[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

report from GNU hackers meeting 2011

On Tue, Jun 21, 2011 at 05:26:03PM +0200, Stefano Zacchiroli wrote:
> I've been invited to deliver a speech at the next GNU Hackers Meeting,
> which will take place in Paris (France) from August 25th to August
> 28th. The people who invited me are interested in the workflow of
> patches from final users to upstreams, possibly passing through
> derivatives, that I've presented in various talks before.

So, on August 26th, I've attended the GNU Hackers Meeting (GHM) in Paris
[1]---helped by the fact that it was taking place two doors away from my
office. I've delivered an invited talk there as well as discussed at
length the relationship among Debian and GNU, with GHM attendees. This
is the promised report about that experience.

[1] http://www.gnu.org/ghm/2011/paris/


I've given a talk entitle "Debian in context: distributions, upstreams,
and downstreams". Slides are available [2]. A video recording,
encompassing the talk and its lengthy discussion session, will be
available soon, probably linked from GHM main page [1].

In the talk I went through generalities about distros, Debian, and our
peculiar position and role in the ecosystem of Free Software. In
particular, I've discussed the fact that Debian is a distro with many
downstream and how our history with derivatives has made us experience
some of the troubles that software upstream experience daily with
*their* downstreams. I've then discussed the responsibilities of each
player in the Free Software distribution "pipeline", skimming through
most of the material included in our guide for upstreams [3].

[2] http://upsilon.cc/~zack/talks/2011/20110826-ghm.pdf
[3] http://wiki.debian.org/UpstreamGuide

GNU as a Debian upstream

In the final part of the talk (slides 20-23), I've presented the results
of my call for feedback about GNU as an upstream [4]. [ This is a good
chance to thank all of the respondents, given that I haven't done so
individually with each of them: thanks! ] 15 people have took part into
that, either on list or in private mail to me, which I consider to be a
very good amount.

[4] http://lists.debian.org/debian-project/2011/06/msg00036.html

Let's start with the good part of the feedback I've got. With a 4:1
ratio, Debian participants feel that the relationship with GNU as an
upstream are good, on average better than with other "random"
upstreams. Some more specific highlights from people in the
"relationships are good" camp are:

- we find GNU maintainers to be very responsive

- GNU maintainers care about licensing and copyright as much as we do,
  hence maintaining GNU software is usually less work, at least on the
  front of legal-ish checking

- several GNU maintainers are Debian users themselves, which helps

- we seem to have tight relationships with some of the GNU-backed Debian
  derivatives, which helps in fostering cross-distro collaboration

Now for the bad part of the feedback I've got.  Different positions on
the free-ness of GFDL with invariant sections is (unsurprisingly) the
most common offender among issues we have in dealing with GNU as an
upstream. Itt's been invariably reported by any Debian participant, even
by those that otherwise consider relationships with GNU very good. I've
explained to attendees why it's a pain for us and how, ironically, it
tends to encourage usage of non-free repositories on their systems (see
below for discussion on this topic).

Other miscellaneous dark spots in relationships with GNU have been:

- there is GNU software out there which appears to be, to us as
  downstream, unmaintained or at least to have unresponsive maintainers.
  To mitigate the problem, we would appreciate if the GNU project could
  push a bit more strongly on the adoption of an open BTS for all GNU
  software. That would go a long way, at least, in exposing maintenance

- some people reported a perceived lack of transparency in specific
  technical choices by GNU, most notably on technology blessing
  statements such as "$foo is the official GNU $bar"

- some people reported unwillingness to maintain in Debian pieces of GNU
  software that require copyright assignment for significant

- some people reported the pain of dealing with security issues in GNU
  software related to the fact that GNU lacks a central security
  contact; ideally such a contact should be able to deal with embargoed
  issues, as well as coordinate security updates for GNU software, even
  when the corresponding maintainer is MIA

- as a misc/minor issue, some people reported the pain of dealing with
  Savannah interface

All in all, many of the above issues seem to hint as heterogeneity in
the maintenance practices and quality of GNU software. This is a problem
we know very well in Debian: we tend to have the same heterogeneity in
the maintenance practices and quality of Debian packages. We probably
can learn quite a bit from each other on this front.

I've concluded the talk observing that, barring our differences, GNU and
Debian seem to have a common goal: creating a UNIX-like operating system
able to grant users basic software freedom, we just work toward that
goal by different means --- GNU by developing Free OS components, Debian
by assembling existing Free components coming from GNU and other

Relationship with GNU - discussion

We then moved to a Q/A and discussion session, that has been as long as
the talk itself (about 40 minutes each). During that session various
topics have been covered, here are some notes about them:

- GFDL (w/ invariant sections) has been a very interesting
  discussion. There is way more heterogeneity among GNU hackers about
  GFDL --- and FWIW also about other GNU/FSF political positions ---
  than I imagined. There are people among GNU hackers defending it as a
  fully Free license, as per official position of GNU (and FSF). But
  there are also many people in agreement with Debian positions. I don't
  think neither Debian nor GNU/FSF will change their respective
  positions, this is steel very good news. Many GNU maintainers are
  willing to work with us to ease the pain of the status quo by either
  re-licensing problematic documentation (when it is in their power to
  do so) or to split it away when, according to their judgement as
  maintainers, it is content that simply does not belong there.

  So, the message I promised to forward is this: if you're maintaining
  some GNU software with problematic GFDL content, please make sure
  you've verified with the corresponding GNU maintainer if something can
  be done about it. Just avoid assuming that "because it's GNU" nothing
  can be done about it. Maybe it is possible to do something and maybe
  the GNU maintainer will be happy to help you out. Maybe not. But it's
  worth a try.

- The point about the lack of a central security contact has been very
  well received. I've been explicitly told that, as a consequence of us
  making that point at GHM, GNU hackers are now considering setting up
  such a security team.

- It is clear that we should do more to reach out to our upstreams.
  We've important resources for them, that they will like, but they are
  not necessarily known. The prominent example is PTS subscriptions,
  that allow upstreams to follow what happen to "their" software in
  Debian. GNU people who didn't know about it yet loved it!

- We need some doc on how to hack on Debian packaging targeted at
  upstream. They are technical people, but they do not necessarily want
  to learn all of Debian packaging quirks before being able to hack on
  "their" Debian packages, possibly with the goal of helping Debian
  maintainers debugging some issues with the software in Debian.

- There are upstreams filing RFPs for their software, but as we all know
  RFPs often don't work. No magic solution here: RFPs work when there is
  people willing to do the work; they don't work otherwise.

- There is interest in the possibility of maintaining unofficial
  packages *for* Debian (as in PPA, when used for external reasons).
  I've explained that we're working on something like PPA, but also
  pointed out that we are more interested in internal usage of that,
  given quality concerns about packages created by "random" people.

- I've explained what upstreams of tons of "similar" software
  (e.g. CPAN-like archives) can do to help downstreams, for instance by
  adopting standard ways to build/install/test software packages.

- Regarding savannah issues, ... they agree with us :) Also, they have
  recently setup http://debbugs.gnu.org/ (yes, *that* debbugs) and they
  are in the process of encouraging all GNU maintainers to use it as BTS
  for GNU software.

- To conclude on a more political note, I've been explicitly asked to
  proxy the message that many among GNU hackers are aware of existing
  issues in the GNU project and its governance (including issues Debian
  might have faced) and that they are trying to fix them. But it takes
  time to do so and it's not easy for them to do, due to the lack of
  Constitution and other democratic structures that we luckily have in
  Debian. I've been asked to convey this message to increase the good
  will among the projects and I'm happy to have just done so.

After this experience, it is striking for me how much we have in common
with GNU (ideally, culturally, socially, etc.) and at the same time how
harsh can our "family battles" become at a times.  Let's avoid that the
remaining differences get too much in the way, especially when that can
be easily avoided.

Stefano Zacchiroli     zack@{upsilon.cc,pps.jussieu.fr,debian.org} . o .
Maître de conférences   ......   http://upsilon.cc/zack   ......   . . o
Debian Project Leader    .......   @zack on identi.ca   .......    o o o
« the first rule of tautology club is the first rule of tautology club »

Attachment: signature.asc
Description: Digital signature

Reply to: