[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Glenn Strauss: Declaration of intent to become a DD, upl.



On Thu, Jan 21, 2021 at 03:52:17AM +0100, Mattia Rizzolo wrote:
> Hi,
> 
> On Thu, Jan 21, 2021 at 12:12:05AM -0000, Glenn Strauss (via nm.debian.org) wrote:
> > I would like to apply to change my status in Debian to Debian Developer, uploading.
> > Since 2016, I have been the primary contributor and maintainer of lighttpd (https://www.lighttpd.net/)
> 
> I see you only maintain lighttpd.  Why are you aiming for DD instead of
> DM in your case?  And if, you are effectively aiming for DD, why does it
> make sense for you to skip DM?
> As for the usual disclaimer, being a DM is not prerequisite, but it's
> best for us if there is a good reason to skip it.

While I "only" maintain lighttpd, being the primary developer is a lot
of work! :)  I also contribute to other open source projects and have
contributed patches in Apache, OpenSSL, wolfSSL, GnuTLS, Heimal
Kerberos, and more.

So why DD instead of DM?  I like to "use the source" to solve problems,
even in the code of others.

For example, the oldest blocking bug for Bullseye 
https://udd.debian.org/dev/bugs.cgi?release=bullseye&merged=ign&fnewerval=7&flastmodval=7&rc=1&sortby=id&sorto=asc&format=html#results
is something I looked into and have proposed solutions:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510368

I have also discussed with Helmut Grohne the possibility of me helping
to keep mbedTLS and wolfSSL more up-to-date with security patches in
Debian.

https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=972806

lighttpd 1.4.56 adds TLS options for mbedTLS, GnuTLS, NSS, wolfSSL
so I have an interest in having secure, up-to-date versions available.

> Also, your key has no signatures, so you should get some, or key
> endorsements.

I'll work on that.  This is a new key, which I created specifically
for me to use with signing commits on salsa.d.o.  The key is distinct
from the key that I use to sign lighttpd releases.

> BTW, you are using a different email address for your nm.d.o profile
> than the one you are using the lighttpd Uploaders field, is that
> something expected?  (I guess this is just an extension, but still,
> wanted to check ^^

For mailing lists and accounts, I generally use unique addresses, so
that if an account ever gets stolen or misused, I know which account to
change.  ...As a good Debian Developer who has read the Debian Machine
Usage Policies (DMUP), my future gps@d.o email will be used for
Debian-related things. :)  I have other email accounts for other email.

Cheers, Glenn

Attachment: signature.asc
Description: PGP signature


Reply to: