On 6/2/19 3:39 PM, Ben Hutchings wrote:
> On Fri, 2019-05-31 at 21:04 +, Luca Filipozzi wrote:
> [...]
>> However, without an HPE donation or discount, we are much more likely to
>> follow a less expensive approach: pairs of 2U servers with local
>> storage, etc. Still not cheap but not
It was pointed out to me that my mail could have been misread in a
number of ways. nothing in my message is meant to alter the delegations
currently in place. Rather, my desire is to further empower our
delegated teams.
If there are going to be any grants to fund work for some of our teams,
Hi.
I've received a media query on this topic I am about to respond to.
I figure the project would not take it well to find out what we're going
to do from a news story. And obviously I don't know what we're going to
do, but I do think I know where we ended up here and what I'd be open to
On Tue, Jun 04, 2019 at 09:24:59AM -0500, Gunnar Wolf wrote:
> Philip Hands dijo [Tue, Jun 04, 2019 at 10:51:10AM +0200]:
> > It occurs to me that we could establish some sort of hardship fund to
> > make sure that someone who's current situation falls below some minimum
> > that we could define,
Philip Hands dijo [Tue, Jun 04, 2019 at 10:51:10AM +0200]:
> It occurs to me that we could establish some sort of hardship fund to
> make sure that someone who's current situation falls below some minimum
> that we could define, they would be able to apply for funding.
>
> For example, I recently
On Mon, Jun 03, 2019 at 08:42:02PM -0400, Sam Hartman wrote:
> > "Gunnar" == Gunnar Wolf writes:
>
> Gunnar> I am aware your example is just an example - But don't you
> Gunnar> think that following through with this would have a sad
> Gunnar> effect on the www team: It would be
> "Gunnar" == Gunnar Wolf writes:
Gunnar> I am aware your example is just an example - But don't you
Gunnar> think that following through with this would have a sad
Gunnar> effect on the www team: It would be equivalent to tell them,
Gunnar> "thanks for your work for so many
Sam Hartman dijo [Sat, Jun 01, 2019 at 09:02:54AM -0400]:
> (...)
>
> With regard to Russ's concerns,
> I think that making short-term grants to work on specific projects might
> be much more achievable for us than salaries. It reduces the factors
> he's worried about.
> I think there would
On Fri, 2019-05-31 at 21:04 +, Luca Filipozzi wrote:
[...]
> However, without an HPE donation or discount, we are much more likely to
> follow a less expensive approach: pairs of 2U servers with local
> storage, etc. Still not cheap but not multiples of 100k.
>
> If a hardware vendor happens
]] Steve McIntyre
> On Sat, Jun 01, 2019 at 12:29:04PM +0200, Tollef Fog Heen wrote:
>
> >This is a hugely important point: we're already seeing conflicts where
> >people conflate the paid-for LTS effort with other team's priorities.
> >If we move that funding closer to Debian, we're effectively
"G. Branden Robinson" writes:
> My two cents[4] is that DSA should make its purchasing and hardware
> solicitation decisions with the architectural security issue fairly far
> down the priority list. It saddens me to say that, but this new class
> of exploits, what van Schaik et al. call
At 2019-06-01T09:04:39+0200, Philipp Kern wrote:
> Are we then looking more closely at AMD-based machines given that
> those had less problems around speculative attacks?
To borrow a phrase from Christopher Hitchens, this comment gives a
hostage to fortune.
My team at work closely follows (and
Jonathan Carter writes:
> On 2019/06/01 19:55, Russ Allbery wrote:
>> I very much doubt that our current donation-driven model would generate
>> US $1M per year on a sustained basis, particularly if you subtract
>> DebConf out of the mix (which I think we should, because that money is
>>
On 2019/06/01 19:55, Russ Allbery wrote:
> I very much doubt that our current donation-driven model would generate US
> $1M per year on a sustained basis, particularly if you subtract DebConf
> out of the mix (which I think we should, because that money is essentially
DebConf tends to bring in
Adrian Bunk writes:
> On Fri, May 31, 2019 at 04:07:54PM -0700, Russ Allbery wrote:
>> I could well be entirely wrong, but the part that I would expect to be
>> the most controversial is that, once Debian starts spending project
>> money to pay people to do work that other people in the project
On Sat, Jun 01, 2019 at 12:29:04PM +0200, Tollef Fog Heen wrote:
>]] Russ Allbery
>
>> These dynamics change a *lot* when the money is coming from
>> the project itself. That money is special; it's not just one more company
>> or foundation or whatnot that is providing resources to aid in a
On Sat, Jun 01, 2019 at 12:29:04PM +0200, Tollef Fog Heen wrote:
> ]] Russ Allbery
> > Particularly now that my free time is rarer and more precious to me,
> > doing unpaid work for an organization that also has paid staff is
> > hugely demotivating. It's entirely plausible that paying for
> >
On Sat, Jun 01, 2019 at 09:09:26AM -0400, Sam Hartman wrote:
> > "Adrian" == Adrian Bunk writes:
>
> >>
> >> Talking about the issues involved in paying people to do work.
> >> What the options are, collecting people's concerns etc.
> >>
> >> I actually think the first
> "Adrian" == Adrian Bunk writes:
>>
>> Talking about the issues involved in paying people to do work.
>> What the options are, collecting people's concerns etc.
>>
>> I actually think the first round of that can be done without
>> significant access to numbers.
> "Ondřej" == Ondřej Surý writes:
Ondřej>It might be worth looking on how other organizations in
Ondřej> our ballpark are doing stuff. f.e. IETF/ISOC is in similar
Ondřej> situation to Debian/SPI.
I'm no longer really involved in the IETF, but I was involved in the
IETF for
]] Russ Allbery
> These dynamics change a *lot* when the money is coming from
> the project itself. That money is special; it's not just one more company
> or foundation or whatnot that is providing resources to aid in a general
> volunteer project. It becomes a loaded statement about what
> But yes, it's entirely possible that I'm being too cautious.
I'd say, being cautious in this case is very warranted.
One of the things, that are good about Debian is, that it's _not_ cooperate.
"You will not work for free for a company. Debian is not a company."
Throwing in money has a high
On Fri, May 31, 2019 at 11:46:02PM -0600, Eldon Koyle wrote:
> On Fri, May 31, 2019 at 5:08 PM Russ Allbery wrote:
> >
> > Adrian Bunk writes:
> >
> > > My biggest high level concern is the income side, since this is the most
> > > difficult part and will likely also be the most controversial
On Fri, May 31, 2019 at 04:07:54PM -0700, Russ Allbery wrote:
> Adrian Bunk writes:
>
> > My biggest high level concern is the income side, since this is the most
> > difficult part and will likely also be the most controversial one.
>
> I could well be entirely wrong, but the part that I would
Again I would suggest looking at https://tools.ietf.org/html/rfc4071 as a start
to learn from the experience of others.
It’s a change in paradigm, but somehow I feel that this is needed if we want to
keep up to par with other parties in the same field.
P.S.: At no point of time I am speaking
On 5/31/2019 11:04 PM, Luca Filipozzi wrote:
> Before you ask: an insecure hypervisor is an insecure buildd.
Are we then looking more closely at AMD-based machines given that those
had less problems around speculative attacks?
Kind regards
Philipp Kern
It might be worth looking on how other organizations in our ballpark are doing
stuff.
f.e. IETF/ISOC is in similar situation to Debian/SPI. I am not directly
involved in looking into IETF financials, but they have contracts for certain
functions (Ops, RFC Editor to name few, for full list see
On Fri, May 31, 2019 at 5:08 PM Russ Allbery wrote:
>
> Adrian Bunk writes:
>
> > My biggest high level concern is the income side, since this is the most
> > difficult part and will likely also be the most controversial one.
>
> I could well be entirely wrong, but the part that I would expect
Ximin Luo writes:
> Nobody is suggesting that it won't be a hard problem to get right, but
> progress isn't made by worrying about all the things that could possibly
> go wrong. Figuring out a blueprint for organising large-scale work
> using more directly-democratic principles would have lots
Russ Allbery:
> [..]
> I respect the desire to try social experiments and be bold, but my counter
> question is whether Debian as a project has the right training and the
> right people to conduct a proper social experiment *here*, on *this*
> particular topic. Do we have economists?
Russ Allbery:
> [..] The failure mode here is that we lose contributors
> because of hard feelings over who gets paid and who doesn't get paid and
> how much they get paid and how they get paid, and the project ends up
> weaker and more fragile. [..]
>
> For example, you say "democratic mandate,"
Ximin Luo writes:
> A lot of people are already paid full-time to work on Debian. Wouldn't
> it be better to additionally have some other people be paid full-time to
> work on Debian under a democratic mandate (our voting system) rather
> than under corporate orders? At the very least, it would
Russ Allbery:
> Adrian Bunk writes:
>
>> My biggest high level concern is the income side, since this is the most
>> difficult part and will likely also be the most controversial one.
>
> I could well be entirely wrong, but the part that I would expect to be the
> most controversial is that,
dear Russ,
once again, many thanks for expressing nicely what I couldnt express
that well. My thoughts exactly.
--
tschau,
Holger, who first wanted to send this in private to Russ and
then decided against.
Adrian Bunk writes:
> My biggest high level concern is the income side, since this is the most
> difficult part and will likely also be the most controversial one.
I could well be entirely wrong, but the part that I would expect to be the
most controversial is that, once Debian starts spending
On Fri, May 31, 2019 at 10:57:51PM +, Holger Levsen wrote:
> On Fri, May 31, 2019 at 10:56:16PM +, Luca Filipozzi wrote:
> > > For me this implies that Debian should aim at having at least US$500k
> > > reserves, to be prepared if there is no large donation coming for a
> > > future
On Fri, May 31, 2019 at 10:56:16PM +, Luca Filipozzi wrote:
> > For me this implies that Debian should aim at having at least US$500k
> > reserves, to be prepared if there is no large donation coming for a
> > future refresh.
> Plus another $300k in reserves for DebConf in case those
On Sat, Jun 01, 2019 at 01:50:25AM +0300, Adrian Bunk wrote:
> On Fri, May 31, 2019 at 09:04:24PM +, Luca Filipozzi wrote:
> >...
> > When we last crunched the numbers, maintaining a 5y refresh (to stay in
> > warranty, etc.) would require $75k-100k/yr. We've avoided that level of
> > annual
On Fri, May 31, 2019 at 09:04:24PM +, Luca Filipozzi wrote:
>...
> When we last crunched the numbers, maintaining a 5y refresh (to stay in
> warranty, etc.) would require $75k-100k/yr. We've avoided that level of
> annual expenditure because we are keeping hardware longer than 5y and
> we've
On Fri, May 31, 2019 at 05:29:42PM -0400, Sam Hartman wrote:
> > "Adrian" == Adrian Bunk writes:
>
> I agree that's missing.
>
> I don't think that is the important information needed to drive the
> discussions I'm hoping someone will drive.
>
> Instead I'm more interested in seeing
> "Adrian" == Adrian Bunk writes:
I agree that's missing.
I don't think that is the important information needed to drive the
discussions I'm hoping someone will drive.
Instead I'm more interested in seeing discussions at a high level.
Talking about the issues involved in paying people to
On Wed, May 29, 2019 at 07:49:25AM -0400, Sam Hartman wrote:
>
> [moving a discussion from -devel to -project where it belongs]
>
> > "Mo" == Mo Zhou writes:
>
> Mo> Hi,
> Mo> On 2019-05-29 08:38, Raphael Hertzog wrote:
> >> Use the $300,000 on our bank accounts?
>
> So, there
42 matches
Mail list logo