Re: (last minute) Question to both candidates: CRA+PLD, similar regulations, and Debian
On 05/04/24 23:51, santiago wrote: Dear DPL candidates, As you may be aware, the EU has adopted a new cybersecurity regulation [CRA] and other countries are following the example. You may also be aware that Debian issued a public statement about it (based on a previous draft version of the regulation) last year. CRA will have an impact on commercial Debian downstreams, specifically on all of those who are placing a Debian-inside product in the EU single market. Part of the requirements rely on data that should be found in every single package integrated by the commercial downstream. And, as of today, part of that data is non existing. E.g.: include (meta)data about the support status upstream (supported, non-supported version, EOS date, ..., required for Article 13 (11)). Also manufacturers are required to "apply effective and regular tests and reviews of the security of the product with digital elements" (Annex I pII (3)). Non-commercial FLOSS products/projects do not have to comply with CRA. However, I think there could be an impact in the industry regarding the adoption and use of Debian. What are you thoughts on the subject? Should Debian help those commercial downstreams to fulfill the requirements? Right now I do not have a lot of idea about CRA and its impact, but I would say what I think about downstream distros. Since in Debian, we do not want to discriminate between commercial and non-commercial adaptations, I do think that we should look into the issue and see if there is any way that Debian can help out. For this, we need to study in detail about CRA, may be take help from lawyers and explore possibilities. [CRA]https://www.europarl.europa.eu/doceo/document/TA-9-2024-0130_EN.html Thanks for running for DPL to both of you! -- Santiago OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Question to candidates: Addressing Bandwidth Challenges in Debian
On 26/03/24 00:26, Nilesh Patra wrote: It is no secret that most (probably all?) teams (delegated and otherwise packaging/developer teams) in Debian struggle with limited developer time and almost everything in Debian needs help. In quite a few teams that I've seen and also been a part of, there are only 3-4 people sharing a bulk of workload, sometimes it is even worse and there are 1-person teams too -- teammetrics stats can shed some light on it[1]. I completely agree with you. We definitely have shortage of volunteers for different teams. This imbalance can lead to exhaustion, burnouts, et. al. and having a low bus factor also poses an issue for stale packages/development in the corresponding teams when the people doing a lot of work there become busy with RL and can't dedicate much time. Do you have any plans to address this or any strategies so the workload could be somewhat better managed making this sustainable? (I know outreach to get new people onboard is one option but I'm looking for more opinions/points here.) To be honest, I do not have any solid plan or strategy to deal with this issue. The lack of volunteers to take up tasks is not just an issue with Debian, but is common in other free software groups or any volunteer based groups. As a DPL, one thing I plan to do is review the delegated teams and talk to them to know if they are understaffed and/or overloaded and address the issue appropriately. Also, I would be interested to hear from Debianites if they have some interesting suggestions. Another thing I have in mind is to interact and learn from other free software/volunteer groups how they are coping up with this bandwidth issue. [1]:https://wiki.debian.org/Teammetrics/API PS: While this question is for DPL candidates, anyone is free to chime in. Best, Nilesh OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Question to candidates: what are your quantitative diversity goals and metrics?
On 28/03/24 05:56, Roberto C. Sánchez wrote: Greetings candidates, QUESTION TO THE CANDIDATES: what are your quantitative diversity goals and metrics, and what are the rationales behind those goals and metrics? Sorry, I do not wish to put a quantitative value to solve a social issue. Some context: Both platforms cite imbalances in the areas of gender and geography as concerns contributing to each candidate's desire to serve as DPL. Andreas: "Currently, there is a notable over representation of male contributors originating from countries typically considered industrialized." Sruthi: "... more gender diverse people will feel comfortable joining our community. Geographic/ethnic diversity are also important areas which need attention." (I should note that Sruthi's platform dedicated considerably more space to the issue of diversity, but the particular statement I chose to quote seemed representative.) ... - Debian should represent the gender diversity of the whole world. The world population is split approximately 50/50 male and female (with a very slight bias towards more males) [1], with "transgender people and other gender minorities, who comprise an estimated 0.3–0.5% (25 million) of the global population" [2]. Using the above figure of 1004 DDs, a balanced Debian population could be 500 male DDs, 499 female DDs, and 5 DDs who identify as transgender or another gender minority. Based on this composition, it seems likely that Debian has adequate representation of transgender and gender minority DDs, so focusing efforts specifically on outreach to women would provide the greatest benefit towards achieving a balanced representation. Again, these are merely examples. I am interested in how you define diversity and what metrics and goals you derive from that definition. I believe there is no point in talking in % when more than 95% of people are from one gender. Regards, -Roberto [0]https://en.wikipedia.org/wiki/List_of_countries_by_population_(United_Nations) [1]https://en.wikipedia.org/wiki/Human_sex_ratio [2]https://web.archive.org/web/20220131080803/https://www.euro.who.int/en/health-topics/health-determinants/gender/gender-definitions/whoeurope-brief-transgender-health-in-the-context-of-icd-11 OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Question to all candidates: Bits from the DPL?
On 03/04/24 01:35, Louis-Philippe Véronneau wrote: Hello! Jonathan's latest "Bits from the DPL" entry reminded me of how much I like those :) I also like reading them. What are your thoughts on the format? I like the format, but sometimes it becomes too long that I end up not finishing reading them in one go. If you are elected, do you plan to publish regular "Bits"? If not, how do you plan to communicate with the rest of the project with regards to the work you are doing? Yes, I do plan to have regular "Bits" and may be increase the frequency so that the mails are not too long. Apart from the "Bits" mail, I intend to communicate to the project about all the important decisions/topics. Cheers! OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Q to Sruthi: technical goals and relevance of Debian
On 05/04/24 12:26, Lucas Nussbaum wrote: Hi Sruthi, In your platform and answers to questions here, I feel that you mainly focus on the "behind the scenes" aspects of Debian for the public, that is, how the project works. This is of course extremely important, but to put it bluntly, I believe that for Debian to be successful, it first needs to be good at what it produces (the distribution). Being a diverse and welcoming and generally well-functionning community is nice, but not very important if what we produce becomes irrelevant and nobody cares about Debian anymore. Do you agree? Yes, I do agree that we should be good or rather aim to be the best among the distros. Regarding what we produce, what do you perceive as the main challenges ahead? What are our main weaknesses to address them? What are the big threats that we will likely have to face in the next years? Are there opportunities we could leverage? Currently we have a good share of servers and systems running on Debian, but if we take newer devices like smartphones and embedded systems, we are far behind. I believe that we are reluctant to change and that is holding us back in exploring new horizons. In upcoming years, many of our current excellent projects will be obsolete and we may not be good enough in newer projects if we are reluctant to change. The biggest threat is the rate of change the technological world is going through - will we able to keep up with them? Of course, as the DPL, it is unlikely that you will find the time to work on those challenges yourself. But you will have many opportunities to draw attention to topics of importance (in interviews, talks, bits, etc.), or, when allocating ressources (e.g. Debian funds) to prioritize one topic or another. While I do agree that a DPL has some influence on drawing attention to certain topics, it is the project as a whole which should take up the challenge to change and stay relevant. Best, Lucas OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Question to all candidates: GDPR compliance review
On 05/04/24 03:11, Adrian Bunk wrote: Hi, this email has two parts: A short question where I would appreciate a "yes" or "no" answer from all candidates, and a longer explanation what and why I am asking. Question: If elected, will you commit to have a lawyer specialized in that area review policies and practices around handling of personal data in Debian for GDPR compliance, and report the result of the review to all project members by the end of 2024? Maybe. I do think we might need some review in this regard, but right now I do not have all the details about GDPR, so I can't be sure and say yes. OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Question to all candidates: What are your technical goals
On 03/04/24 01:42, Marc Haber wrote: Dear Candidates, There are many people who see Debian as a technology project, with the technical goal of producing The Universal Operating System. I believe that Debian is both a technology project and a community. What are you planning to do to Debian from a technical and technological point of view? What do we well, where do we suck on the technical site? If we do suck in some technical points, what are you planning to do to improve those things? I believe position of DPL is more of an administrative position than a technical decision making position. If I become the DPL, I would love to hear answers for the above questions from the whole project and let us all, as a project, come up with some great solutions. What is your position about technical leadership? Are our technical decision-making processes up to today's challenges? In Debian, I do not think we need a technical leadership through a DPL. I consider this as the unique aspect of our Constitution that sets Debian apart from other distros. In Debian, unlike other distros, every Debian Member can start and lead the change they want in Debian. Let us take the example of non-free firmware in Debian. It was one of the biggest technical change in Debian, but the DPL was not the one who lead the discussions/decision-making process. I believe the decision making system in Debian is good enough that DPL need not be involved in technical decision making. Thanks for your consideration to answer these questions despite platforms containing language about this topic. Greetings Marc OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Question to candidates: How do you plan to manage finances/accounting?
On 25/03/24 17:04, Jonathan Carter wrote: Hi Sruthi On 2024/03/22 19:51, Sruthi Chandran wrote: I agree on your point of lack of transparency about the finances. But from what I understood from highvoltage's platform last year, the problem is more to do with the current delayed, manual and tedious accounting process. The accounting processes have definitely been one of the stumbling blocks. We now have a new reimbursement system that's live (and even in use by some!) at https://reimbursements.debian.net Once we have everything going through there, it will be much easier to get all kinds of reporting and insights into our spending (where, right now, other than me polling the TOs and posting a summary, everything else has been close to impossible). It's still under development, but it's shaping up nicely, so I think in the future, the financial administration will be far less of a burden to the DPL than it has been for years already. Thanks Jonathan, that is really good to know. -Jonathan OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Question to all candidates: what to do with the Debian money, shall we invest in hardware and cloud?
On 27/03/24 04:54, Thomas Goirand wrote: Hi, As you know, there's a large amount of money sleeping in SPI account for Debian. Do you have ideas on how to spend it? From Jonathan's mail, I think we do not have too much money unused now. Would you be ok spending 100k USD on buying hardware for a new Debian cloud, for example? I've always volunteered to operate it for Debian, but it never went through, because I haven't spent time to find where to host it and so on, but highvoltage liked the idea. Do you like this idea? Do you think it'd be useful for Debian? As I mentioned in some previous questions, I would be interested to hear about ideas to make good use of our money. But I would not be taking decisions on spending "big" amount of money without much discussion within the Debian community. Based on some experience we had in our Free Software Community of India, I have learned that hosting services is a task that require good amount of effort and time for maintenance. If we do not have a enough volunteers to handle them, it will result in burnout and eventually the services die. Let us take up this topic after the elections (if I become the DPL) and evaluate the pros and cons before committing. Also, I found very annoying that we don't have enough buildd, or that the reproducible build project doesn't have as much hardware as they would like. Would it be ok to spend another 100k USD for this kind of things. Generally speaking, spending on hardware in my opinion is a good investment. Jonathan in his mail mentioned that some amount of money was spent recently for hardwares by DSA. So let us revisit this request later, discuss with DSA and decide. OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Candidates question: politics and Debian
On 3/22/24 21:29, Soren Stoutner wrote: On Friday, March 22, 2024 3:08:53 AM MST Rhonda D'Vine wrote: Unfortunately you still are hung up on your discriminatory and downright disrespectful position that you brought up in 2019 already, haven't learned from the discussion, and still seem to find a way that the Code of Conduct wouldn't apply to you, nor the DFSG#5. I feel very strongly that these types of discussions do not belong in Debian. There are many good causes in the world and much disagreement about what they are. For Debian to succeed, it needs to focus on producing a quality software distribution. Discussions about tangentially related controversial topics, no matter how good the cause may be, doesn’t result in any benefit to those causes but does result in harm to Debian. The animosity in the previous email is representative of this (I have only quoted one of the paragraphs above because I do not find the tone of the message appropriate for a Debian mailing list). I discussed about my thoughts on general causes in a previous mail. But there are some topics like gender issues that are relevant to Debian. Debian is not just an operating system. It is also a community, one which declares its positive stand regarding diversity. If one does not want to participate in such discussions, they are free to not involve. But when participating, everyone should ensure that the communication is respectful to all and there is no CoC violation. OpenPGP_0xC7EA1BE1574DED5D.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Sruthi's platform
On 3/22/24 16:13, Pierre-Elliott Bécue wrote: Joost van Baal-Ilić wrote on 22/03/2024 at 09:54:35+0100: On Fri, Mar 22, 2024 at 06:51:48AM +0100, Joost van Baal-Ilić wrote: PS: I am eagerly awaiting a platform from Sruthi Chandran . Up to now there still is the old one at https://www.debian.org/vote/2021/platforms/srud . Oops: apparently I missed https://www.debian.org/vote/2024/platforms/srud . Sorry. And thanks for opening the rig: I have one question regarding Sruthi's platform. In it, it is stated that: " I would like to revisit our relationship with the existing trusted organisations, fund management procedure and if needed, explore the possibilities of having more TOs to reduce dependency on one or two. During DebConf23 organising, we had to face numerous fund distribution issues. Some of it definitely was specific to Indian scenario, but still I could think of a lot of improvement that can be done with respect to fund distribution through TOs." Being Debian France's treasurer since 2019 (dunno yet if treasurer will be my main endeavour should I be reelected this year, but I'll definitely continue to help as much as I can whatever my role becomes), I have two issues: 1. Many TOs create more liabilities: I have a certain memory of ffis eV, which disappeared with Debian assets. It's already hard to follow how things go under three TOs, so if we go to more, how do you expect to cope and avoid similar scenarii or worse? I am also aware of such disappearance. Having TOs with just 1-2 people responsible is a warning sign. We should act before it is too late. If we are going for more TOs, it would be ensured that there is a team of people and a good governing structure before committing. Regular review of the functioning of the TOs would be done and revoke agreements with TOs that shows signs of collapse. About monitoring assets in TOs, regular reporting would be set as a requirement in the agreement. DPL or may be someone delegated (Treasurers?) would have to ensure the reporting is happening regularly. These are some thoughts I have with my limited understanding of TOs and their relation with Debian. Once I have more clear picture, I might get some more ideas. 2. SPI is too centric in the TO ecosystem. I completely agree! After having spent two years in DF Treasurer, and more than 30 to 50% of my Debian dedicated time attending to it, I learnt that a) SPI takes 5% of anything it receives for Debian (Debian France does not do that and will never do that) and b) it own 90% of Debian assets while it's very slow to process much things and is reluctant to rebalance these. What's "funny" is that this situation led DebConf organizers to ask us to become the spine of DebConf registration financial aspects, as it seems despite being alone (not anymore since the end of 2022, <3 jipege) and not paid for it, I'm more reactive (and yet, some people could tell that sometimes I take far too much time, and I'd like to apologize for that) on these matters, and also keen on trying to find solutions when things go outside of the defined frame. True in my experience too. Debian France and Debian.ch had very short turn around times. So, what seems important to me is rather this aspect. How did we get here? What do we intent do to about it? Incorporating Debian is a fine idea to me, and I'd still be happy to manage Debian assets, but at some point, the dyfunctional aspect, to me, is rather the way SPI evolved and the relation that resulted from this evolution. How did we get here - I do not know. A lot of research would be needed to understand that or someone with more historic understanding could help here. Having 90% of assets in a single TO itself is not a good thing. That is like putting all the eggs in one basket. I suggested more TOs mainly to redistribute these assets. I know this would be a herculean task, but I would like to at least get it started. I do agree on your point of why things are dysfunctional. When things have evolved and things are not looking good, we should revisit the whole thing. This also is not going to be an easy task. I'd like to hear both your feelings on this, and I'd really appreciate to get Jonathan's insights on this, too, as he did the DPL job for a long time and might have clues I don't have and failed to get from him (bc he's busy) over IRC chat. Thanks OpenPGP_0xC7EA1BE1574DED5D.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Question to candidates: How much available time would you have for DPL work?
On 3/22/24 15:47, Nilesh Patra wrote: I have worked with both Andreas and Sruthi in some capacity in different teams so I have some idea about about the turn-around time for both (usually quick). In Debian, responding to something in around a week is normal (anf good), however, some DPL tasks would likely come out as urgent+important and would require you to revert within 24h. When something is urgent, turnaround within a day or so should be possible for me. Ping me on IRC and matrix, just in case something is to be done in lesser than one day. While I was answering this question, a thought came to mind. Sending mails to leader@ classified as URGENCY - Low, Medium, High could have better response time. The leader@ inbox would be overflowing with messages and identifying the urgency will make things efficient. How effectively do you think you'd manage something like this? Do you also intend to change something w/ respect to the current time you're spending on Debian? Do you intend to re-org the time you spend into technical work (for andreas) or outreach/community/AM team activity (for srud) into DPL tasks? I would be definitely increasing my Debian time. Also, most of my current activities are in delegated teams from which I will be released if I become DPL. So I will have that time too. Best, Nilesh OpenPGP_0xC7EA1BE1574DED5D.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Question to candidates: new legal entity for Debian worldwide
On 3/22/24 11:21, Joost van Baal-Ilić wrote: Hi, There has been discussion of having one new legal entity representing the Debian project worldwide. What are the candidates opinions on that? I am interested in the idea of having a legal entity for Debian. Till a year back, I was not in favor of having such an entity. But some of my experiences, especially during DebConf23 made me rethink. I still think there are numerous pros for not having a legal entity, but there are cons too. When we have to deal with an external organization, or when having a legal battle or when interacting with Government entities etc, having a legal standing makes things easier. But with the legal standing comes the problems of bureaucracy, reporting, jurisdiction etc. The decision to register Debian should not be taken in haste. There is a history of great communities going dormant after legal registration - burdened by extensive reporting required or with non-functional officials. If we ever end up registering, the by-law should be written with great care to maintain the unique and efficient ways of functioning we currently have in Debian. The whole process of registering Debian as legal entity should a GR with good amount of discussion. OpenPGP_0xC7EA1BE1574DED5D.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Question to candidates: How do you plan to manage finances/accounting?
On 3/22/24 09:23, Nilesh Patra wrote: I am interested in knowing about what the current candidates think about accounting bits in Debian and how they think about spending the money. I think the money should be spent based on the evaluation of cost to benefit ratio. As I have read and from time to time observed, the finances in the project do not have a lot of transparency and there are updates posted semi-occasionally on -private and sometimes in DPL talks. Jonathan also wrote about it in one of their previous campaigns. Itd also be good to know if there's a plan on where the budget shall be best spent. While I believe that deciding in advance where to spend and where not to spend money in advance is not a great idea in our context. If there is a fixed amount of money to be spent in a year, distributing under various budget headers would be a good idea. But in Debian, it is not the case. Some years, there will be more expenditure and some years not much. Only plan I right now have is to revisit the diversity budget and how to increase the efficiency. My money spending decisions will be based on "does the outcome justify the expenditure". I agree on your point of lack of transparency about the finances. But from what I understood from highvoltage's platform last year, the problem is more to do with the current delayed, manual and tedious accounting process. Now I do not have access to the accounting process, but once I have access, I would definitely spend some time to evaluate if a better process can be implemented. I would try my best to have transparency in finances (at least on -private). I would like to know if the candidates for this term have any plans about it or any thoughts in general. Both of your platforms have only a (very) vague idea about it and I'd like to know more specifics about it. I know my answer here also does not have much specifics, it is because I prefer a case to case decision rather than a general decision. PS: I urge _only_ the candidates to reply to this mail 😀 Best, Nilesh OpenPGP_0xC7EA1BE1574DED5D.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Candidates question: politics and Debian
On 3/20/24 00:31, Paulo Henrique de Lima Santana wrote: Hi Andreas, Em 19/03/2024 11:46, Andreas Tille escreveu: If this question is whether we should target for less power consumption I consider this topic as perfectly non-controversal and part of our mission statement. I can't imagine any user wants to spent more money on energy to run a Debian system or might be happy about seeking for the next power plug to recharge the laptop battery. Probably also people who do not believe in the need to reduce the carbon footprint will be interested in less energy consumption and I consider this as part of our mission statement. In your page, you wrote: "I would encourage everyone to minimize air travel whenever possible. Fortunately, I've noticed a tendency among Debian community members to prefer land travel over flights anyway." How about travels between continents, and traveks in regions/continents without the same train network you have there in Europe? I think opting for reduced air travel (and/or carbon footprint) should be a personal decision and not DPL's. But what I, as DPL, would do is to evaluate if the "cost" of travel is proportional to the benefit of travel. I hope my platform was clear enough that I'm in favour of increasing the diversity in Debian. I read you page yesterday but I would like to know what ideias do you have to increase gender representation and geographic diversity? I'm sure everybody is in favor to increase diversity, but what can be done in practice? Some ideas I have are: * more focused spending of diversity budget to ensure the benefits reach eligible people * having a delegated team focusing on diversity * bring to limelight the diversity we already have. People from under-represented groups will free comfortable joining the community if they know there are similar people in the community already. * getting Debian local groups more active to increase Geographical diversity Best regards, OpenPGP_0xC7EA1BE1574DED5D.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Candidates question: politics and Debian
On 3/19/24 14:08, Gerardo Ballabio wrote: Andreas Tille wrote: How would you as a DPL try to lead a community that focuses on producing a great distribution without getting divided on controversial topics? I'm not really sure in how far you consider the first statement relevant to the question. If your focus is on political controverses I have a clear statement: Make sure off-topic messages will be reduced to a bare minimum on Debian channels (maximum is one message to invite people to a non-Debian channel and mark this invitation [OT]). Limiting off-topic posts is obviously agreeable, but there's more than just that. Another facet of the question is: do you think that Debian should support and/or take action on "good causes" that aren't part of its stated mission (and that some people, including some DDs, might disagree on being "good")? I agree that our focus should be on Debian OS, Debian community and Free Software ecosystem etc. But if someone wants to do something for general "good causes", as long as it is not creating trouble for others or violating CoC or social contract etc should be fine. Ours is the "do-cracy" culture and I think we can apply that here too. For example (by no means an exhaustive list, feel free to add): - should Debian aim to reduce its carbon footprint and/or optimize software for that goal? For reducing carbon footprint, not doing any in-person events is not a good idea, but anyone can organize online events in addition to regular events. Similarly there is no harm in doing some software optimization as long as someone is willing to do that. - should Debian support and/or actively drive initiatives to increase diversity in Debian Developers, or in the software industry in general, or in the world at large? I strongly believe that increasing diversity should be a focus area under Debian community. This in my opinion is not a "general good cause", rather a very essential part of the community aspect of Debian. - should Debian take any measures (boycott, suspend or expel developers, refuse to consider as a host for Debconf...) against countries that are perceived by some as "behaving bad" -- as examples related to current events let me just mention Russia and Israel? Discriminating contributors based on their country is not a good idea. Regarding DebConf hosts, there is an additional aspect to it - safety. The city selected to host DebConf should be safe to everyone in our community. - (this is an issue that once hit me personally) should Debian enforce the use of a particular language with respect to gender issues? We should collectively ensure that the language used (not just for gender issues) in all of our communication is welcoming. Anything violating or on the verge of violating CoC is not good for the community as a whole. Gerardo OpenPGP_0xC7EA1BE1574DED5D.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Candidates question: politics and Debian
On 3/10/24 21:06, Thomas Koch wrote: A question to DPL candidates It seems (to me?) that more and more areas of our lives become political and controversies on such topics more aggressive. Or people stop talking with each other. Personally, I believe that there is politics in every aspect of our life. For instance, using or contributing to Debian itself is a political statement. I do not consider Debian to be "just" a technical project, it has its social and political aspects too. How would you as a DPL try to lead a community that focuses on producing a great distribution without getting divided on controversial topics? When there are hundreds of people with clear opinions discussing something, there will definitely be disagreements. What we should focus is how we can agree to disagree and collaborate amicably. We have a good Code of Conduct in place and I would be OK with constructive discussions as long as it does not go in the direction of violating the CoC. About off-topic discussions, minimizing them would be great for everyone and anyone can divert these threads to appropriate lists. Thomas Koch (I hope it's not violating rules to pre-post a question before the campaign period?) OpenPGP_0xC7EA1BE1574DED5D.asc Description: OpenPGP public key OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Debian Project Leader Elections 2024: Call for nominations
On 09/03/24 01:54, Debian Project Secretary - Kurt Roeckx wrote: Hi, According to the constitution (5.2. Appointment), project leader elections should begin "six weeks before the leadership post becomes vacant, or (if it is too late already) immediately." The new project leader term starts on 2024-04-21. The time line looks like: | Period | Start | End | |+-+---| | Nomination | Saturday 2024-03-09 | Friday 2024-03-15 | | Campaign | Saturday 2024-03-16 | Friday 2024-04-05 | | Vote | Saturday 2024-04-06 | Friday 2024-04-19 | Prospective leaders should be familiar with the constitution, but just to review: there's a one week period when interested developers can nominate themselves and announce their platform, followed by a three week period intended for campaigning, followed by two weeks for the election itself. I intend to collect platform statements from the candidates, and publish them athttp://www.debian.org/vote/2024/platforms/ at the end of the nomination period, which means around 2024-03-16. I suggest that the candidates send the platform, preferably in wml or HTML, to the secretary at least a day before the publication date. The format of the web page is open to discussion, but I suggest there be at least three sections: - Introduction / Biography - Major Goal / Meat of the platform - Rebuttal. The candidates can make a rebuttal. I would like to receive them in the first week of the campaign period, so I can publish them around 2024-03-23. Details and results for the vote will be published at: http://www.debian.org/vote/2024/vote_001 Please make sure that nominations are sent to (or cc:'d to) debian-vote, and are cryptographically signed. I would like to nominate myself as DPL candidate. Kurt Roeckx Debian Project Secretary OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Nuance Regarding RMS
On April 1, 2021 4:21:59 PM GMT+05:30, "Barak A. Pearlmutter" wrote: >He makes unwelcome sexual >overtures to women, but backs off when turned down (with perhaps >isolated exceptions decades ago). That's totally inappropriate >behaviour. He seems unable to sense when someone finds him repellent. Not always women at receiving end are able to express their "repellency", especially when the person on other end is at a much higher position (which is the case here). -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Cancel "culture" is a threat to Debian
On April 1, 2021 10:33:02 PM GMT+05:30, Steve McIntyre wrote: >On Thu, Apr 01, 2021 at 07:30:10PM +0300, Sergey B Kirpichev wrote: >>On Thu, Apr 01, 2021 at 05:12:55PM +0100, Steve McIntyre wrote: >>> *No* attempt has been made to sign that open letter on behalf of the >>> project. >> >>https://lists.debian.org/debian-vote/2021/03/msg00061.html >>>8 >>I am sure there is a precedent of a position statement being announced >>without having a formal vote about it, but I cannot find it at the >>moment. >>>8--- >>By DD, yes. >> >>Unfortunaly, this wasn't started in the -private@, so the net will >>remember. > >Sigh. You're reading that totally wrong. Gunnar was talking about >*precedent* here, i.e. thinking that a public statement might have >happened without GR in the past. *NOT* in this particular case. Please >listen to what people are telling you. Also the mentioned mail was a question for DPL candidates on how they will react, not a suggestion to do that. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: "rms-open-letter" choice 3: do not, as the project itself, sign any letter regarding rms
On March 27, 2021 7:15:39 PM GMT+05:30, Ulrike Uhlig wrote: >Hi > >On 27.03.21 14:01, Kurt Roeckx wrote: >> On Sat, Mar 27, 2021 at 01:56:08PM +0100, Timo Weingärtner wrote: >>> 27.03.21 13:03 Kurt Roeckx: I've added this option on the website. I'm still processing emails. Note that it's my interpretation that if changes are accepts that there is no need to second it again. If you don't agree with the changes need to say so, and which point and become the proposer of a new option and need to look for seconds again. Please let me know if there is something that's currently on the website that you don't agree with. >>> >>> The content is fine, maybe the headings could be improved to look >like (as a >>> recent example) in the systemd GR. >> >> I'm not sure what you mean, but I'm not really happy with the >> current wording of the option names. It's up to the one calling >> for vote to suggest the names. But I'm sure that any suggestions >> are welcome. > >If I understand correctly, "Choice 3: Ask Richard Stallman to resign" >could be renamed to Choice 3: "Do not sign the open letter, instead >issue a statement expressing Debian's disapproval and ask RMS to resign > >from his functions at the FSF" - making it clear what this is about? > This title would suit the option. Thanks >I think this is the option proposed by Sruthi, that's why I Cc:ed her >explicitly. > >The page is here: https://www.debian.org/vote/2021/vote_002 > >Cheers! >Ulrike -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Having a "DPL committee"?
On March 27, 2021 12:28:58 AM GMT+05:30, Jonathan Carter wrote: >Hi peb > >On 2021/03/26 20:54, Pierre-Elliott Bécue wrote: >> I wonder in that case if such a person sould be either: >> >> 1. Nominated by the DPL >> 2. Co-elected (ie voting for a couple of people) >> 3. Elected separately on the same time frame (but that could lead to >> issues if the DPL and vice-DPL fail to get along together) > >I was wondering about that too. I saw some DPL candidates in the past >mentioned that they wanted a vice-DPL and iirc even named them already >as part of their platform. I suppose that since this cycle is already >in >progress it probably only leaves #1 as an option for the DPL of the >next >term. > >I'm not sure if Sruthi would be interested in being vice-DPL if I get >elected but I would also be happy to serve as vice-DPL if Sruthi would >be elected. I would be happy with both options. :) > >-Jonathan -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Having a "DPL committee"?
On March 27, 2021 12:25:15 AM GMT+05:30, "Pierre-Elliott Bécue" wrote: >Le samedi 20 mars 2021 à 00:44:52+0530, Sruthi Chandran a écrit : >> >> On 20/03/21 12:31 am, Pierre-Elliott Bécue wrote: >> > The idea was discussed two years ago. Sam chose a range of people >to >> > help him with delegations. >> > >> > Being a DPL is a high-energy thing even when one doesn't try to >"lead" >> > the project /per se/. >> > >> > Do you think the Project should consider the opportunity of trying >to >> > establish more clearly a role of "DPL advisors" who would be >identified >> > as helpers for the DPL and additional entry points for the >> > developers/external people should the need arise? >> > >> > Cheers! >> > >> I definitely think we should have a panel of "DPL advisors/helpers" >to >> help out the DPL. There will definitely be a lot of administrative >stuff >> that can be delegated to the helpers and DPL can concentrate on other >> important activities. >> >> If I become DPL, this would be one of the first things I would be >> working out. > >Thanks Sruthi for your reply! > >What is your opinion about Jonathan's reply regarding the fact that >working on having adapted teams (CT/Trademark) take part of the load in >a way that is not directly tied to the DPL mandate is probably a better >schema on the long run? Having specific teams to deal with specific issues is definitely good. I would go with a hybrid approach, have more specific delegated teams and team of 2/3 people as DPL advisors. I also like the vice-DPL idea and might also consider that. > >Cheers! -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Amendment to GR on RMS rejoining FSF
On March 26, 2021 11:11:16 PM GMT+05:30, "Pierre-Elliott Bécue" wrote: >Hi Sruthi! > >Thanks for this work, it quite fits more what I'd be happy to sponsor! > >Here are a few remarks if you have some time to review and address. > >Le vendredi 26 mars 2021 à 22:45:57+0530, Sruthi Chandran a écrit : >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> >> Dear fellow DDs, >> >> Second the amendment text if acceptable to you :) >> >> Begin text >> >> Under section 4.1.5 of the constitution, the Developers make the >> following statement: >> >> *Debian’s statement on Richard Stallman rejoining the FSF board* >> >> We at Debian are profoundly disappointed to hear of the re-election >of > >Is it an election or nomination? > It seems it is an election based on FSF by laws Article IV [0] https://static.fsf.org/nosvn/fsf-amended-bylaws-current.pdf -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Amendment to GR on RMS rejoining FSF
On 26/03/21 10:45 pm, Sruthi Chandran wrote: > > Dear fellow DDs, > > Second the amendment text if acceptable to you :) > Re-sending with fixed signature and replacing twitter link with gnusocial link. > Begin text > > Under section 4.1.5 of the constitution, the Developers make the > following statement: > > *Debian’s statement on Richard Stallman rejoining the FSF board* > > We at Debian are profoundly disappointed to hear of the re-election of > Richard Stallman to a leadership position at the Free Software > Foundation, after a series of serious accusations of misconduct led to > his resignation as president and board member of the FSF in 2019. > > One crucial factor in making our community more inclusive is to > recognise and reflect when other people are harmed by our > own actions and consider this feedback in future actions. The way > Richard Stallman announced his return to the board unfortunately lacks > any acknowledgement of this kind of thought process. We are deeply > disappointed that the FSF board elected him a board member again despite > no discernible steps were taken > by him to be accountable for, much less make amends for, his past > actions or those who have been harmed by them. Finally, we are also > disturbed by the secretive process of his re-election, and how it was > belately conveyed [0] to FSF’s staff and supporters. > > > We believe this step and how it was communicated sends wrong and hurtful > message and harms the future of the Free Software movement. The goal of > the software freedom movement is to empower all people to control > technology and thereby create a better society for everyone. Free > Software is meant to serve everyone regardless of their age, ability or > disability, gender identity, sex, ethnicity, nationality, religion or > sexual orientation. This requires an inclusive and diverse environment > that welcomes all contributors equally. Debian realises that we > ourselves and the Free Software movement still have to work hard to be > in that place where everyone feels safe and respected to participate in > it in order to fulfil the movement's mission. > > > That is why, we call for his resignation from all FSF bodies. The FSF > needs to seriously reflect on this decision as well as their > decision-making process to prevent similar issues from happening again. > Therefore, in the current situation we see ourselves unable to > collaborate both with the FSF and any other organisation in which > Richard Stallman has a leading position. Instead, we will continue to > work with groups and individuals who foster diversity and equality in > the Free Software movement in order to achieve our joint goal of > empowering all users to control technology. > [0] https://status.fsf.org/notice/3796703 > > Heavily based on: > > [1] https://fsfe.org/news/2021/news-20210324-01.html > > [2] > https://www.eff.org/deeplinks/2021/03/statement-re-election-richard-stallman-fsf-board > > End of text signature.asc Description: OpenPGP digital signature
Amendment to GR on RMS rejoining FSF
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear fellow DDs, Second the amendment text if acceptable to you :) Begin text Under section 4.1.5 of the constitution, the Developers make the following statement: *Debian’s statement on Richard Stallman rejoining the FSF board* We at Debian are profoundly disappointed to hear of the re-election of Richard Stallman to a leadership position at the Free Software Foundation, after a series of serious accusations of misconduct led to his resignation as president and board member of the FSF in 2019. One crucial factor in making our community more inclusive is to recognise and reflect when other people are harmed by our own actions and consider this feedback in future actions. The way Richard Stallman announced his return to the board unfortunately lacks any acknowledgement of this kind of thought process. We are deeply disappointed that the FSF board elected him a board member again despite no discernible steps were taken by him to be accountable for, much less make amends for, his past actions or those who have been harmed by them. Finally, we are also disturbed by the secretive process of his re-election, and how it was belately conveyed [0] to FSF’s staff and supporters. We believe this step and how it was communicated sends wrong and hurtful message and harms the future of the Free Software movement. The goal of the software freedom movement is to empower all people to control technology and thereby create a better society for everyone. Free Software is meant to serve everyone regardless of their age, ability or disability, gender identity, sex, ethnicity, nationality, religion or sexual orientation. This requires an inclusive and diverse environment that welcomes all contributors equally. Debian realises that we ourselves and the Free Software movement still have to work hard to be in that place where everyone feels safe and respected to participate in it in order to fulfil the movement's mission. That is why, we call for his resignation from all FSF bodies. The FSF needs to seriously reflect on this decision as well as their decision-making process to prevent similar issues from happening again. Therefore, in the current situation we see ourselves unable to collaborate both with the FSF and any other organisation in which Richard Stallman has a leading position. Instead, we will continue to work with groups and individuals who foster diversity and equality in the Free Software movement in order to achieve our joint goal of empowering all users to control technology. [0] https://twitter.com/fsf/status/1374399897558917128 Heavily based on: [1] https://fsfe.org/news/2021/news-20210324-01.html [2] https://www.eff.org/deeplinks/2021/03/statement-re-election-richard-stallman-fsf-board End of text -BEGIN PGP SIGNATURE- iQGzBAEBCAAdFiEEcd3Fxr6GmkZB13n+x+ob4VdN7V0FAmBeFsYACgkQx+ob4VdN 7V3tmAwAlZwiOa2AoL6J6588YZCSpMBJkB+XK8oF1e1aDM6YNWdnL9dCu1t+KcHH jtEdyk65+V6oe05eZhmzBS0LvNCpRY7V9puSP82AdJsNQUXZJGRtEplqIyAlKdjY OK4r90hkUdWDGx4/EXbN/JU81qqBnTClkVnyH38RxX0tpzxjRFkbn89pviR68BGh AojAAuAnS5mLAazGHx9lv8e50rXyKwwT679Ra+yOkY46PvVK1Mm6+TqhkcF5qY4T CJdGurfDLBftWNVTpAnR82M+T4aeSeJj7Gg6ncpL5wqoSLZ2UUiUt4J/t7XhKFf8 Xnk9Qw6aj+Ud4qdQDEjiEUlqF/8mRiNKQlEMvsPR+fLkXfD3+d2CultUZJIzt6lM eGJcW8gisR+wpeLvUNqWCy8QS8n25aCu5c12dgl0KppqLebp6snF+PbEcywxp5EE pKu1I5Isp/DWu7XRJ8kIwSMEh2yga3C7FJtvWym7E4nVu0GA2T8hcSozlAiEg2U6 ggm9gR8r =I8Kp -END PGP SIGNATURE-
Re: General resolution: ratify https://github.com/rms-open-letter/rms-open-letter.github.io
On 26/03/21 2:00 am, Sam Hartman wrote: >>>>>> "Sruthi" == Sruthi Chandran writes: > Sruthi> I propose that instead of signing the said letter, Debian > Sruthi> issue a position statement. The text of the statement is > Sruthi> adapted from the statements by FSFE and EFF. > > Sruthi> Text of GR > > Sruthi> Release a position statement with the following text. > > Can you please propose as an amendment to Steve's GR rather than as a > separate GR? > I'd rather have two ballot options than two separate votes. > > Also, we generally include the constitutional section (4.1.5) under > which we're acting in a GR. > See Sean's message as an example how to do this. > > Sruthi> One crucial factor in making our community more inclusive is > Sruthi> to recognise and reflect when other people are offended or > Sruthi> harmed by our own actions and consider this feedback in > > Would you be willing to drop the word offended from the above? > > I think that focusing on offense rather than harm detracts from the > power of the progressive agenda and of moving for social justice. > It's not about political correctness or a bunch of people running around > with sensitive natures taking offense at whatever they can. > It's about recognizing the pain others are feeling, developing empathy > with them, and working to reduce that pain and foster respect. > > Making it about offense gives people who disagree with social justice > work an easy way to trivialize what we're doing. > > --Sam Sam, Thanks for the pointers. Will update accordingly. signature.asc Description: OpenPGP digital signature
Re: Willingness to share a position statement?
On 26/03/21 1:46 am, Sean Whitton wrote: > Hello Martin, > > On Thu 25 Mar 2021 at 06:15PM +01, Martin Pitt wrote: > >> As this is is a highly political, divisive, and personal topic, not a >> technical one, I'd really hope that this would be a secret vote, much >> like the Debian leader voting? > It's not technical indeed, but I think it would be a mistake to think > that what is going on here is only general political activism. Rather, > this is about the leadership of a /particular/ political movement, the > free software movement, and there can't really be any doubt that Debian > is a part of /that/ movement. > +1 signature.asc Description: OpenPGP digital signature
Re: General resolution: ratify https://github.com/rms-open-letter/rms-open-letter.github.io
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 26/03/21 12:47 am, Russ Allbery wrote: > Sruthi Chandran writes: > >> I have an alternate suggestion. Instead of signing the said letter, >> Debian can issue a position statement similar to the one released by FSF >> Europe. [1] > >> Will share the amended text if this idea has supporters. > >> [1] https://fsfe.org/news/2021/news-20210324-01.html > > I'm comfortable with Debian signing the original letter, but as an > organizational statement, I think I like this one somewhat better. I > think an organization should try to express what that organization itself > is going to do, and this seems clearer on that point. (Personal > statements are a bit different.) > > The EFF statement is also worth reviewing: > > https://www.eff.org/deeplinks/2021/03/statement-re-election-richard-stallman-fsf-board > > but I think Debian's relationship with the FSF is closer to that of FSFE > than the EFF, so their statement feels a bit more on point for us. > > Thank you for raising this, Sruthi! I hadn't seen the FSFE's statement > before your message. > I propose that instead of signing the said letter, Debian issue a position statement. The text of the statement is adapted from the statements by FSFE and EFF. Text of GR Release a position statement with the following text. *Debian’s statement on Richard Stallman rejoining the FSF board* We at Debian are profoundly disappointed to hear of the re-election of Richard Stallman to a leadership position at the Free Software Foundation, after a series of serious accusations of misconduct led to his resignation as president and board member of the FSF in 2019. We are also disappointed that this was done despite no discernible steps taken by him to be accountable for, much less make amends for, his past actions or those who have been harmed by them. Finally, we are also disturbed by the secretive process of his re-election, and how it was belately conveyed [0] to FSF’s staff and supporters. We believe this step and how it was communicated sends wrong and hurtful message and harms the future of the Free Software movement. The goal of the software freedom movement is to empower all people to control technology and thereby create a better society for everyone. Free Software is meant to serve everyone regardless of their age, ability or disability, gender identity, sex, ethnicity, nationality, religion or sexual orientation. This requires an inclusive and diverse environment that welcomes all contributors equally. Debian realises that we ourselves and the Free Software movement still have to work hard to be in that place where everyone feels safe and respected to participate in it in order to fulfil the movement's mission. One crucial factor in making our community more inclusive is to recognise and reflect when other people are offended or harmed by our own actions and consider this feedback in future actions. The way Richard Stallman announced his return to the board unfortunately lacks any acknowledgement of this kind of thought process, and we are deeply disappointed that the FSF board did not address these concerns before electing him a board member again. Overall, we feel the current step sends the wrong signal to existing and future community members. That is why, we call for his resignation from all FSF bodies. The FSF needs to seriously reflect on this decision as well as their decision-making process to prevent similar issues from happening again. Therefore, in the current situation we see ourselves unable to collaborate both with the FSF and any other organisation in which Richard Stallman has a leading position. Instead, we will continue to work with groups and individuals who foster diversity and equality in the Free Software movement in order to achieve our joint goal of empowering all users to control technology. [0] https://twitter.com/fsf/status/1374399897558917128 Based on: [1] https://fsfe.org/news/2021/news-20210324-01.html [2] https://www.eff.org/deeplinks/2021/03/statement-re-election-richard-stallman-fsf-board End Text of GR -BEGIN PGP SIGNATURE- iQGzBAEBCAAdFiEEcd3Fxr6GmkZB13n+x+ob4VdN7V0FAmBc6nYACgkQx+ob4VdN 7V2DyQv9E5MtX9OIf+RN0a1jy6qk3pl4tvwWeaJQ4h7HiNsXeWT8oWK+REXBwPy/ GZJ5Q2ymmnRMOU70wCEF3a5KNVa0caVHl/5rHCD5+WR4lN8qbKoi4vDo6U9TkfGX p9Mim30+VEvKHbOG2K0AHwUjGbgGY63S5q2isGcXf2CQIL3ylIPChV9gk65k9QPg veENNfjac1xL5tkjIX/ekstgJDbpfHmixFJqieazkdFd0rzT7sK6P8zoAsJ1KIbs mK4SlEA4WJ/3OOdPFHPjE5iVg8iBXixEq8XHtKZ2HY7Ljxw6yjksOpZlbUdrlVEm mCgzRb6mnv8ZUWo3i7nxtzPpwDCw7LBjRxlpfs17VBdzRptQ9BQgxAN1sU5P9ebq H/dTTfPhpbmJvwx2cD1UsJIj967pXx1TrOju31ZNBlc+bDx5lGcywljU6Sr/tpYS ir2UIHyDdcLDeaPaXURww5J+/wIt81SR0lqO65h9ZEzGMgTNuDku9o/pGlazpOce cKNEIfKL =ZeE4 -END PGP SIGNATURE-
Re: General resolution: ratify https://github.com/rms-open-letter/rms-open-letter.github.io
On March 25, 2021 2:24:16 AM GMT+05:30, Steve Langasek wrote: >Under 4.1.5 of the Constitution, the developers by way of GR are the >body >who has the power to issue nontechnical statements. > >https://github.com/rms-open-letter/rms-open-letter.github.io/blob/main/index.md >is a statement which I believe Debian as a project, and not just >individual >Debian developers, should consider signing on to. > >This is a proposal for Debian to sign on to the statement, by adopting >the >text from that open letter via GR. > I have an alternate suggestion. Instead of signing the said letter, Debian can issue a position statement similar to the one released by FSF Europe. [1] Will share the amended text if this idea has supporters. [1] https://fsfe.org/news/2021/news-20210324-01.html -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: diversity
On 23/03/21 2:41 pm, Bart Martens wrote: > Hello DPL candidates, > > A question about diversity. We all know that some profiles are > underrepresented: gender, etnic group, disability, age, sexual preference, > education degree, rich/poor, spoken & written languages... > > 1/ One way of addressing this, is actively BENEFIT the underrepresented > profiles. Positive discriminiation is needed, at least to get over an initial > resistance. Put diversity in the spotlights, to speed up improvement. I define positive discrimination as giving special attention to people from under-represented groups while not turning down people from other groups. So I am in support for positive discrimination. Putting diversity in the spotlight is a necessary step. We should have special initiatives and activities focusing on having the under-represented groups contribute to Debian. Debian-women project is a good example for this approach and we seem to have got quite significant result till it became dormant. I have mentioned some of the actions I plan to do in this regard in my platform. I plan to have a delegated team focusing on diversity and also to have a streamlined diversity budget allocation and utilization. I also plan to have some outreach activities specifically in collaboration with diversity and local teams to ensure more exposure for under-represented groups. Also may be a diversity MiniDC similar to MiniDC women we had sometime ago? > > 2/ Another way is active NEUTRALITY treating everyone alike. No > discrimination, > positive nor negative. Make room for diversity to evolve. Diversity > matters, although in the shadow of free software. I feel this was Debian's approach till now. The result of this approach is usually very slow. I feel we should experiment a change of approach. > 3/ ... ? 3/ Highlighting the existing diversity within the project. This will showcase the inclusivity of the project. This approach will encourage more diverse people to contribute. In my opinion more diverse people should come forward in mainstream/spotlight into leadership/other notable positions. With my DPL candidature, I want to bring to the table my ethnicity and gender. > > Now the QUESTION ---> What is your view on this? Your preferred approach? What > is the priority of diversity? Practical action points, how to measure > progress? For me diversity has quite high priority (if not the highest), I would dedicate my term as DPL for diversity. A structured analysis to measure the progress is also part of my plan for diversity. > Best regards, > > Bart > signature.asc Description: OpenPGP digital signature
Re: Willingness to share a position statement?
On 24/03/21 4:26 am, Gunnar Wolf wrote: > Hello, > > I hope not to be too inflamatory with this. As you are surely aware, > last week Richard Stallman was reinstated as part of the Board of > Directors of the FSF. That is something deeply disturbing and > confidence-shattering for many of us. > > Some people have moved to action -- if nothing more, at least to > express they are disgusted with the turn of events, and to say the > organizations they represent believe it to be detrimental to the FSF's > own image and projection into the future. Particularly, I mean the > following two pages, of very different nature: > > https://opensource.org/OSI_Response > https://rms-open-letter.github.io/ > > Now, as for my question: I thought repeatedly over the last couple of > days whether to start something like this in Debian... But, what would > it take for the project to issue a statement in this line? Would we > have to pass a GR? > > I am sure there is a precedent of a position statement being announced > without having a formal vote about it, but I cannot find it at the > moment. Sruthi, Jonathan: What is your take on this? If you were a DPL > today, would you feel OK issuing a position statement on behalf of the > project? In this particular instance, I personally agree with your views and I believe Debian should have a position statement. I think for position statements, we should have a GR and if I was a DPL, I would have proposed one by now. If there is a possibility to issue a statement without a formal vote, I would have initiated an initial discussion on -private and went ahead with a short statement first and a detailed version after the GR. > ... > (And yes, with this I am probably forcing you to disclose a position > on the subject... I'm sorry for that. But I think that, as a candidate > for the DPL position, knowing your position on the issue also makes > sense) I am more than happy to share my position on this. :) signature.asc Description: OpenPGP digital signature
Re: Willingness to share a position statement?
On 24/03/21 5:52 am, Matthias Klumpp wrote: > No human can do anything that makes them immune to criticism. This is > not a matter of hate, I actually doubt anyone who signed the petition > really "hates" RMS. > RMS without a doubt did a lot of good with starting the FSF and his > early work on Free Software and we owe him thanks for this, but he > *also* inflicted a lot of damage on his own organization, hurt a lot > of people, has shown to be unable to learn from mistakes and empathise > with people. There are a lot of examples of behavior that pretty much > everyone should deem inacceptable. > > So, even though RMS has done good things, he also is in a way the > worst person to have a leading role in the FSF. Think about the signal > we send if we as a community are okay with a person openly debating > whether sex with children is okay in a leading role at the top of the > organization that's promoting software freedom. I also very much > question whether his strong technical influence on GNU projects is a > good thing (he did in fact revert community-made decisions in the > past). > > It is also not like this issue is a new thing. He knows about his > behavior, has been told about it time and time again, and doesn't seem > to have any sensitivity at all as to how his actions and words impact > other people and reflect on his organization. Furthermore, the FSF > board itself, by putting him in a leading role again, also does seem > insensitive about that. > If you are just a guy with an opinion on the internet, the situation > *may* be different (but one could argue against that too), but if you > are in any position of leadership you have to be held accountable for > your actions and words and have to reflect on them. In other words, be > a good leader. RMS failed at that (and arguably as a human) and he > should be held accountable for his decisions. That hasn't happened, > really, and if it doesn't happen we are in a way saying that we don't > care if someone at the top of an organization misbehaves. > ... > It's not like it's a call to silence him forever. It is however a call > to remove him from a position he appears to be unfit for. Inclusivity > and tolerance does not mean we have to accept every opinion as equally > valid. +1 I think I could not have worded my thoughts better. > Cheers, >Matthias > signature.asc Description: OpenPGP digital signature
Re: How to leverage money to accomplish high impact Debian projects
On 19/03/21 3:59 pm, Enrico Zini wrote: > On Thu, Mar 18, 2021 at 09:16:15PM +0200, Jonathan Carter wrote: > >> I don't think that lack of interest is the problem here, but I do think >> that Debian contributors tend to be already starved for time, and trying >> to get them to do more is like trying to tap water out of an empty well. >> For some, a financial incentive might work if they're not currently >> working full time, and especially if they need money, but the median >> Debian developer seem capable of sustaining themselves reasonably well. > Thinking at how we set our bar for membership in building a reputation > within the project, I imagine we implicitly select people who are able > to sustain themselves reasonably well without Debian's help. > > I'm not sure it's something I'd want to change. I see being an employer > as a radically different thing than being a volunteer-based project. > In practice, I see more than these two options. > > On the "employer" side, our ecosystem does include employers who pay > people to do Debian-related work. While Debian Developer's bills are > currently mostly outside of what Debian can or wants to worry about, the > Debian ecosystem does include the possibility of doing Debian work and > having bills paid. > > There is also a "contractor" side: without developing the infrastructure > to hire people ourselves, we are able to (and do) contract employers (or > self-employed people) to do things we need. > > I'm writing this to suggest that although we can't (and probably > shouldn't) take responsibility for Developers' bills, we could have some > limited level of control over the financial angle which we might decide > to use, to encourage our community to develop towards specific strategic > directions we might care about. > > For example, on the 'employer' side: > > - Are the possibilities of making a living with Debian work available >enough and advertised enough? No! > - While not hiring pepole directly, could Debian encourage Debian as a >professional career? Yes! > - Could (and do we want to) offer infrastructure for that? For example: > - a channel for employers active in Debian's ecosystem to post job > offers > - a channel for advertising Debian contributions that happen during > paid time of some employer > - a list of important that are currently not getting solved, and > that an employer might want to pick up, and get credit for Yes! > > And on the 'contractor' side: > > - Are the possibilities of contracting external work exploited enough? No! > - Are they clear enough? No! > - Do we need some procurement guidelines? Yes! > - Do we need procurement know-how and support? (I sometimes have >problems for which I could use external help, but I don't know how to >find and choose a professional that provides it). Yes! > > I'm not expecting you and Sruthi to answer these questions now: I think > that questions to prospective DPLs should be more about vision. > > To turn this all into an actual question: should Debian consider things > like that to be within its problem space? Yes, definitely. Debian should always remain a voluntary project, but there is nothing wrong in facilitating paid work. I believe this will in fact encourage diversity and we will be able to attract people who could not dedicate time just because of monetary constraints. > > If all goes well and you have a magic wand and everything, how do you > see the Debian ecosystem dealing with money problems a few years into > the future? If I have a magic wand, I will have a system of streamlined income and expenditure. Leaving behind a fixed deposit of amount necessary to run Debian for a 5 years, everything else would be spent on projects, hardware, events and activities benefiting the project as a whole. When it is safe to have in-person events, personally I would look forward to funding more and more local Debian events. While the expenditure is happening at one end, there will be attention on getting enough donation to keep these activities in the future years too. Phil's idea of allocating per head budget for DDs which can be pooled together to fund projects etc will definitely be explored. Another approach I would try is drafting out a "budget plan" allocating pre-approved amounts to various teams/projects which does not need further approval from DPL. The "budget plan" can be prepared based on the proposals received from the community. signature.asc Description: OpenPGP digital signature
Re: How can we make Debian packaging more standardised?
On 19/03/21 11:35 pm, Louis-Philippe Véronneau wrote: > Dear DPL candidates, > > In becoming a DD, one of the main challenges I faced was the absence of > a standard way to package software in Debian. > > I've since seen first hand how having a very large number of ways to > package things in Debian confuse and ultimately discourage people that > would otherwise have been interested in joining the project. > > One of the reasons I like team-maintained packages is teams often have a > single packaging standard. Sadly, each team has their own way of doing > things and working in multiple teams means working with multiple > "standards". > > If you were elected as DPL, what would you do about this? Sam Hartman > tried to lead discussions on using git, but sadly it seems it didn't > yield anything tangible. For a person who started packaging font and then moved to node, ruby and finally golang, I can completely understand your point you are making. But as I mentioned in one of my replies earlier, I do not think DPL should be spearheading technical changes. The changes and discussions like this can be initiated by any one of us. If I become the DPL, I might not be leading the discussion, but will definitely support the discussion. > I understand change is never easy and often disrupts people, but I think > we should be striving for a more cohesive packaging ecosystem. > > Even if we don't ultimately enforce it, being able to point people an > officially recommended way to create packages in Debian would be a large > step forward. > > Cheers, > signature.asc Description: OpenPGP digital signature
Re: Having a "DPL committee"?
On 20/03/21 12:31 am, Pierre-Elliott Bécue wrote: > The idea was discussed two years ago. Sam chose a range of people to > help him with delegations. > > Being a DPL is a high-energy thing even when one doesn't try to "lead" > the project /per se/. > > Do you think the Project should consider the opportunity of trying to > establish more clearly a role of "DPL advisors" who would be identified > as helpers for the DPL and additional entry points for the > developers/external people should the need arise? > > Cheers! > I definitely think we should have a panel of "DPL advisors/helpers" to help out the DPL. There will definitely be a lot of administrative stuff that can be delegated to the helpers and DPL can concentrate on other important activities. If I become DPL, this would be one of the first things I would be working out. signature.asc Description: OpenPGP digital signature
Re: How to leverage money to accomplish high impact Debian projects
On 19/03/21 1:14 am, Philip Hands wrote: > ... > Could it be that people are being protective of their motivation? I agree with this point. Not all want money as their motivation. > ... > I've been pondering how it might be possible to spend more of Debian's > money, and it occurred to me that we could allocate a budget to each DD > which they could spend on pretty-much anything (as long as, for Debian > funds, the expenditure is allowed under the relevant non-profit > restrictions that apply to the funds that we hold -- you could apply > your own criteria of course). > > That way you get to take advantage of the wisdom of the crowd, since > people in various areas of Debian are bound to know about things that > have been left undone for years or decades, that some targeted funding > would almost certainly sort out once and for all. > > You'd probably want to have some sort of oversight (e.g. some ex-DPLs) > just to ensure that the madder ideas get filtered out, but if you ask > people to only suggest ideas that they'd want to spend their own money > on if they had it to spare, that should ensure that most people don't > get too silly. > > Also, one could say that the people suggesting the project should not be > the beneficiary, and should write some sort of report indicating how > well it went before they would get any new budget allocated. People > that had thought of funding things that turned out to be successful > could then be given larger budgets to play with in future. > > Encouraging people to pool their budgets to fund bigger things would > hopefully result in them forming teams of mentors to oversee the work. > > Cheers, Phil. This sounds like a good plan to me. We should have serious discussion on this. signature.asc Description: OpenPGP digital signature
Re: Should the project hire one or two persons to help the DPL?
On 19/03/21 3:08 pm, Raphael Hertzog wrote: > Hello, > > as a followup to my former question that dressed a negative picture > of the DPL role in the last years, I'd like to make a proposal and > see what you all think of it. > > There are quite a few software projects that have hired staff to help > smooth the internal working of organizations, I know at least of Django > with its fellowship program: > https://www.djangoproject.com/fundraising/#fellowship-program > > The current resources of Debian means that we can confidently hire at least > one or two fellows that would work under the direction of the DPL > and not be in troubles for many years. > > IMO this would go a long way to fix the current problems of the DPL role: > > * it means that the DPL can organize the administrative work so that > it ends up on the shoulders of paid staff, and the DPL can take a more > active role in leading > > * it means that the DPL can direct workforce in areas where they believe > work is needed (like good documentation for beginners, like coordinating > with a contractor to have a good introductory video or better looking > website, like finding useful projects to submit for funding to Freexian > ;-)) > > * and due to the former point, I expect we would have more candidates in > the future > > I'm sure there are also downsides to hiring staff, but at some point, > if we want to make the DPL job enjoyable and interesting for most of us, > we need to do something about it. > > To the DPL candidates, if you are elected, will you consider this idea? I do not think this is a good idea. This again brings back to the rehashed argument whether Debian should pay some people and let others work as volunteers. Paying even a couple of people will discourage others. The complete volunteer nature of Debian is one of the important and attractive point that makes Debian different from other distros. I have a different suggestion. We can create a couple of delegated administrative roles who can help DPL function smoothly. (I think something similar was experimented with delegating a 2nd In-Command. I have just heard about it, do not know the history of how that worked out, was it successful etc.). If I am elected, I will definitely consider delegating a couple of people to assist me. > To the other DD, would you second a GR to allow the DPL to hire one > or two persons to help him lead the project? What kind of safeguards would > be needed? > > Cheesr, signature.asc Description: OpenPGP digital signature
Re: What changes do you want in Debian?
On 19/03/21 2:43 pm, Raphael Hertzog wrote: > Dear Debian DPL candidates, > > when I look back at my old platforms[1][2]3] I can already see a trend > where we move from "concrete changes that we want to see in Debian" to > "some vague idea of how we want to run the project" but this trend seems > to have continued and amplified to the point that this year none of the > platforms speak of any change that would affect something in how we build > our operating system or how we collaborate together or of how we > envision our role in the free software ecosystem! > > All the topics are around Debian (how we recruit, how we handle the > money) but I see no desire to lead Debian in any direction and I find this > particularly sad. The election time used to be a very active period where > we would confront our ideas for the future, but this has fallen short > as can be witnessed from the low-activity right now in debian-vote > and as can be seen by the small number of candidates. > > We're at the point where we congratulate ourselves because someone stepped > up to be DPL and we're happy that the process has not yet stopped working > entirely. > > With that said, there could be many questions to be asked but I will > concentrate on three: > > 1/ Why have you all given up on the idea to lead Debian? It seems >to me that you are happy with the DPL being a super-intendant >and nothing more. Even when the name of the position says Leader, I believe DPL should not be a leader in the literal sense. DPL definitely takes decisions and takes stands on behalf of Debian, but still DPL should always be a reflection of the Debian community as a whole. I see position of DPL more as a face of Debian rather than a person who brings about revolution. > > 2/ What changes would you like to see happen in Debian? Say >your top 3 (or 5 if you are motivated) things that you would change if >you could do them with some magic. I will list out some key changes I would do if I got magic powers ;) * Make Debian diverse. * No flame wars: Constructive discussions does not need to escalate to flame wars. The amount of time and energy wasted in these flame wars can do wonders for the project. * Make more people passionate about Debian and start contributing. You might observe that all my changes are social/community changes and none are technical. That is because I believe DPL should be the person dealing with the social/community aspects of Debian and technical aspects should be taken care by Debian as a whole. > 3/ There seems to be some consensus that we should be better at embracing >changes. But what can we do to be better at this? More discussions. I know we already did and do a lot of discussions. But when I mean discussions, I mean discussions that lead to conclusion. Each and every person will have some or the other suggestion for change. My approach would be to divide things into different areas and collect proposals for process improvement from the community. We can discuss and reach conclusions. I know I will not be able to address every aspect with this approach. So I would enlist help from a few interested people to work with me. > > Cheers, > > [1] https://www.debian.org/vote/2002/platforms/raphael > [2] https://www.debian.org/vote/2007/platforms/hertzog > [3] https://www.debian.org/vote/2008/platforms/hertzog signature.asc Description: OpenPGP digital signature
Re: How to leverage money to accomplish high impact Debian projects
On 18/03/21 11:16 pm, Raphael Hertzog wrote: > Dear DPL candidates, > > when I was younger, I dreamed to be paid to do Debian work. But that was > not possible, and that's the reason why I started my own company Freexian > 16 years ago. Through those years I always kept this goal in mind (it's > part of my personal mission statement for Freexian). Some of my Debian work is sponsored by Gitlab and I am happy that I can dedicate my whole time to Debian without having to worry about earning a living. So I can understand your thought process. > Now thanks to the success of the Debian LTS sponsorship and of the > numerous companies that understand the importance of giving back to > Debian, Freexian is in the position to pay some people to do useful Debian > work. We formalized this with a mechanism to propose projects to be > funded: > https://salsa.debian.org/freexian-team/project-funding/ > > I announced this on debian-project[1] and on Planet Debian[2] a while ago. > But at this point, we have only funded a single project[3], leaving us > with more than 25 KEUR available for further projects. This sounds like a good idea from which both our community and Debian as a project can benefit. > > I did not expect this lack of interest... if I were not running Freexian, > I would have proposed projects out of the long list of distro-tracker > wishlist bugs... I enjoy working on this project and I wish I had more > time for it. > > 1/ How do you explain this lack of interest? > > I have read recently from other Debian members that they have a feeling > that Debian is stagnating, and I share that feeling to some degree. If we > had plans and motivated people, surely some of those would have stepped up > to implement them in exchange of some remuneration. Do you share that > feeling too? I am not sure this is lack of interest. As mentioned by some of the replies already, not all who contribute to Debian are looking for monetary benefit. But yes, there are people who would be happy to receive some monetary compensation to balance out their work. A bit more publicity might help here. As Jonathan mentioned, mentioning in miniDCs etc would help reach out to wider audience, mostly new comers (who might need the monetary benefit the most). > 2/ I really want this initiative to be successful so I'm now looking into > ways to make it work. I'm considering paying someone to identify useful > projects. That person could talk to various teams, make proposals based on > their own experience, and even run a poll among Debian developers. The > idea is that we want to find high-impact projects that can help Debian get > out of this "stagnation". > > What do you think of this idea? > > I'm considering past DPLs for this role as they have a broad knowledge of > the project and usually also some vision for the future. But I'm open to > anyone than can convince me they would do a good job for this. :-) This is a good initiative that I also believe should succeed. One person working on identifying high impact projects sounds good, but being said that, I do not think we can find a perfect way to work out things during this election discussion. We can either have further discussions on this topic (may be at -devel or -project) or you can go ahead with the experiment and see where it goes. > 3/ While the DPL can't spend Debian's money to pay people, the funds > available in Freexian's reserve have been clearly earmarked in this > direction by the LTS sponsors. > > Do you think the DPL should be able to propose projects that would be > funded through this initiative, so that DPLs can have a bit more impact in > areas where they want to improve the current situation? I do not think this will be a good idea. DPL suggesting projects or people to be paid will not go well. While I strongly believe that there should be options for people to earn living by contributing to Debian, Debian and DPL should not be involved directly with those activities. > Sorry for the hard questions and thanks for the time you spend for > Debian. :-) > > The election is always a period where we look back a bit and think of > bigger changes, so even if those questions are meant for the prospective > DPL, I welcome feedback from everybody really. > > Cheers, > > [1] https://lists.debian.org/debian-project/2020/11/msg2.html > [2] > https://raphaelhertzog.com/2020/12/14/funding-debian-development-projects-with-freexian-first-project-received/ > [3] https://salsa.debian.org/freexian-team/project-funding/-/issues/4 signature.asc Description: OpenPGP digital signature
Re: Debian Project Leader Elections 2021: Call for nominations
On March 13, 2021 10:33:32 AM GMT+05:30, Sruthi Chandran wrote: > > >On March 7, 2021 1:09:44 AM GMT+05:30, Debian Project Secretary - Kurt >Roeckx wrote: >... >>The new project leader term starts on 2021-04-21. The time line >>looks like: >> >>| Period | Start | End | >>|+---+-| >>| Nomination | Sunday 2021-03-07 | Saturday 2021-03-13 | > >I would like to nominate myself for the Debian Project Leader election >2021. Resending with signature. Thanks David :) -- Sent from my Android device with K-9 Mail. Please excuse my brevity. signature.asc Description: PGP signature
Re: Debian Project Leader Elections 2021: Call for nominations
On March 7, 2021 1:09:44 AM GMT+05:30, Debian Project Secretary - Kurt Roeckx wrote: ... >The new project leader term starts on 2021-04-21. The time line >looks like: > >| Period | Start | End | >|+---+-| >| Nomination | Sunday 2021-03-07 | Saturday 2021-03-13 | I would like to nominate myself for the Debian Project Leader election 2021. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Question to Jonathan & Brian: Diversity in Debian
Hello Jonathan and Brian, I have a couple of questions for both of you. - What are your thoughts on diversity in Debian? - Are we diverse enough? signature.asc Description: OpenPGP digital signature
Re: Q to all candidates: NEW queue
On 26/03/20 1:03 pm, Lucas Nussbaum wrote: > Hi, > > For as long as I can remember, there has been complaints about the > delays caused by NEW processing (and > https://ftp-master.debian.org/stat.html shows that we constantly have > 250-300 packages waiting to be processed). > > What is your diagnostic of this issue? > What solutions do you envision about this issue? Is that just something > that we have to live with? Delays in NEW processing is something I am concerned personally. I assume manpower is the main issue in these delays. One thing is sure, more people we have looking into NEW queue, faster the process would be. The call for FTP-trainees which happened recently is a good start (I have applied to be an FTP-trainee). I would suggest that there should be regular induction of new people to FTP-team and growing the team so that there is no shortage of active people working on NEW queue at any time. I am also aware of some alternative solutions/technical workflows being proposed for NEW processing in -devel. I do not have any clear cut solution as of now, but as DPL I would definitely encourage discussions on this topic and come up a solution acceptable for both FTP-team and package maintainers. > > Specifically, Jonathan writes that he would like to "Reduce bottlenecks > that affect our contributors.". That sounds like a good example. > > > Personnally, I wonder if we are being overly cautious about NEW. I > wonder if we could move to checking a posteriori (accept the package in > unstable; maybe don't let it migrate to testing until it is reviewed). I personally had a couple of packages which had some overlooked copyright issues that FTP-team pointed out. I do believe the work done by the team is important for the project, circumventing that may not be a good option. As I mentioned earlier, we should come up with solving manpower issues and ways to simplify the work of FTP-team instead. > Lucas > signature.asc Description: OpenPGP digital signature
Re: Question to all: Outreach
On 18/03/20 4:06 pm, Ulrike Uhlig wrote: > Hi! > > @JonathanCarter: thank you very much for encouraging us to continue this > discussion here :) > ... > Agreed. > > @Adrian: I think you should read up on the Flosspols study [1] and > especially about the time women and men can put into free software, and > the age at which they get involved. Good reference. > ... > The fact that we don't know this might hint at the need of having a > feedback process for Outreach in Debian. > > This process could cover: > > - Did their mentor introduce them to Debian processes, mailinglists, > other Debian Developers, teams, tools? > - Do they feel they are now independent with regards to Debian work? > - Do they want to continue contributing to Debian? If no, what would > they need, what are they missing? > - What can the Debian Outreach do better in the next rounds? > > and much more.. Happy to help working out such a process with the > current Outreach coordinators in Debian. > > Having such a feedback process could ensure that the money Debian spends > on Outreachy is well used. This is a great idea and it is time we go ahead with this. I would be definitely more than happy to work with you on this idea, irrespective of whether I become DPL or not. signature.asc Description: OpenPGP digital signature
Re: Question to all: Outreach
On 18/03/20 3:05 pm, Martin Michlmayr wrote: > * John Paul Adrian Glaubitz [2020-03-18 10:26]: >>> As a former Outreachy intern myself (2015) I can tell you that it the >>> stipend has helped me to invest time to find my way around Debian, time >>> during which otherwise I would have had to earn a living elsewhere and >>> would never have gotten involved further with Debian. >> With all due respect, but I find this a bit pretentious. The vast >> majority of people who are getting involved with open source are >> initially not being paid for that. > That reminds me of a remark I made recently when talking about > Outreachy in the context of Debian. First, I should say that I agree > with Ulrike that some people won't be able to spend time learning > about FOSS if they are not paid through a stipend. Just think of > people in Asia or Africa who don't have the luxury of "spare time" we > in the west often have. In India, non-male free software contributors are kind of very low. Wherever you are, the gender ratio is horribly screwed in Free Software, I do not think it is has to do anything with having luxury of "spare time" or not. signature.asc Description: OpenPGP digital signature
Re: Question to all: Outreach
On 17/03/20 10:02 pm, Hector Oron wrote: > Hello, > > First of all, thanks for nominating yourselves to Debian project leaders. > > Debian Outreach looks like an awesome initiative to bring new blood > into Debian and also people coming from minority groups, however, on > the other hand, it has been a quite expensive to run for the real > benefit provided to Debian project. Reading the delegation text: > https://lists.debian.org/debian-devel-announce/2019/03/msg00011.html. > I find 2 out of 3 team coordinators are not Debian > contributors/developers, and the other seems to be inactive. > > Q: How do you feel on having non-Debian contributors/developers > being DPL delegates? I am not very comfortable with the non-Debian members as DPL delegates and also representing Debian to the outside world. The efforts of everyone who contributes to Debian is valuable, but I think when it comes to the Outreach team, they are in fact representing official Debian project. In such a scenario I would definitely prefer Debian members. As a project we should be able to address this. Either we would have to find Debian members to be the coordinators or existing coordinators could explore the possibility of becoming Debian members. To be honest, if I become DPL, I would not be comfortable delegating to people who are not Debian members. > Q: Do you see any flaws on the current Outreach setup? If so, how > would you address them? Yes, I would not say the current Outreach setup is without flaws. I am aware that we do get some regular contributors through Outreachy, but we need to revisit and check what is the expense to return ratio. We need to have a better feedback loop as to if we are not able to retain contributors after the Outreachy period, where we are going wrong and what we can do to improve this. As mentioned in my platform, I am running for DPL primarily with "Diversity" in focus. So if I become DPL, I would definitely take it on personally to analyze Outreachy/diversity budget and efficiency. Even when I advocate for diversity, doing things and spending money in the name of diversity with no returns is not something I support. Right now I do not have a perfect picture about the current scenario, but this would be one of the priorities as DPL. > My best regards, signature.asc Description: OpenPGP digital signature
Nomination for DPL 2020
I would like to nominate myself as DPL candidate 2020. signature.asc Description: OpenPGP digital signature