<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font face="Century Schoolbook L">in-line :-</font><br>
<br>
<div class="moz-cite-prefix">On 04/22/2015 01:52 PM, Vikas Tara
wrote:<br>
</div>
<blockquote cite="mid:55375A60.2030504@hamaralinux.org" type="cite">OK
- that solves the xbmc issue then - I think we would pull in newer
releases of well known / well used packages than are in debian
stable - do you agree?
<br>
</blockquote>
<br>
Hi all, <br>
<br>
Ahem.... WARNING ... this will be a long read. <br>
<br>
While the question may look deceptively simple a little bit of
background or understanding will be required as how to debian.org
functions. What debian did for a long time and the community
stagnated was when it had a single person as maintainer and as it is
generally known Debian is very much a voluntary project. <br>
<br>
What debian.org did then was to make teams wherein 2-3 or more
people get 'Uploader rights' which means they can patch things, make
new releases and do whatever is required to keep the software in
good shape. <br>
<br>
I would take example of the kernel as an example of a team and how
it operates. <br>
<br>
[$] aptitude show
linux-image-3.16.0-4-amd64
<br>
Package: linux-image-3.16.0-4-amd64 <br>
State: installed<br>
Automatically installed: yes<br>
Version: 3.16.7-ckt9-2<br>
Priority: optional<br>
Section: kernel<br>
Maintainer: Debian Kernel Team
<a class="moz-txt-link-rfc2396E" href="mailto:debian-kernel@lists.debian.org"><debian-kernel@lists.debian.org></a><br>
Architecture: amd64<br>
Uncompressed Size: 163 M<br>
Depends: kmod | module-init-tools, linux-base (>= 3~), debconf
(>= 0.5) | debconf-2.0, initramfs-tools (>= 0.110~) |
linux-initramfs-tool<br>
PreDepends: debconf | debconf-2.0<br>
Recommends: firmware-linux-free (>= 3~), irqbalance<br>
Suggests: linux-doc-3.16, debian-kernel-handbook, grub-pc | grub-efi
| extlinux<br>
Breaks: at (< 3.1.12-1+squeeze1), initramfs-tools (< 0.110~)<br>
Provides: linux-modules-3.16.0-4-amd64<br>
Description: Linux 3.16 for 64-bit PCs<br>
The Linux kernel 3.16 and modules for use on PCs with AMD64, Intel
64 or VIA Nano processors. <br>
<br>
This kernel also runs on a Xen hypervisor. It supports both
privileged (dom0) and unprivileged (domU) operation.<br>
Homepage: <a class="moz-txt-link-freetext" href="https://www.kernel.org/">https://www.kernel.org/</a><br>
<br>
<br>
While there is much information therein we will just see only line
of the output for our understanding/consideration. <br>
<br>
[$] aptitude show | grep
Maintainer
<br>
Maintainer: Debian Kernel Team
<a class="moz-txt-link-rfc2396E" href="mailto:debian-kernel@lists.debian.org"><debian-kernel@lists.debian.org></a><br>
<br>
<br>
so we now know that there is team called asdebian-kernel and their
home is lists.debian.org. <br>
<br>
<br>
Now let's go through the package listing looking for few entries :-<br>
<br>
─[$] dpkg -L linux-image-3.16.0-4-amd64 | grep
changelog
<br>
/usr/share/doc/linux-image-3.16.0-4-amd64/changelog.Debian.gz<br>
<br>
For those who might not know changelog.Debian.gz gives you info. as
to what recent changes happened to the package. <br>
<br>
Let's go and see there :-<br>
<br>
[/usr/share/doc/linux-image-3.16.0-4-amd64 [$] zcat
changelog.Debian.gz | less<br>
<br>
linux (3.16.7-ckt9-2) unstable; urgency=medium<br>
<br>
* btrfs: simplify insert_orphan_item (Closes: #782362)<br>
<br>
-- Ben Hutchings <a class="moz-txt-link-rfc2396E" href="mailto:ben@decadent.org.uk"><ben@decadent.org.uk></a> Mon, 13 Apr 2015
02:01:54 +0100<br>
<br>
linux (3.16.7-ckt9-1) unstable; urgency=medium<br>
<br>
* New upstream stable update:<br>
<a class="moz-txt-link-freetext" href="http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt8">http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt8</a><br>
- usb: core: buffer: smallest buffer should start at
ARCH_DMA_MINALIGN<br>
- btrfs: fix leak of path in btrfs_find_item<br>
- tpm_tis: verify interrupt during init<br>
- xfs: ensure buffer types are set correctly<br>
- xfs: inode unlink does not set AGI buffer type<br>
- xfs: set buf types when converting extent formats<br>
- xfs: set superblock buffer type correctly<br>
- xfs: inode unlink does not set AGI buffer type<br>
- xfs: set buf types when converting extent formats<br>
- xfs: set superblock buffer type correctly<br>
- [s390*] KVM: avoid memory leaks if __inject_vm() fails<br>
- samsung-laptop: Add use_native_backlight quirk, and enable it
on some<br>
models (regression in 3.14)<br>
- staging: comedi: comedi_compat32.c: fix COMEDI_CMD copy back<br>
- nfs: don't call blocking operations while !TASK_RUNNING<br>
- cdc-acm: add sanity checks<br>
- USB: fix use-after-free bug in usb_hcd_unlink_urb()<br>
- iwlwifi: mvm: fix failure path when power_update fails in
add_interface<br>
- tty: Prevent untrappable signals from malicious program<br>
- cpufreq: Set cpufreq_cpu_data to NULL before putting kobject<br>
- nfs41: .init_read and .init_write can be called with valid
pg_lseg<br>
(regression in 3.15)<br>
- mei: mask interrupt set bit on clean reset bit (regression in<br>
3.16.7-ckt5)<br>
- [s390*] KVM: floating irqs: fix user triggerable endless loop<br>
- cfq-iosched: handle failure of cfq group allocation<br>
- tracing: Fix unmapping loop in tracing_mark_write<br>
- fsnotify: fix handling of renames in audit<br>
- blk-mq: fix double-free in error path<br>
- NFSv4.1: Fix a kfree() of uninitialised pointers in<br>
decode_cb_sequence_args<br>
- mm/hugetlb: pmd_huge() returns true for non-present hugepage<br>
- mm/hugetlb: take page table lock in follow_huge_pmd()<br>
- mm/hugetlb: fix getting refcount 0 page in hugetlb_fault()<br>
- mm/hugetlb: add migration/hwpoisoned entry check in<br>
hugetlb_change_protection<br>
- mm/hugetlb: add migration entry check in
__unmap_hugepage_range<br>
- iscsi-target: Drop problematic active_ts_list usage<br>
- mm: hwpoison: drop lru_add_drain_all() in __soft_offline_page()<br>
(regression in 3.11)<br>
- jffs2: fix handling of corrupted summary length<br>
- dm mirror: do not degrade the mirror on discard error<br>
- dm io: reject unsupported DISCARD requests with EOPNOTSUPP<br>
- NFS: struct nfs_commit_info.lock must always point to
inode->i_lock<br>
(regression in 3.16.4)<br>
- target: Add missing WRITE_SAME end-of-device sanity check<br>
- target: Check for LBA + sectors wrap-around in sbc_parse_cdb<br>
- Btrfs: fix fsync data loss after adding hard link to inode<br>
- sg: fix read() error reporting<br>
- IB/qib: Do not write EEPROM<br>
- [amd64] EDAC, amd64_edac: Prevent OOPS with >16 memory
controllers<br>
(regression in 3.11)<br>
- md/raid5: Fix livelock when array is both resyncing and
degraded.<br>
- locking/rtmutex: Avoid a NULL pointer dereference on deadlock<br>
(regression in 3.16)<br>
- time: adjtimex: Validate the ADJ_FREQUENCY values<br>
- ntp: Fixup adjtimex freq validation on 32-bit systems<br>
- dm: fix a race condition in dm_get_md<br>
- dm snapshot: fix a possible invalid memory access on unload<br>
- libceph: fix double __remove_osd() problem<br>
- blk-throttle: check stats_cpu before reading it from sysfs<br>
- debugfs: leave freeing a symlink body until inode eviction<br>
- procfs: fix race between symlink removals and traversals<br>
- autofs4 copy_dev_ioctl(): keep the value of ->size we'd
used for<br>
allocation<br>
- clk-gate: fix bit # check in clk_register_gate() (regression
in 3.11)<br>
- [powerpc*] kernel: Avoid memory corruption at early stage<br>
(regression in 3.14)<br>
- GFS2: Fix crash during ACL deletion in acl max entry check in<br>
gfs2_set_acl() (regression in 3.14)<br>
- net: llc: use correct size for sysctl timeout entries
(CVE-2015-2041)<br>
(CVE-2015-2042)<br>
- HID: i2c-hid: Limit reads to wMaxInputLength bytes for input
events<br>
(regression in 3.16.7-ckt4)<br>
- net: sctp: fix race for one-to-many sockets in sendmsg's auto
associate<br>
- ipv6: mld: fix add_grhead skb_over_panic for devs with large
MTUs<br>
- IB/core: When marshaling ucma path from user-space, clear
unused fields<br>
(regression in 3.14)<br>
- IB/core: Fix deadlock on uverbs modify_qp error flow
(regression in 3.14)<br>
- IB/mlx4: Fix wrong usage of IPv4 protocol for multicast
attach/detach<br>
(regression in 3.14)<br>
- IB/iser: Use correct dma direction when unmapping SGs<br>
(regression in 3.15)<br>
- staging: comedi: cb_pcidas64: fix incorrect AI range code
handling<br>
- target: Fix R_HOLDER bit usage for AllRegistrants<br>
- target: Avoid dropping AllRegistrants reservation during
unregister<br>
- target: Allow AllRegistrants to re-RESERVE existing reservation<br>
- target: Allow Write Exclusive non-reservation holders to READ<br>
- vhost/scsi: potential memory corruption<br>
- mm: softdirty: unmapped addresses between VMAs are clean<br>
- proc/pagemap: walk page tables under pte lock<br>
<a class="moz-txt-link-freetext" href="http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt9">http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt9</a><br>
- netfilter: nft_compat: fix module refcount underflow<br>
- netfilter: xt_socket: fix a stack corruption bug<br>
- ipvs: add missing ip_vs_pe_put in sync code<br>
- flowcache: Fix kernel panic in flow_cache_flush_task
(regression in 3.15)<br>
- tcp: make sure skb is not shared before using skb_get()<br>
(regression in 3.16)<br>
- gen_stats.c: Duplicate xstats buffer for later use<br>
- ematch: Fix auto-loading of ematch modules.<br>
- openvswitch: Fix net exit.<br>
- net: reject creation of netdev names with colons<br>
- macvtap: make sure neighbour code can push ethernet header<br>
- udp: only allow UFO for packets from SOCK_DGRAM sockets<br>
- gpiolib: of: allow of_gpiochip_find_and_xlate to find more
than one chip<br>
per node (regression in 3.16.7-ckt6)<br>
- [x86] drm/i915: Check obj->vma_list under the struct_mutex<br>
(regression in 3.15)<br>
- ALSA: hda - Disable runtime PM for Panther Point again<br>
(regression in 3.14)<br>
- nilfs2: fix potential memory overrun on inode<br>
- [armhf] usb: dwc3: dwc3-omap: Fix disable IRQ<br>
- [i386] KVM: emulate: fix CMPXCHG8B on 32-bit hosts<br>
- xhci: Allocate correct amount of scratchpad buffers<br>
- USB: usbfs: don't leak kernel data in siginfo<br>
- efi/libstub: Fix boundary checking in efi_high_alloc()<br>
- USB: serial: fix potential use-after-free after failed probe<br>
- USB: serial: fix tty-device error handling at probe<br>
- staging: comedi: adv_pci1710: fix AI INSN_READ for non-zero
channel<br>
- mei: make device disabled on stop unconditionally<br>
- NFSv4: Don't call put_rpccred() under the rcu_read_lock()<br>
- btrfs: fix lost return value due to variable shadowing<br>
- eCryptfs: don't pass fs-specific ioctl commands through<br>
- drm/radeon: fix DRM_IOCTL_RADEON_CS oops<br>
- [armhf] ASoC: omap-pcm: Correct dma mask<br>
- [amd64] x86/asm/entry/64: Remove a bogus 'ret_from_fork'
optimization<br>
(CVE-2015-2830)<br>
- Btrfs: fix data loss in the fast fsync path<br>
- Btrfs:__add_inode_ref: out of bounds memory read when looking
for<br>
extended ref.<br>
- svcrpc: fix memory leak in gssp_accept_sec_context_upcall<br>
(regression in 3.12)<br>
- SUNRPC: Always manipulate rpc_rqst::rq_bc_pa_list under
xprt->bc_pa_lock<br>
(regression in 3.15)<br>
- net: cls_bpf: fix size mismatch on filter preparation<br>
- net: cls_bpf: fix auto generation of per list handles<br>
- qlge: Fix qlge_update_hw_vlan_features to handle if interface
is down<br>
(regression in 3.13)<br>
- libsas: Fix Kernel Crash in smp_execute_task<br>
- ALSA: hda - Fix regression of HD-audio controller fallback
modes<br>
(regression in 3.11)<br>
- can: add missing initialisations in CAN related skbuffs<br>
- ftrace: Fix en(dis)able graph caller when en(dis)abling record
via sysctl<br>
- ftrace: Fix ftrace enable ordering of sysctl ftrace_enabled<br>
- [armhf] imx6qdl-sabresd: set swbst_reg as vbus's parent reg<br>
- [armhf] imx6sl-evk: set swbst_reg as vbus's parent reg<br>
- xen-pciback: limit guest control of command register
(CVE-2015-2150)<br>
- drm/vmwgfx: Reorder device takedown somewhat<br>
- ALSA: control: Add sanity checks for user ctl id name string<br>
- Revert "i2c: core: Dispose OF IRQ mapping at client removal
time"<br>
- nilfs2: fix deadlock of segment constructor during recovery<br>
(regression in 3.16.7-ckt7)<br>
- clk: divider: fix calculation of maximal parent rate for a
given divider<br>
(regression in 3.15)<br>
- [sparc*] Fix several bugs in memmove().<br>
- net: sysctl_net_core: check SNDBUF and RCVBUF for min length<br>
- inet_diag: fix possible overflow in inet_diag_dump_one_icsk()<br>
- caif: fix MSG_OOB test in caif_seqpkt_recvmsg()<br>
- rxrpc: bogus MSG_PEEK test in rxrpc_recvmsg()<br>
- tcp: fix tcp fin memory accounting<br>
- net: compat: Update get_compat_msghdr() to match
copy_msghdr_from_user()<br>
behaviour (regression in 3.13)<br>
- tcp: make connect() mem charging friendly<br>
<br>
[ Ian Campbell ]<br>
* Initialise framebuffer console earlier. (Closes: #779935)<br>
* [xen] Enable Xen MCE log support. (Closes: #779698)<br>
* [armhf] mvebu: do not register custom DMA operations when
coherency is<br>
disabled (Closes: #780858)<br>
* [armhf] Enable power control on various sunxi platforms, enable
MFD_AXP20X<br>
and REGULATOR_AXP20X and adding the necessary DTB nodes.
(Closes: #781576)<br>
<br>
[ Ben Hutchings ]<br>
* [armel/kirkwood] linux-image: Add versioned Breaks against
flash-kernel,<br>
to ensure that an FDT is appended to the image if needed
(Closes: #781193)<br>
* Revert "quota: Store maximum space limit in bytes" to avoid ABI
change<br>
* IB/core: Prevent integer overflow in ib_umem_get address
arithmetic<br>
(CVE-2014-8159)<br>
* Btrfs: make xattr replace operations atomic (CVE-2014-9710)<br>
* ext4: fix ZERO_RANGE bug hidden by flag aliasing<br>
* ext4: fix accidental flag aliasing in ext4_map_blocks flags<br>
* ext4: allocate entire range in zero range (CVE-2015-0275)<br>
* [x86] microcode/intel: Guard against stack overflow in the
loader<br>
(CVE-2015-2666)<br>
* ipv6: Don't reduce hop limit for an interface (CVE-2015-2922)<br>
* [powerpc/powerpc64,ppc64] Disable THERM_PM72 and enable its
replacements<br>
WINDFARM_PM72 and WINDFARM_RM31 as modules. Update the udeb
config<br>
accordingly. Thanks to Milan Kupcevic. (Closes: #781934)<br>
* psmouse: Add support for FocalTech touchpads, thanks to Rafal
Ramocki<br>
* [x86] drm/i915: Add limited color range readout for HDMI/DP ports
on<br>
g4x/vlv/chv (Closes: #775217)<br>
* HID: thingm: fix workqueue race on remove (Closes: #780055)<br>
* [x86] Disable X86_VERBOSE_BOOTUP (Closes: #781953)<br>
* eMMC: Don't initialize partitions on RPMB flagged areas (Closes:
#782038)<br>
* [x86] powercap / RAPL: change domain detection message (Closes:
#781418)<br>
* procfs: Avoid ABI change in 3.16.7-ckt8<br>
* [powerpc/powerpc] udeb: Add fb-modules package containing
radeonfb driver<br>
(Closes: #782058)<br>
<br>
-- Ben Hutchings <a class="moz-txt-link-rfc2396E" href="mailto:ben@decadent.org.uk"><ben@decadent.org.uk></a> Wed, 08 Apr 2015
01:03:08 +0100<br>
<br>
<br>
Sorry for the long read of the changelog but was necessary (this
actually is the evil of monolithic kernels but that's a different
topic altogether so won't go there.) <br>
<br>
As can be seen there were two people who made 8th April release of
the kernel Ian Campbell and Ben Hutchings , there might have been
others as well but only these two choose to be credited. <br>
<br>
[$] apt-cache policy
linux-image-3.16.0-4-amd64
<br>
linux-image-3.16.0-4-amd64:<br>
Installed: 3.16.7-ckt9-2<br>
Candidate: 3.16.7-ckt9-2<br>
Version table:<br>
*** 3.16.7-ckt9-2 0<br>
600 <a class="moz-txt-link-freetext" href="http://httpredir.debian.org//debian/">http://httpredir.debian.org//debian/</a> jessie/main amd64
Packages<br>
1 <a class="moz-txt-link-freetext" href="http://httpredir.debian.org//debian/">http://httpredir.debian.org//debian/</a> unstable/main amd64
Packages<br>
<br>
<br>
[$] apt-cache policy
linux-image-3.19.0-trunk-amd64
<br>
linux-image-3.19.0-trunk-amd64:<br>
Installed: (none)<br>
Candidate: 3.19.3-1~exp1<br>
Version table:<br>
3.19.3-1~exp1 0<br>
1 <a class="moz-txt-link-freetext" href="http://httpredir.debian.org//debian/">http://httpredir.debian.org//debian/</a> experimental/main
amd64 Packages<br>
<br>
<br>
So, for the question <br>
<br>
" I think we would pull in newer releases of well known / well used
packages than are in debian stable - do you agree?
" - Vikas <br>
<br>
Yes, we could provided :-<br>
<br>
a. We have enough number of people who knows how this all works. <br>
b. We are able to make a statement about quality of our packages and
do share the work upstream as well as with Debian - They will
welcome any help provided we are able to show that we have some
knowledge of how things work (even if we do not know it all.) The
benefit of doing any uploads or anything for that matter is the
larger base of users it has and their ability to bring out even
corner cases which otherwise are not known. <br>
<br>
As have shared with Vikas, there are lots of both QA and security
tools which are in Debian (and of course much more in the wilder
free software movement) .<br>
<br>
If we are looking for knowledge of popular tools then
popcon.debian.org could be used as a resource but with some caveats
:-<br>
<br>
a. It is not an accurate way to measure interest in a package. For
e.g. the GNU/Linux monolithic kernel which I have shared would have
one of the biggest numbers but that will as it's an essential
component. You need a kernel to do interrupts, house-keeping jobs
and n number of things that the kernel has to do. <br>
<br>
The notation is
<a class="moz-txt-link-freetext" href="https://qa.debian.org/popcon.php?package=$PACKAGENAME">https://qa.debian.org/popcon.php?package=$PACKAGENAME</a><br>
<br>
For e.g. <a class="moz-txt-link-freetext" href="https://qa.debian.org/popcon.php?package=iceweasel">https://qa.debian.org/popcon.php?package=iceweasel</a><br>
<br>
If you actually look at iceweasel you will see that they have
different versions :-<br>
<br>
[$] apt-cache policy
iceweasel
<br>
Installed: 37.0.2-1<br>
Candidate: 37.0.2-1<br>
Version table:<br>
*** 37.0.2-1 0<br>
1 <a class="moz-txt-link-freetext" href="http://httpredir.debian.org//debian/">http://httpredir.debian.org//debian/</a> experimental/main
amd64 Packages<br>
100 /var/lib/dpkg/status<br>
31.6.0esr-1 0<br>
600 <a class="moz-txt-link-freetext" href="http://httpredir.debian.org//debian/">http://httpredir.debian.org//debian/</a> jessie/main amd64
Packages<br>
1 <a class="moz-txt-link-freetext" href="http://httpredir.debian.org//debian/">http://httpredir.debian.org//debian/</a> unstable/main amd64
Packages<br>
<br>
Now there is always going to be this fight between the latest and
the most stable. If we take either the kernel's package or
iceweasel package (both are pretty well-maintained) the releases
which are in testing (will be the new- stable in 3 days time) both
the iceweasel and kernel version are the ones which have Long Term
Support (LTS) , Mozilla calls it Extended Support Release (ESR) .
If we are going to be a sort of rolling release we would need to
think this quite a bit as the need of QA and security is more (the
pressure is more and is the reason the Ubuntu/Canonical fails and
continue to fail) than what currently happens. <br>
<br>
There is a good possibility that Vikas has this all chalked out in
the head or in a book somewhere but because I do not know which way
he wants to proceed, I am afraid he will have to share his vision
for this <br>
<br>
The easiest way for now would be to do the following :-<br>
<br>
a. Concentrate on having good themes/better themes and documenting
as much as we can about Debian and its way of doing things. <br>
b. Finding packages which have high popcon and not active
maintainer, become a maintainer of such a package/packages and earn
visibility in the Debian community. <br>
c. Find packages which would help us whether it is in education,
wi-fi mesh networks or any package which we feel is needed and have
good relations with both the DD/DM/Debian Contributor as well as
maintain good relationships with upstream so trust is there. <br>
<br>
The output would be a knowledge community which knows where
technology and technological solutions are heading. Most DD's in
their day-job work on cutting-edge tools and they use the
spare-time/hobby to create the same for the world at large. They
would help us identify big and small cracks within the ecosystem
where we could create products which would be beneficial to all. <br>
<br>
Looking forward to feedback.<br>
<pre class="moz-signature" cols="72">--
Shirish Agarwal,
Community Lead,
Hamaralinux.org</pre>
</body>
</html>