Re: Debian contributors looking for paid work on Squeeze LTS

[Raphael Hertzog <hertzog@debian.org>]

On Mon, 26 May 2014, Moritz Muehlenhoff wrote:
> > Details are probably best discussed privately but I would like something
> 
> Please CC team@security.debian.org for the initial discussion.

OK.

> There should be specific benefits to companies involved, e.g.
> companies participating should be able to indicate interest in a specific
> set of packages can be prioritised over other updates. Or allow customers
> to contribute test suites/test cases which are run as part of the QA.

Indeed. I had already thought of the possibility to give a list of
packages who should be prioritized but the idea of the test environment
is interesting as well.

Do some of the potential customers have other ideas of benefits that
you would be interested in?

We can obviously also have a public list acknowledging their support,
to give them a bit more exposure (much like traditional debconf sponsors).

> There were also a few sent to team@. Once the proposed setup is running
> we can remaining contacts.

OK.

> > Moritz (and other security team members), do you have any idea of how many
> > man-days per month of available workforce would be ideal to do a proper
> > job of maintaining squeeze-lts ?
> 
> That's difficult to judge. If someone compiles of list of all DSAs in 2014
> for squeeze (minus the ones which are unsupported in squeeze-lts) we can
> make a rough estimation based on that.

I'll see if I can come up with something.

That said, the number of DSA is interesting but maybe there are DSA that
have been skipped that we should have done. And if we get more workforce,
maybe we can further improve the level of security support? I know that
some updates are routinely skipped because they have a
low-impact/low-priority.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/