Thank you for that post. I agree completely.
----- Original Message ----- From: Leif W <[email protected]> To: "[email protected]" <[email protected]> Cc: Sent: Wednesday, December 5, 2012 6:48 AM Subject: Re: [Cherokee] Installing Cherokee Webserver and keeping it up-to-date On 12/4/2012 6:12 PM, Johannes Becker wrote: > It should be "we don't have a Debian packager, but Debian is an important > distro so we should advertise the fact that we'd appreciate help wherever we > can". Hello, I am just viewing from sidelines, trying to understand some things about this project. It's hard to keep track of current status regarding Debian package maintenance or general project direction, health, etc. I spent this evening searching around. Below are listed some observations. 14 months ago, 1.2.101 cycle starts, currently the highest release. 13 months ago Gunnar Wolf expresses an intent to stop maintenance. 8 months ago Leonel Nunez expresses an interest to take over maintenance. 6 months ago Leonel Nunez is listed as Bug owner, Gunnar Wolf still listed as Maintainer. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648256 2 months ago, email confusion between users and developers, seemed to indicate a strong anti-distribution attitude among developers. http://lists.octality.com/pipermail/cherokee/2012-October/015629.html 1 month ago, Christophe Drevet expresses an interest to assist package maintenance. Christophe, what results from your followup with Gunnar Wolf? http://lists.octality.com/pipermail/cherokee/2012-November/015664.html This month, same discussion going in circles? Please correct if I misunderstand, but I think there are some highlights of the discussion as well as general points to consider. 0) We are all here because we see something unique and valuable in this server project and wish it to thrive. For some (devs), this may mean it runs stable and that's all. For others (users), it means ease of install, so they can share the server experience with others. 1) With all due respect to the core Cherokee developers, it seems they only care about server code, not any distribution, maintenance of old code or any user related issues besides providing GIT read access and server functionality on their own systems. 2) Users may not agree with this view, but we must respect the developers' wishes. We all have limited time, and should put our energy where it will have the best results. They feel their energy is best spent on core code. 3) We as users are spoiled by larger projects that have separate teams for coding, web site, distribution, documentation, support, etc. We have no right to expect or demand all this from developers, any more than developers have a right to demand it of us. 4) If they wanted to, the developers could choose to adopt an attitude and use wording that invites people to help with other tasks to help expand the user base and attract more people to use their unique software with a goal of attracting top infrastructure and developers to their platform. 5) Also note, with more users comes more requests for support, which may stress developers and take time from development. 6) The project seems to lack an experienced Debian Package Maintainer who is familiar with the process of backporting. 7) Seems developers also have an aversion releasing tarballs or even patch level version bumps? (major.minor.patch 1.2.101) At least for the past 14 months? 8) Example of an issue that justifies backport (1.2.101 in unstable, 1.0.8 in stable)? Outstanding security bug in Debian, seems to have been fixed 18 months ago in Git (should be in 1.2.101)? http://www.openwall.com/lists/oss-security/2011/06/06/13 - Security issue found 18 months ago http://lists.octality.com/pipermail/cherokee/2011-June/014830.html - "Let's see what we can do", response on mailing list, nothing after, unclear if fully fixed or partially addressed. https://github.com/cherokee/webserver/commit/38fbdc9fb49ddae9fb92bdef34a7b2e3e499dc1f - most recent CSRF related GitHub commit comment, 18 months ago, (about 1 week or less from initial report). Not sure how to properly test this and confirm the fix. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661993 - Bug reported in Debian 9 months ago - no package changes made 9) Anti-release attitude gives impression that project is dead or at best case, fatally stagnated. May hinders efforts to maintain any packages for any distros. 10) Cherokee Project's Community page has been broken for months - Error 500 Internal Server Error http://www.cherokee-project.com/community.html 11) Cherokee Project's Contributor page states a marketing intent to spread the word to increase user base, however the developer's attitude is completely the opposite. 12) Cherokee Project's Contributor page also goes to lengths I have never seen for a GNU GPLv2 project, ever: the signing of a legal document, which seems to intend to fill some perceived gaps in the GPL, yet seems to be incompatible with the GPL. Anyways, great effort has been set forth to ensure that people can continue to use the code legally. Again, this seems at odds with the developer's attitude. Anyways, I am interested to learn how to do some Debian package maintainer tasks, but I would need a mentor, to show me each step of the process. I have some programming and sysadmin experience with Debian, but it's been a long time. I can set up a VirtualBox with Debian as a test environment. My focus would be to learn to backport, and push out a .deb package that has stable, secure code, but also to learn how to choose what changes to backport and what to ignore, for stable, testing, unstable or experimental, and to improve the test cases to ensure all major bugs can be properly tested. However, before I invest such energy to learn, I want to be comfortable with the project, not be fighting with users or developers. Just want to get something simple for a user to access, without wasting energy on politics or drama. Leif _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
