Dear all,
Thank you all for the very fruitful discussion yesterday!
Jörg, thank you for providing valuable insights into how the FTP team works. It would be great to document this knowledge somewhere—perhaps in the Wiki or RST.
Here are some notes from the meeting. Luke, thanks for setting up the technical infrastructure for it.
================
FTP meeting workshop held on July 12, 2025., 14:00 - 15:00, Debconf25
What Was Discussed
The
meeting focused on addressing concerns within the Debian community
regarding the FTP team's operations, particularly the delays in
processing new packages.
Key discussion points included:
- FTP Team Responsibilities:
The team's work is divided into three main areas:
- Running the Archive: This includes day-to-day operational tasks, managing software releases, and fixing issues like broken packages.
- Coding:
Maintaining and improving the Debian Archive Kit (DAK), the software
that runs the archive. The code is mostly Python, SQL, and Perl.
- New Package Processing: Reviewing new software submissions to ensure they meet Debian's standards for licensing and copyright.
- New Package Processing Delays:
it
was acknowledged that new packages often wait a long time
in the queue.
This delay is a significant point of frustration for Debian
contributors.
- Causes for Delays:
The delays are attributed to several factors:
- Manual Review: Every file in a new package is checked manually by a team member to ensure it complies with Debian's legal and technical rules.
- Legal Uncertainty:
The current review process is based on US export laws that may no
longer be relevant. The team is waiting for final legal guidance before
changing its procedures.
- Technical Bottleneck:
All processing happens on a single, central server ("FTP master host").
This makes it difficult to grant access to more people and scale up the
review work.
- Communication:
The
FTP team is often perceived as a "black box" because contributors have
little visibility into
the status of their submitted packages. While
it's possible to ask for updates on IRC, many people are not aware of
this or are hesitant to do so.
- The
main proposed solution is to move the new package processing work to a
separate host. This would allow more people to safely participate in
reviews without needing access to the critical main archive server.
- There
was a strong call to improve transparency by documenting the team's
internal processes on a public platform like the Debian Wiki.
Existing Problems
- The new package review process is slow and acts as a bottleneck for Debian contributors.
- There is a lack of communication and transparency about the status of packages in the review queue.
- The
current technical architecture, which relies on a single host, makes it
difficult to onboard new team members and improve processing times.
- Progress on redesigning the review process is blocked by the need for updated legal guidance on export laws.
- More developers are needed to help maintain and modernize the archive software.
Action Items
- Finalize Legal Questions:
Formulate and send the necessary questions to lawyers to get clear
guidance on current legal requirements, which will unblock changes to
the review process.
- Improve Documentation: Create public documentation on the Debian Wiki (or RST-Markdown doc) explaining the FTP team's workflow, especially the new package review process, to increase transparency.
- Plan for Technical Migration:
Begin the technical work to separate the new package processing queue
from the main FTP host. This involves modifying the process upload and
process new components of the archive software.
- Recruit More Help:
Create a clear, public list of tasks and needed features to encourage
more people to contribute to coding and improving the archive tools.