On Tue, Jun 21, 2011 at 05:26:03PM +0200, Stefano Zacchiroli wrote: > I've been invited to deliver a speech at the next GNU Hackers Meeting, > which will take place in Paris (France) from August 25th to August > 28th. The people who invited me are interested in the workflow of > patches from final users to upstreams, possibly passing through > derivatives, that I've presented in various talks before.
So, on August 26th, I've attended the GNU Hackers Meeting (GHM) in Paris [1]---helped by the fact that it was taking place two doors away from my office. I've delivered an invited talk there as well as discussed at length the relationship among Debian and GNU, with GHM attendees. This is the promised report about that experience. [1] http://www.gnu.org/ghm/2011/paris/ Talk ==== I've given a talk entitle "Debian in context: distributions, upstreams, and downstreams". Slides are available [2]. A video recording, encompassing the talk and its lengthy discussion session, will be available soon, probably linked from GHM main page [1]. In the talk I went through generalities about distros, Debian, and our peculiar position and role in the ecosystem of Free Software. In particular, I've discussed the fact that Debian is a distro with many downstream and how our history with derivatives has made us experience some of the troubles that software upstream experience daily with *their* downstreams. I've then discussed the responsibilities of each player in the Free Software distribution "pipeline", skimming through most of the material included in our guide for upstreams [3]. [2] http://upsilon.cc/~zack/talks/2011/20110826-ghm.pdf [3] http://wiki.debian.org/UpstreamGuide GNU as a Debian upstream ======================== In the final part of the talk (slides 20-23), I've presented the results of my call for feedback about GNU as an upstream [4]. [ This is a good chance to thank all of the respondents, given that I haven't done so individually with each of them: thanks! ] 15 people have took part into that, either on list or in private mail to me, which I consider to be a very good amount. [4] http://lists.debian.org/debian-project/2011/06/msg00036.html Let's start with the good part of the feedback I've got. With a 4:1 ratio, Debian participants feel that the relationship with GNU as an upstream are good, on average better than with other "random" upstreams. Some more specific highlights from people in the "relationships are good" camp are: - we find GNU maintainers to be very responsive - GNU maintainers care about licensing and copyright as much as we do, hence maintaining GNU software is usually less work, at least on the front of legal-ish checking - several GNU maintainers are Debian users themselves, which helps - we seem to have tight relationships with some of the GNU-backed Debian derivatives, which helps in fostering cross-distro collaboration Now for the bad part of the feedback I've got. Different positions on the free-ness of GFDL with invariant sections is (unsurprisingly) the most common offender among issues we have in dealing with GNU as an upstream. Itt's been invariably reported by any Debian participant, even by those that otherwise consider relationships with GNU very good. I've explained to attendees why it's a pain for us and how, ironically, it tends to encourage usage of non-free repositories on their systems (see below for discussion on this topic). Other miscellaneous dark spots in relationships with GNU have been: - there is GNU software out there which appears to be, to us as downstream, unmaintained or at least to have unresponsive maintainers. To mitigate the problem, we would appreciate if the GNU project could push a bit more strongly on the adoption of an open BTS for all GNU software. That would go a long way, at least, in exposing maintenance issues - some people reported a perceived lack of transparency in specific technical choices by GNU, most notably on technology blessing statements such as "$foo is the official GNU $bar" - some people reported unwillingness to maintain in Debian pieces of GNU software that require copyright assignment for significant contributions - some people reported the pain of dealing with security issues in GNU software related to the fact that GNU lacks a central security contact; ideally such a contact should be able to deal with embargoed issues, as well as coordinate security updates for GNU software, even when the corresponding maintainer is MIA - as a misc/minor issue, some people reported the pain of dealing with Savannah interface All in all, many of the above issues seem to hint as heterogeneity in the maintenance practices and quality of GNU software. This is a problem we know very well in Debian: we tend to have the same heterogeneity in the maintenance practices and quality of Debian packages. We probably can learn quite a bit from each other on this front. I've concluded the talk observing that, barring our differences, GNU and Debian seem to have a common goal: creating a UNIX-like operating system able to grant users basic software freedom, we just work toward that goal by different means --- GNU by developing Free OS components, Debian by assembling existing Free components coming from GNU and other upstreams. Relationship with GNU - discussion ================================== We then moved to a Q/A and discussion session, that has been as long as the talk itself (about 40 minutes each). During that session various topics have been covered, here are some notes about them: - GFDL (w/ invariant sections) has been a very interesting discussion. There is way more heterogeneity among GNU hackers about GFDL --- and FWIW also about other GNU/FSF political positions --- than I imagined. There are people among GNU hackers defending it as a fully Free license, as per official position of GNU (and FSF). But there are also many people in agreement with Debian positions. I don't think neither Debian nor GNU/FSF will change their respective positions, this is steel very good news. Many GNU maintainers are willing to work with us to ease the pain of the status quo by either re-licensing problematic documentation (when it is in their power to do so) or to split it away when, according to their judgement as maintainers, it is content that simply does not belong there. So, the message I promised to forward is this: if you're maintaining some GNU software with problematic GFDL content, please make sure you've verified with the corresponding GNU maintainer if something can be done about it. Just avoid assuming that "because it's GNU" nothing can be done about it. Maybe it is possible to do something and maybe the GNU maintainer will be happy to help you out. Maybe not. But it's worth a try. - The point about the lack of a central security contact has been very well received. I've been explicitly told that, as a consequence of us making that point at GHM, GNU hackers are now considering setting up such a security team. - It is clear that we should do more to reach out to our upstreams. We've important resources for them, that they will like, but they are not necessarily known. The prominent example is PTS subscriptions, that allow upstreams to follow what happen to "their" software in Debian. GNU people who didn't know about it yet loved it! - We need some doc on how to hack on Debian packaging targeted at upstream. They are technical people, but they do not necessarily want to learn all of Debian packaging quirks before being able to hack on "their" Debian packages, possibly with the goal of helping Debian maintainers debugging some issues with the software in Debian. - There are upstreams filing RFPs for their software, but as we all know RFPs often don't work. No magic solution here: RFPs work when there is people willing to do the work; they don't work otherwise. - There is interest in the possibility of maintaining unofficial packages *for* Debian (as in PPA, when used for external reasons). I've explained that we're working on something like PPA, but also pointed out that we are more interested in internal usage of that, given quality concerns about packages created by "random" people. - I've explained what upstreams of tons of "similar" software (e.g. CPAN-like archives) can do to help downstreams, for instance by adopting standard ways to build/install/test software packages. - Regarding savannah issues, ... they agree with us :) Also, they have recently setup http://debbugs.gnu.org/ (yes, *that* debbugs) and they are in the process of encouraging all GNU maintainers to use it as BTS for GNU software. - To conclude on a more political note, I've been explicitly asked to proxy the message that many among GNU hackers are aware of existing issues in the GNU project and its governance (including issues Debian might have faced) and that they are trying to fix them. But it takes time to do so and it's not easy for them to do, due to the lack of Constitution and other democratic structures that we luckily have in Debian. I've been asked to convey this message to increase the good will among the projects and I'm happy to have just done so. After this experience, it is striking for me how much we have in common with GNU (ideally, culturally, socially, etc.) and at the same time how harsh can our "family battles" become at a times. Let's avoid that the remaining differences get too much in the way, especially when that can be easily avoided. Cheers. -- Stefano Zacchiroli zack@{upsilon.cc,pps.jussieu.fr,debian.org} . o . Maître de conférences ...... http://upsilon.cc/zack ...... . . o Debian Project Leader ....... @zack on identi.ca ....... o o o « the first rule of tautology club is the first rule of tautology club »
signature.asc
Description: Digital signature