Re: Question about contributing to debian financially.
On Wed, 2022-11-16 at 08:35 -0500, Zeke Williams wrote: > I have an additional question for if I were to hire someone personally > to maintain certain debian packages. What happens with the security > team if a package has no maintainer and a security vulnerability is > found? Does the security team recompile the package with the patch > even if there is no maintainer? Is it more difficult to get involved > with the security team or maintainers team? Anyone can contribute security updates to Debian. The security team do a lot of the work on that and they work on any package in Debian. They do not fix every security issue, some minor issues are left either without fixes or for someone else, usually the package maintainer. Joining the security team can only happen after one is already a Debian member and presumably after the person has been contributing security fixes for some time without being part of the team yet. If someone wants to get involved in improving Debian security, please have them take a look at our pages about Debian and security support: https://www.debian.org/security/ https://www.debian.org/security/faq https://wiki.debian.org/Teams/Security https://security-team.debian.org/ https://security-tracker.debian.org/tracker/ https://security-tracker.debian.org/tracker/data/report https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#bug-security -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Re: Question about contributing to debian financially.
On Wed, Nov 16, 2022 at 08:35:01AM -0500, Zeke Williams wrote: I have an additional question for if I were to hire someone personally to maintain certain debian packages. What happens with the security team if a package has no maintainer and a security vulnerability is found? Does the security team recompile the package with the patch even if there is no maintainer? Yes. Is it more difficult to get involved with the security team or maintainers team? If by "getting involved" you mean joining, as oppose to interacting with, the security team is much more difficult than "maintainers team" which I take to mean any package maintainer. -- Please do not CC me for listmail. 👱🏻 Jonathan Dowland ✎j...@debian.org 🔗 https://jmtd.net
Re: Question about contributing to debian financially.
I have an additional question for if I were to hire someone personally to maintain certain debian packages. What happens with the security team if a package has no maintainer and a security vulnerability is found? Does the security team recompile the package with the patch even if there is no maintainer? Is it more difficult to get involved with the security team or maintainers team? On Tue, Nov 15, 2022 at 6:40 PM Paul Wise wrote: > > On Tue, 2022-11-15 at 12:22 -0600, Gunnar Wolf wrote: > > > Debian is defined –and proud– to be a volunteer-based project, > > that is, we don't hire and have never hired people to do our work, > > technical or otherwise. > > The only exception thus far has been Outreachy internships. > > > If you donate funds to Debian, we will most likely use them in > > hardware for the different project activities, hosting and > > connectivity, or travels for Debian conferences / miniconferences. > > https://www.debian.org/donations > > > If what you want to do is to ensure a given area of the project is > > well maintained, you can hire Debian Developers or Maintainers, and > > pay them to improve the areas you feel to be more important. > > https://lists.debian.org/debian-jobs/ > https://lists.debian.org/debian-consultants/ > https://www.debian.org/consultants/ > https://www.fossjobs.net/ > https://github.com/fossjobs/fossjobs/wiki/resources > > > There are many cases of individuals and compaines donating to Debian > > in both ways; perhaps the most visible is the Freexian's "Long Term > > Support" for Debian releases. > > https://wiki.debian.org/LTS > https://wiki.debian.org/LTS/Funding > https://wiki.debian.org/LTS/Team > > Freexian is also funding general Debian development: > > https://salsa.debian.org/debian/grow-your-ideas > https://freexian-team.pages.debian.net/project-funding/ > https://salsa.debian.org/freexian-team/project-funding > > -- > bye, > pabs > > https://wiki.debian.org/PaulWise
Re: Question about contributing to debian financially.
On Tue, 2022-11-15 at 12:22 -0600, Gunnar Wolf wrote: > Debian is defined –and proud– to be a volunteer-based project, > that is, we don't hire and have never hired people to do our work, > technical or otherwise. The only exception thus far has been Outreachy internships. > If you donate funds to Debian, we will most likely use them in > hardware for the different project activities, hosting and > connectivity, or travels for Debian conferences / miniconferences. https://www.debian.org/donations > If what you want to do is to ensure a given area of the project is > well maintained, you can hire Debian Developers or Maintainers, and > pay them to improve the areas you feel to be more important. https://lists.debian.org/debian-jobs/ https://lists.debian.org/debian-consultants/ https://www.debian.org/consultants/ https://www.fossjobs.net/ https://github.com/fossjobs/fossjobs/wiki/resources > There are many cases of individuals and compaines donating to Debian > in both ways; perhaps the most visible is the Freexian's "Long Term > Support" for Debian releases. https://wiki.debian.org/LTS https://wiki.debian.org/LTS/Funding https://wiki.debian.org/LTS/Team Freexian is also funding general Debian development: https://salsa.debian.org/debian/grow-your-ideas https://freexian-team.pages.debian.net/project-funding/ https://salsa.debian.org/freexian-team/project-funding -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Re: Question about contributing to debian financially.
Hello Zeke, Zeke Williams dijo [Tue, Nov 15, 2022 at 08:36:15AM -0500]: > I'm considering in the future, funding the debian project financially. > More specifically, helping fund hiring package maintainers for > orphaned packages as well as individuals who can maintain the security > patches. How can I help? Or rather, how would I be able to help if I > wanted to help in the future? First and foremost, thanks for your interest in helping Debian! Debian is defined –and proud– to be a volunteer-based project, that is, we don't hire and have never hired people to do our work, technical or otherwise. If you donate funds to Debian, we will most likely use them in hardware for the different project activities, hosting and connectivity, or travels for Debian conferences / miniconferences. If what you want to do is to ensure a given area of the project is well maintained, you can hire Debian Developers or Maintainers, and pay them to improve the areas you feel to be more important. There are many cases of individuals and compaines donating to Debian in both ways; perhaps the most visible is the Freexian's "Long Term Support" for Debian releases. signature.asc Description: PGP signature