Feeds

Debian, Ubuntu patching up rocky romance

Deb supremo speaks as devs link arms in ARM

Seven Steps to Software Security

Touchy feely time

I used FOSDEM to get a feel about the current state of Debian, and about relations with Ubuntu, recently rocky. According to Lars: "As far as I can see, Debian is doing well and is getting ready to freeze for release later this year, and I don't see anything on the radar to prevent that from happening." And that as to the Ubuntu relationship: "I hear it is getting better all the time." He pointed me to Zack for a more official point of view.

By email, Zack explained where he'd been putting his recent efforts: focusing on package quality "we release when it's ready", freedom, independence, no dictator/'owner'/capture. For the derivative distros, such as Ubuntu, and the 'transitive derivatives' - those two or more steps derived from Debian, recognising that they present Debian's efforts to a much wider audience and can focus on customisation (Ubuntu stands out on both counts).

He talked about making patches flow more easily back up from derivatives, and also being better about spreading the love, giving credit where it's due and remembering that "Free Software" is more important than any one of its individual parts.

I put it to Zack that he's doing a very touchy-feely social interaction job in a very techy world where most of us are not naturally life's extroverts with a high emotional IQ.

Zack told me: "That feeling of yours is correct. And it's also normal for the role of the DPL [Debian Project Lead]: I'm in charge of Debian 'politics', if you want, most of which is about interaction with representative[s] of other projects and communities which form the Free Software ecosystem in which Debian lives. I've been trying to show people why Debian role is important there, bringing facts with me.

"Regarding the techy part, I promised to the Debian community to put on hold my tech activities while in charge as DPL, and I've respected that (which has been very good for my mental health!)"

I asked what specific steps he'd taken to improve the working relationship with Ubuntu: was it management-speak and bonding sessions, or more write access into one another's repositories?

Myths dissolved

So far, he has collected Debian feedback on what was not working; presented it to Ubuntu to dispel some myths; presented a vision of why all communities should "do the right thing"; presented a vision of why Debian is important in part because it is at the root of an ecosystem of distributions; and participated in discussions with the Debian community on interaction with derivatives. This last point has seen Zack dispelling more myths and highlighting the good stuff received from derivatives. He says: "We too often tend to focus on the bad stuff only, ignoring the rest."

His new patch model improves the flow and reduces viscosity, and Lars' rethinking suggests some of the same lower friction and latency. Wouldn't a more incremental and automated approach that includes automatic testing on package/patch submission/update mean that some of those contributions would be able to jump the queue and be injected far closer to, well, Linus' repository in effect?

Zack disagreed. "We really want humans to triage patches and decide if they should be forwarded upstream or not. Not doing so would result in poor quality submission that would upset upstream; it would happen at the Debian-Ubuntu frontier pretty much as it would happen at the Other upstream-Debian frontier.

"What we want to encourage, at all steps, is a culture of doing the right thing for Free Software and work with your upstream so that they adopt your changes – if/when they are worthwhile," he said. ®

Mobile application security vulnerability report

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.