Debian incubated as 1-man-show 1994 Debian manifesto to explain Debian values

1995–1997 easy to join: send a mail!

small numbers, project members in the tens 1998-1999 ethic crisis

we need manpower!

new developers accepted too quickly disagreement oncore values

to be more competitive with other distros,

we should acceptnon-freecomponents

(lack of neededtechnical skills)

Debian Account Manager (DAM)stops accepting new members

(90)

Joining — an ethical moment (cont.)

1999 creation of theNM (New Maintainer) processandNM teamto accept new members

DPL stated requirements to be on the NM team (excerpt): - needs to have a *strong* opinion for free software - needs to have a *strong* opinion for free software - he needs to know what he’s doing,

that new people need some guidance,

we have to prevent ourselves from trojans, etc. - we need to trust him more than we trust *any* other

active person

- he *has to* understand that new-maintainer is *more* than just creating dumb accounts on N machines

References

Gabriella Coleman,Three Ethical Moments in Debian,

(91)

NM Process

http://www.debian.org/devel/join/newmaint

1 _{identification}

ñ _{via GPG key, available in the}_{Web of Trust (WoT)} ñ _{signed by at least 2 project members}

ñ _{correspondence: Internet identity}_↔_{real person} ñ _{Debian people: largest connected group in the WoT}

2 _{assignment of an}_{Application Manager (AM)}

ñ _{both mentoring and examination}

ñ _{requirement: not a newbie project member}

3 _{philosophy & procedures}

ñ _{adherence to project core values}

ñ _{license/legal knowledge}

ñ _{knowledge of common procedures} ñ _{Q&A via email}

(92)

NM Process (cont.)

http://www.debian.org/devel/join/newmaint

4 _{tasks and skills}

ñ _{technical (packaging or other) ability}

ñ _with_{evidence of previous work}→trivial

5 _{DAM review & approval}

ñ _{DAMs are DPL delegates, (indirect) formal blessing of new}

members by the Project as a whole

ñ _{special casing in the Constitution:}

Leader’s Delegates [. . . ] may make certain decisions which the Leader may not make directly, including approving or expelling Developers

6 account creation

(93)

Diversity

The Debian Project is an association of individuals who have made common cause to create a free operating system.

but you have the New(Package) Maintainerprocess is that a problem?

Yes

technical: there’smuch more than packagingto a Free OS ñ _{translation, infrastructure, porting, bug triaging, artwork,}

communication, management, testing, legal advice, QA, . . . ethical: first/second class citizen split

ñ _no_{sense of belonging}_{for non-packagers results in lack of} motivation

(94)

Diversity

The Debian Project is an association of individuals who have made common cause to create a free operating system.

but you have the New(Package) Maintainerprocess is that a problem?

Yes

technical: there’smuch more than packagingto a Free OS

ñ _{translation, infrastructure, porting, bug triaging, artwork,}

communication, management, testing, legal advice, QA, . . .

ethical: first/second class citizen split

ñ _no_{sense of belonging}_{for non-packagers results in lack of}

(95)

Diversity (cont.)

2010 GR “Debian project members”

to become a Project member, all contributions count http://www.debian.org/vote/2010/vote_002

2011 rename: New Maintainer (NM) Process→New Member

2012 GR “Diversity statement”

The Debian Project welcomes and encourages participation by everyone.

No matter how you identify yourself or how others perceive you: we welcome you. We welcome contributions from everyone as long as they interact constructively with our community.

While much of the work for our project is technical in nature, we value and encourage contributions from those with expertise in other areas, and welcome them into our community.

(96)

Diversity (cont.)

2010 GR “Debian project members”

to become a Project member, all contributions count http://www.debian.org/vote/2010/vote_002

2011 rename: New Maintainer (NM) Process→New Member 2012 GR “Diversity statement”

The Debian Project welcomes and encourages participation by everyone.

No matter how you identify yourself or how others perceive you: we welcome you. We welcome contributions from everyone as long as they interact constructively with our community.

While much of the work for our project is technical in nature, we value and encourage contributions from those with expertise in other areas, and welcome them into our community.

(97)

Organization — putting it all together

Users Developers elect Officers appoints appoints Project leader Project secretary Technical committee appoints/approves Release team FTP masters Security team Press contacts Administrators etc. Delegates Maintainers / porters etc. etc. CD team Web/list/...masters Policy group Quality assurance Documentation / i18n teams DAM NM team / advocates apply applicants

approve

(98)

Outline

(99)

Package lifecycle

The most important processes in Debian derive from thepackage lifecycle, which follows packages fromupstreamsoftware creation, throughpackaging, to final users of one or more of Debiansuites (orpackage repositories).

Relatedhuman processes are documented extensively in theDebian Developer’s Reference:

(100)

UpStream Sources Security Patches Security Team Security incoming

(Manual) package upload automatic processing special/optional process Standard process

BTS

package installationLegend maintenance responsibility exchange help, discussion submission, notification builds incoming developer/ maintainer packaging power user/ developer user/ production unstable testing frozen by RM testing unstable stable stable proposed updates proposed updates security updates bystable RM

semi officialrepository

human/ group transitionalstate

stable-updates (ex volatile)

backports experimental

(101)

Quality Assurance (QA)

How do you do quality in a large volunteer project?

Pitfalls:

no “I’ll fire you” or monetary levers

people might (and will) disappear without notice strong opinions

“thou shalt not touchmypackage” a pinch of anarchy

(102)

The Debian Policy Manual

AKA “the Policy”

specification-like manual describingexpectationson Debian artifacts (in particular: packages)

ñ _structure_{of the archive, source, and binary packages}

ñ _semantics_{of package metadata}

ñ _{expectations on}_{package installation}_and_{maintainer scripts}

ñ _{file system}_{logical structure (FHS)}

ñ _{OS design}_{issues: service invocations, shared libraries, . . .}

maintained by thepolicy auditors, who are DPL delegates failure to respect the Policy→ RC bugs

(103)

Testing packages

How do you enforcepolicy?

user testing→bug reports (fundamental contribution in FOSS!)

testingsuite

ñ _{lack of compliance, among other reasons, keep packages out}

automated testing

ñ _lintian_{— automated policy compliance checker}

http://lintian.debian.org/

ñ _piuparts_{— stress testing of package installation expectations}

http://piuparts.debian.org/

ñ _periodic_{archive-wide rebuilds} References

Lucas Nussbaum,Rebuilding Debian using distributed computing, CLADE’09,http://dl.acm.org/citation.cfm?id=1552318

Noautomated bug filing(false positive will waste volunteer time and upset people), rather manual review + bug report.

(104)

QA Team

http://qa.debian.org

Loosely defined team: “every DD is in the QA Team”

Rather, a discussion place for people interested in distro-wide QA More generally: interested inthe distro as a whole

Maintainers of the QA infrastructure:

DDPO:http://qa.debian.org/developer.php?login=zack PTS:http://packages.qa.debian.org/o/ocaml.html http://lintian.debian.org/

http://piuparts.debian.org/ rebuild scripts (now in “the cloud”!) . . .

(105)

The

Maintainer

field

in the beginning, it was the base system then theMaintainerfield

Package: git

Version: 1:1.7.10-1

Maintainer: Gerrit Pape <[email protected]>

Architecture: amd64 Pros:

it gives pride and motivations “wow, you maintain THAT!”

Cons:

create islands, increase barriers to contributions agile methods say “fight strong code package ownership”

what if a maintainer disappears?

(106)

Missing In Action (MIA)

Given enough volunteers,

someone will eventually disappear without notice.

You can’tassumethey are gone; might be simply busy with RL. You can’t do nothing: blocks others, andfrustrates volunteers. MIA process/ MIA team:

big brother like tracking of developers activities periodic, cadenced pings

package orphaningin the end

still much more work than in theresponsible leavescenario

References

Martin Michlmayr,Managing volunteer activity in free software projects, USENIX 2004 (Freenix track),

http://static.usenix.org/publications/library/proceedings/ usenix04/tech/freenix/full_papers/michlmayr/michlmayr_html/

(107)

Non Maintainer Uploads (NMU)

You’ve found a serious issue in a package and a fix is available. How do you deploy it?

via maintainer:

1 _{report bug+patch} 2 _{wait maintainer reacts} 3 _{eventually: upload}

What if the maintainer is MIA? What is the community impact?

NMU:upload performed by people other than the official maintainer

very effective in reducing volunteer inertia

lot of care needed to avoid upset people and bad publicity to the process

ñ _{principle: NMU to help}

fellow developers

ñ _{make it easy to integrate}

your work

(108)

Non Maintainer Uploads (NMU) (cont.)

References:

http://www.debian.org/doc/manuals/developers-reference/ pkgs.html#nmu

ñ _{note the care in avoiding to upset and/or undermine the}

authority of the legitimate maintainer

ñ _{volunteer work is to be cherished, until it gets in the way of the}

work of other volunteers

a (successful) experiment in dispelling NMU’s bad publicity: http://upsilon.cc/~zack/hacking/debian/rcbw/

Exercise

Where does the need for the NMU process come from? Why is it not needed in other large Free Software projects?

(109)

Outline

(110)

Interlude

— derivatives how to

Free Software 101 — reminder

3 The freedom toredistribute copiesso you can help your

neighbor.

4 _{The freedom to}_distribute_{copies of your}_{modified versions}_to

others.

When applied to distros: derived distributions, AKAderivatives

How? 1 take existing packages and add your extras 2 _{patch & rebuild packages as needed}

(111)

Derivatives are game changers

Derivatives have changed the way in which distros are made derivatives’ focus is oncustomization

people power is needed “only” for that

everybody wins(if done properly)

derivative: massive reuse of packaging work “mother” distro: reach out to new public

(112)

Debian derivatives

Debian: a base for≈140 active derivatives — distrowatch.com

Tucunare, LinEx, Inquisitor, Grml, UniventionCorporateServer, Vanillux, Emdebian, Crunchbang, PureOS, StormOS, Ubuntu,

GNUSTEP, gNewSense, Debathena, Maemo, LMDE, SPACEflight, BCCD, Bayanihan, semplice, ArchivistaBox, Knoppix, Tails, BlankOn,

AlienVault-OSSIM, DoudouLinux, Vyatta, Symbiosis, VoyageLinux, Lihuen, LinuxAdvanced, Aptosid, Canaima, siduction,

ZevenOS-Neptune, BOSSlinux, Parsix, AstraLinux, ProgressLinux, Finnix, SprezzOS, CoreBiz, Epidemic-Linux, MetamorphoseLinux , . . .

Why? quality & licensing assurances solid base system

huge package base

(113)

A Debian derivative example: Ubuntu

started in 2004 by Canonical target: desktop

Debian derivative

very popular (15–20x Debian?) historical/past correlations

main ↔ corporate universe ↔ community

ñ _{heavily customized/forked in main} ñ _{very close to Debian elsewhere}

sprouting its own derivatives (≈80)

ñ _{. . . as Debian}_transitive_derivatives

Debian

Ubuntu

Upstream

Patch

74%

15%

11%

(114)

Do you Debian?

Ubuntu appears to be the most customized Debian derivative other derivs.⇒much larger amount ofpristineDebian packages

Tucunare, LinEx, Inquisitor, Grml, UniventionCorporateServer, Vanillux, Emdebian, Crunchbang, PureOS, StormOS, Ubuntu, GNUSTEP, gNewSense, Debathena, Maemo, LMDE, SPACEflight,

BCCD, Bayanihan, semplice, ArchivistaBox, Knoppix, Tails, BlankOn, AlienVault-OSSIM, DoudouLinux, Vyatta, Symbiosis,

VoyageLinux, Lihuen, LinuxAdvanced, Aptosid, Canaima, siduction, ZevenOS-Neptune, BOSSlinux, Parsix, AstraLinux,

ProgressLinux, Finnix, SprezzOS, CoreBiz, Epidemic-Linux, MetamorphoseLinux , Debian, Xubuntu, Linux Mint, Ubuntu Studio, Mythbuntu, ArtistX, Asturix, Peppermint OS, TurnKey

Linux, Kubuntu, Caixa Mágica, Lubuntu , . . .

if you are running a Debian (transitive) derivative, chances areyou heavily depend on Debianand on its well-being

(115)

The distribution pipeline

yesterday . . .

(116)

The

new

distribution pipeline

(117)

The

new

distribution pipeline

. . . today

That’s wonderful!

freedomspreads

moreeyeballsswallow more bugs more potentialcontributors

But.

should besustainable toeverybody’s benefit

(118)

Derivative pitfalls

are derivatives always useful?

ñ _{similar to: are}_fork_{useful in Free Software?}

(119)

Looking back: a derivatives crisis

http://xkcd.com/523/

Aug 1993 Debian birth

Jul 1997 Debian Social Contract Mar 2004 Canonical birth

Oct 2004 Ubuntu Warty release Apr 2005 Ubuntu Hoary release

Jun 2005 Debian Sarge release (after a long delay) 2006–2007 The Big Crisis™

Debian: “Ubuntu is not giving back!”

Debian: “Ubuntu is taking all the credit!”

Ubuntu: “Debian is not easy to work with”

Ubuntu: “Debian is hostile to us”

2008 getting better, signs of mutual interest in collaboration 2009 failed release coordination results in new crisis

(120)

A Debian-ic vision of derivatives

2010 propose a Debian-compatible vision of derivatives present it toboth(making headlines)

Free Software is bigger

and more important

than Debian and any other distro or project

1 _{give back}_{, i.e. reduce patch flow viscosity} 2 _{give credit}_{where credit is due}

(121)

Implementing that vision

Derivatives Front Desk wiki.debian.org/DerivativesFrontDesk

contact point and discussion place

make emerge a critical mass of DDs interested in collaboration

Debian dErivatives eXchange (DEX) dex.alioth.debian.org

short-lived cross-distro projects to merge back changes visible progress

Derivatives Census wiki.debian.org/Derivatives/Census

gather detailed information about derivatives useful for QA and for relationship development “patches.ubuntu.com” equivalent for all derivatives

Solutions forallderivatives, obtained generalizing lessons learned from the Debian↔Ubuntu experience.

(122)

Early results

4/2010 6/2010 8/2010 10/2010 12/2010 2/2011 4/2011 6/2011 8/2011 0 20 40 60 80 100 120 140 Patches Average

forwarded Ubuntu→Debian patches per month; source: Debian BTS

increase inforwarded patches

new “upstream first”guidelines for new packages(in Universe) more Ubuntu peoplegetting involved in Debianas DMs/DDs

(123)

Outline

7 _{Appendix: packaging tutorial}

(124)

About this tutorial

Goal:tell y