Re: Distributing software written by hostile upstream developers
On Thu, Sep 17 2009, Steve McIntyre wrote: On Thu, Sep 10, 2009 at 09:47:10AM -0500, Manoj Srivastava wrote: On Thu, Sep 10 2009, Steve McIntyre wrote: Well, what happens if somebody wants to maintain software where there is a strong set of opinion that we don't want it? In this case, I'd like to delegate the power to the ftpmasters to say so and reject from NEW etc. If we have a clear consensus that that would be OK then fine; otherwise I'd like to run this through the GR process to make sure the project as a whole agrees. It could be controversial, which is why I'm bringing this up now rather than via an argument after-the-fact... I would like to see more on how the ftpmasters (a small group of overworked people already tasked with too much) will be able to determine that there is a strong set of opinions that we do not want it (as opposed to a small vocal minority that vehemently opposes something -- we have had people violently opposed to things like HAL and udev)? Before we chose to override a DD's decision about their own package, there ought to be an objective criteria for that override, in my opinion. Sure, that sounds reasonable. What would you suggest as objective criteria? Well, given that this is all about personal opinions, the only objective criteria I can come up with is a measure of the popularity of sentiment against the package. We could attempt to measuer both, by a devotee straw-poll, for example. - [ ] I advocate the package - [ ] Dislike the package, but not enough to prevent it in Debian - [ ] Dislike the package, encourage the developer not to package it - [ ] Dislike the package, prevent it from entering the archive And then set up a criteria that the number of people opposing - + 0.25 * number of people deprecating it number of people advocating it some threshold in terms of Q. By setting up the criteria for the strength of opposition upfront, we preclude arguments about bias against a specific individual from clouding the issue. However, I am not part of the group you have evidently discussed this with, and am no aware of the rationale and motivation that might have surfaced in those discussions, so there might be aspects of desirable criteria I might have missed; feel free to expand on this. manoj -- Do not worry about which side your bread is buttered on: you eat BOTH sides. Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Distributing software written by hostile upstream developers
On Thu, Sep 17, 2009 at 11:24:15PM +0100, Steve McIntyre wrote:
Still, I fail to see exactly how Steve was proposing to solve the
issue. He mentioned a vote, but to me the proposal was too vague to even
understand what we can vote about.
Oh, absolutely. :-) I don't have a concrete proposal for what we
could/should vote on yet, instead I'm looking for more opinions here.
Fair enough. However, re-skimming through the thread, I don't see any
specific option that have been raised that my warrant a vote. Actually,
I don't see a will to vote at all.
So, can't we just stay put and say that, when new cases will arise, we
will vote about whether the project wants a specific software---due to
difficulties in dealing with a specific upstream---in the distro or not?
I guess it depends on how often it might come up; do we need a YA
potential flamwewar each time, or can we come up with a set of
reasonable guidelines which will help maintainers/ftpmaster/TC to
decide without that?
If my memory is not mistaken, we have had one big thread on schilyware,
that's true. A flameware, may be, but it was not between us, but rather
all of us against schily. There is little you can do (beside using
well-known mailing list moderating measures) to avoid a flame when a
given hostile upstream comes trolling on our lists. In my opinion,
avoiding that does not warrant any specific vote of any kind.
Regarding the frequency, my personal taste is that the issue of hostile
upstream which damaged our lists has been rare enough not to require any
specific new procedure (which we will discuss to death, given how much
we love bureaucratic details). We should just remember, the next time
that such a problem arises, to call for a vote to make crystal clear
that the project does not want to deal with someone, for specific
reasons.
Cheers.
--
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
z...@{upsilon.cc,pps.jussieu.fr,debian.org} -- http://upsilon.cc/zack/
Dietro un grande uomo c'è ..| . |. Et ne m'en veux pas si je te tutoie
sempre uno zaino ...| ..: | Je dis tu à tous ceux que j'aime
signature.asc
Description: Digital signature
Re: Distributing software written by hostile upstream developers
On Fri, Sep 11, 2009 at 06:42:15PM +0100, Matthew Johnson wrote: On Thu Sep 10 12:53, Steve McIntyre wrote: Well, what happens if somebody wants to maintain software where there is a strong set of opinion that we don't want it? In this case, I'd like to delegate the power to the ftpmasters to say so and reject from NEW etc. If we have a clear consensus that that would be OK then fine; otherwise I'd like to run this through the GR process to make sure the project as a whole agrees. Isn't that a TC job? overruling developers? On technical issues, definitely. On issues that are not 100% technical? In case it's not clear, I'm not sure about where this should fit in, and I think that discussion of the options and people's opinions would be good. -- Steve McIntyre, Cambridge, UK.st...@einval.com We don't need no education. We don't need no thought control. -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Distributing software written by hostile upstream developers
On Fri, Sep 11, 2009 at 10:11:54AM +0200, Stefano Zacchiroli wrote: On Thu, Sep 10, 2009 at 10:42:45PM +0200, Joerg Jaspert wrote: In my opinion, the current recommendation in the developer references is enough for now: I concur. Different thing. This encourages the maintainer to think if he wants it. Now, what if the maintainer wants it (hey, some people might like some pain), but a huge group in Debian does not? The latter is what Steve tries to address, the dev-ref doesnt do any good there. Still, I fail to see exactly how Steve was proposing to solve the issue. He mentioned a vote, but to me the proposal was too vague to even understand what we can vote about. Oh, absolutely. :-) I don't have a concrete proposal for what we could/should vote on yet, instead I'm looking for more opinions here. Actually, I don't even think we need a _general_ solution for the cases you mention (which are at least a bit more precise enabling to understand what we are talking about). In those cases indeed, we would have a conflict between a single developer and the developer body. Cases like that are already supported by constitution per se by, for instance, having a GR (or even appealing to CTTE FWIW). One might think that the GR is too public and that can exacerbate the battle between the project and the upstream author, but actually in all past cases that come to my mind, the battle was already well known to the big public. So, can't we just stay put and say that, when new cases will arise, we will vote about whether the project wants a specific software---due to difficulties in dealing with a specific upstream---in the distro or not? I guess it depends on how often it might come up; do we need a YA potential flamwewar each time, or can we come up with a set of reasonable guidelines which will help maintainers/ftpmaster/TC to decide without that? -- Steve McIntyre, Cambridge, UK.st...@einval.com Welcome my son, welcome to the machine. -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Distributing software written by hostile upstream developers
On Thu, Sep 10, 2009 at 01:16:38PM +0200, Julien Cristau wrote: On Thu, Sep 10, 2009 at 00:12:18 +0100, Steve McIntyre wrote: Thoughts? I'm very much in favour of something like this. Debian is better off without schilyware imo. That's an obvious example, but (as others have pointed out) there are others... -- Steve McIntyre, Cambridge, UK.st...@einval.com ...In the UNIX world, people tend to interpret `non-technical user' as meaning someone who's only ever written one device driver. -- Daniel Pead -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Distributing software written by hostile upstream developers
On Thu, Sep 10, 2009 at 09:47:10AM -0500, Manoj Srivastava wrote: On Thu, Sep 10 2009, Steve McIntyre wrote: Well, what happens if somebody wants to maintain software where there is a strong set of opinion that we don't want it? In this case, I'd like to delegate the power to the ftpmasters to say so and reject from NEW etc. If we have a clear consensus that that would be OK then fine; otherwise I'd like to run this through the GR process to make sure the project as a whole agrees. It could be controversial, which is why I'm bringing this up now rather than via an argument after-the-fact... I would like to see more on how the ftpmasters (a small group of overworked people already tasked with too much) will be able to determine that there is a strong set of opinions that we do not want it (as opposed to a small vocal minority that vehemently opposes something -- we have had people violently opposed to things like HAL and udev)? Before we chose to override a DD's decision about their own package, there ought to be an objective criteria for that override, in my opinion. Sure, that sounds reasonable. What would you suggest as objective criteria? -- Steve McIntyre, Cambridge, UK.st...@einval.com There's no sensation to compare with this Suspended animation, A state of bliss -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Distributing software written by hostile upstream developers
On Thu, Sep 10, 2009 at 01:16:38PM +0200, Julien Cristau wrote: On Thu, Sep 10, 2009 at 00:12:18 +0100, Steve McIntyre wrote: Thoughts? I'm very much in favour of something like this. Debian is better off without schilyware imo. it's sadly not only about shilly. Some tuomoware is not really any better. -- ·O· Pierre Habouzit ··Omadco...@debian.org OOOhttp://www.madism.org signature.asc Description: Digital signature
Re: Distributing software written by hostile upstream developers
On Thu, Sep 10, 2009 at 10:42:45PM +0200, Joerg Jaspert wrote:
In my opinion, the current recommendation in the developer
references is enough for now:
I concur.
Different thing. This encourages the maintainer to think if he wants
it. Now, what if the maintainer wants it (hey, some people might like
some pain), but a huge group in Debian does not? The latter is what
Steve tries to address, the dev-ref doesnt do any good there.
Still, I fail to see exactly how Steve was proposing to solve the
issue. He mentioned a vote, but to me the proposal was too vague to even
understand what we can vote about.
Actually, I don't even think we need a _general_ solution for the cases
you mention (which are at least a bit more precise enabling to
understand what we are talking about). In those cases indeed, we would
have a conflict between a single developer and the developer
body. Cases like that are already supported by constitution per se by,
for instance, having a GR (or even appealing to CTTE FWIW).
One might think that the GR is too public and that can exacerbate the
battle between the project and the upstream author, but actually in all
past cases that come to my mind, the battle was already well known to
the big public.
So, can't we just stay put and say that, when new cases will arise, we
will vote about whether the project wants a specific software---due to
difficulties in dealing with a specific upstream---in the distro or not?
Do we really need something more than that?
Yet another procedure?
Cheers.
--
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
z...@{upsilon.cc,pps.jussieu.fr,debian.org} -- http://upsilon.cc/zack/
Dietro un grande uomo c'è ..| . |. Et ne m'en veux pas si je te tutoie
sempre uno zaino ...| ..: | Je dis tu à tous ceux que j'aime
signature.asc
Description: Digital signature
Re: Distributing software written by hostile upstream developers
On Fri, 11 Sep 2009, Matthew Johnson wrote: On Thu Sep 10 12:53, Steve McIntyre wrote: Well, what happens if somebody wants to maintain software where there is a strong set of opinion that we don't want it? In this case, I'd like to delegate the power to the ftpmasters to say so and reject from NEW etc. If we have a clear consensus that that would be OK then fine; otherwise I'd like to run this through the GR process to make sure the project as a whole agrees. Isn't that a TC job? overruling developers? The CTTE cannot overrule non-technical decisions of developers. [§6.1.4 only applies to technical decisions.] I suppose the project leader/ftpmasters could delegate this to the CTTE under §5.1.4 and the CTTE could make a decision under §6.1.3, but I'm not sure how that would interoperate with §6.1.4. Presumably the project leader has the authority to override non-technical decisions that affect the project under §5.1.4. Don Armstrong -- It's not Hollywood. War is real, war is primarily not about defeat or victory, it is about death. I've seen thousands and thousands of dead bodies. Do you think I want to have an academic debate on this subject? -- Robert Fisk http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Distributing software written by hostile upstream developers
On Fri, Sep 11, 2009 at 03:07:47PM -0700, Don Armstrong wrote: On Fri, 11 Sep 2009, Matthew Johnson wrote: On Thu Sep 10 12:53, Steve McIntyre wrote: Well, what happens if somebody wants to maintain software where there is a strong set of opinion that we don't want it? In this case, I'd like to delegate the power to the ftpmasters to say so and reject from NEW etc. If we have a clear consensus that that would be OK then fine; otherwise I'd like to run this through the GR process to make sure the project as a whole agrees. Isn't that a TC job? overruling developers? The CTTE cannot overrule non-technical decisions of developers. [§6.1.4 only applies to technical decisions.] I suppose the project leader/ftpmasters could delegate this to the CTTE under §5.1.4 and the CTTE could make a decision under §6.1.3, but I'm not sure how that would interoperate with §6.1.4. Presumably the project leader has the authority to override non-technical decisions that affect the project under §5.1.4. 6.1.2 gives the TC the power to decide who is the maintainer of a package. By deciding that the ftp-master is the maintainer of the package, the ftp-master would have the authority to decide the package should be removed from the archive... :) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: Digital signature
Re: Distributing software written by hostile upstream developers
The developers reference now contains a paragraph concerning hostile upstreams: http://www.debian.org/doc/developers-reference/developer-duties.html#upstream-coordination http://bugs.debian.org/523985 -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Distributing software written by hostile upstream developers
On Thu, Sep 10, 2009 at 00:12:18 +0100, Steve McIntyre wrote: Thoughts? I'm very much in favour of something like this. Debian is better off without schilyware imo. Cheers, Julien -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Distributing software written by hostile upstream developers
On Thu, Sep 10, 2009 at 11:00:53AM +0200, Petter Reinholdtsen wrote: [Steve McIntyre] There has been some discussion in the last couple of years about whether or not Debian should distribute software that was written by developers that we consider to be hostile. In my opinion, the current recommendation in the developer references is enough for now: If you find that the upstream developers are or become hostile towards Debian or the free software community, you may want to re-consider the need to include the software in Debian. Sometimes the social cost to the Debian community is not worth the benefits the software may bring. If someone really want to maintain such package, we should not prohibit it, but we should make it clear that it is strongly recommended to not maintain such package, and that the advantage of the software should be weighted against the problems it causes for the Debian community. Perhaps we should also suggest that one start working on alternatives for packages with hostile upstream, instead of spending time on social interactions with upstream. :) Well, what happens if somebody wants to maintain software where there is a strong set of opinion that we don't want it? In this case, I'd like to delegate the power to the ftpmasters to say so and reject from NEW etc. If we have a clear consensus that that would be OK then fine; otherwise I'd like to run this through the GR process to make sure the project as a whole agrees. It could be controversial, which is why I'm bringing this up now rather than via an argument after-the-fact... -- Steve McIntyre, Cambridge, UK.st...@einval.com Since phone messaging became popular, the young generation has lost the ability to read or write anything that is longer than one hundred and sixty characters. -- Ignatios Souvatzis -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Distributing software written by hostile upstream developers
On Thu, Sep 10 2009, Steve McIntyre wrote: On Thu, Sep 10, 2009 at 11:00:53AM +0200, Petter Reinholdtsen wrote: If someone really want to maintain such package, we should not prohibit it, but we should make it clear that it is strongly recommended to not maintain such package, and that the advantage of the software should be weighted against the problems it causes for the Debian community. Perhaps we should also suggest that one start working on alternatives for packages with hostile upstream, instead of spending time on social interactions with upstream. :) Well, what happens if somebody wants to maintain software where there is a strong set of opinion that we don't want it? In this case, I'd like to delegate the power to the ftpmasters to say so and reject from NEW etc. If we have a clear consensus that that would be OK then fine; otherwise I'd like to run this through the GR process to make sure the project as a whole agrees. It could be controversial, which is why I'm bringing this up now rather than via an argument after-the-fact... I would like to see more on how the ftpmasters (a small group of overworked people already tasked with too much) will be able to determine that there is a strong set of opinions that we do not want it (as opposed to a small vocal minority that vehemently opposes something -- we have had people violently opposed to things like HAL and udev)? Before we chose to override a DD's decision about their own package, there ought to be an objective criteria for that override, in my opinion. manoj -- Q: What's yellow, and equivalent to the Axiom of Choice? A: Zorn's Lemon. Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Distributing software written by hostile upstream developers
There has been some discussion in the last couple of years about whether or not Debian should distribute software that was written by developers that we consider to be hostile. In my opinion, the current recommendation in the developer references is enough for now: Different thing. This encourages the maintainer to think if he wants it. Now, what if the maintainer wants it (hey, some people might like some pain), but a huge group in Debian does not? The latter is what Steve tries to address, the dev-ref doesnt do any good there. If someone really want to maintain such package, we should not prohibit it, but we should make it clear that it is strongly recommended to not maintain such package, and that the advantage of the software should be weighted against the problems it causes for the Debian community. Perhaps we should also suggest that one start working on alternatives for packages with hostile upstream, instead of spending time on social interactions with upstream. :) It will not prohibit the maintenance. It will only not let it enter Debian, using up Debian resources. They are free to host their own repository or just put the .deb wherever upstream distributes their code. -- bye, Joerg You're in good shape for being a Debian, with a SAP background ... anything has to look good from there... -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Distributing software written by hostile upstream developers
Thoughts? I'm very much in favour of something like this. Debian is better off without schilyware imo. This isnt special to that. We had/have other people as upstreams we might not like. (How about the one that purposely added broken code in a way that it will run on every users system but never on the maintainers?) -- bye, Joerg [2.6.15.4 direkt nach 2.6.15.3] HE Linus muss Gentooler hassen. formorer wieso? HE Naja, die dürften ihre optimierten Kernel gerade fertig gebaut haben und müssen jetzt aus prompter Versionitis auf das Ausprobieren verzichten und den neuen kompilieren... -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Distributing software written by hostile upstream developers
In terms of rationale, I think it's clear that we do *not* have to package every piece of Free Software that is available to us. If we can't have a sensible relationship with the upstream developers, then I believe it would be better not to expose Debian and our users to the problems that will likely arise from packaging and distributing their software. I am all in favor of being able to refuse the addition of software to Debian if we know that its upstream is a troublemaker. I am all against having this responsibility solely with FTPMaster. I wish/hope it will end up being with a group of DDs. That group should include FTPMaster (as we have to carry out the decision) and many DDs From all around the project. A dozen or more, diversity==win in this case. Even better if the group members term expire together with the DPLs and they have to be selected and delegated again. (Ok, that excludes FTPMaster from rotation, as we dont change that often). And every DD can send in statements in support of other DDs (or themself) to join the group *or* get another term, as well as getting them out next rotation. Or, even harder though better: The DPL or someone appointed seeks out members each time we have an issue brought up. Not getting the same person into the group three times in a row. (Or something like it). Yes, this makes it difficult and lotsa work. But heck, we are going to reject packages based on social and *NOT* technical standards. If that gets to be an easy thing we are doing it wrong. Especially as the perception of social standard and behaviour tends to be very different From person to person[1], so having this be done by a large group hopefully makes it better, as more viewpoints are added.[2] [1] Imagine being the one poor guy of (select one: different nationality, color, religion, whatevercraphumanscanthinkabout) in the middle of a circle of 30 bad guys with knifes of (the opposite what you just selected). Thats a *very* different point of view. :) No, seriously - we are a very widespread project, such a group should reflect this. [2] Sure they will have to have a way to get out of pointless discussions, but Im sure we can find/define a process for it. -- bye, Joerg Karnaugh Guy I wrote this thing but it really sucks Karnaugh Canonical Awesome! We will release it asap pgpIvaNANY7iV.pgp Description: PGP signature
Distributing software written by hostile upstream developers
Hi folks, There has been some discussion in the last couple of years about whether or not Debian should distribute software that was written by developers that we consider to be hostile. I also ended up talking to multiple people at DebConf about this issue and it was suggested that we should have a proper project discussion on this front, maybe leading to a GR to properly gauge the opinion of the project as a whole. Well, I think it's time we did that. What do we mean by hostile? Well, I think there are a few obvious examples: * irrational/agressive behaviour towards Debian developers and users on mailing lists and elsewhere * (unsubstantiated or not) legal threats against DDs, Debian or our users * shipping deliberately broken or booby-trapped software that will cause problems for our developers or users * total disagreement over the terms and rights of the licenses attached to the software * stated policies that the software must not be patched, packaged, distributed etc. I won't pretend that this is a complete list of what we should consider to be hostile, but I think it's a reasonable place to start. People who have been following the Debian lists over the last few years will probably quickly be able to think of examples of particular developers for each of those points, but I don't see any point in naming names here. In terms of rationale, I think it's clear that we do *not* have to package every piece of Free Software that is available to us. If we can't have a sensible relationship with the upstream developers, then I believe it would be better not to expose Debian and our users to the problems that will likely arise from packaging and distributing their software. Thoughts? -- Steve McIntyre, Cambridge, UK.st...@einval.com Armed with Valor: Centurion represents quality of Discipline, Honor, Integrity and Loyalty. Now you don't have to be a Caesar to concord the digital world while feeling safe and proud. signature.asc Description: Digital signature
