Forgot your password?
typodupeerror

Interview with Debian's New Project Leader 79

Posted by ScuttleMonkey
from the stuck-on-authenticating dept.
With the recent news that Anthony Towns will be taking over as the Debian Project Leader, Linux.com took a few minutes to sit down and feel out the new DPL-elect. From the interview: "The immediate plan is to organize the various ideas I've had so that I can work out which ones are actually worth working on, and what order to do them in; and to make sure that all the people who volunteered to be DPL during the campaign, or offered their help don't go away without some good ideas about extra things they can do. "
This discussion has been archived. No new comments can be posted.

Interview with Debian's New Project Leader

Comments Filter:
  • ftpmaster (Score:4, Insightful)

    by th173 (464208) on Tuesday April 11, 2006 @04:24PM (#15108478)
    I am not happy with an ftpmaster as new project leader. They were the cause why the last one gave up.

    But on the other hand, there is finally a chance for some movement and some chances; both are needed by this brilliant and outstanding project which is completely stuck by politics now; just like "the real life"(tm) *sigh*.
    • ...ftpmaster as new project leader. They were the cause why the last one gave up.

      Do you have any publicly available info to back that up, I've only seen refrences to an unnamed personal tragedy as to the reason of Brandens demise.
    • Re:ftpmaster (Score:5, Interesting)

      by Anonymous Coward on Tuesday April 11, 2006 @05:42PM (#15109160)
      I am not happy with an ftpmaster as new project leader. They were the cause why the last one gave up.

      It's an interesting paradox. A member of "the Debian cabal" was elected DPL. Personally I voted for none of the above since all of the candidates this year seemed resigned to the idea that the DPL has no power. The DPL does have power under the Debian constitution to appoint and replace delegates, but past DPLs have given in to the idea that there are no delegates...that the ftp-masters, DAM, etc are unaccountable to the DPL and by extension the Debian project as a whole.

      In some ways it's a good thing that the DPL can't assert any real authority over other members of the project, but it also makes the DPL election a silly waste of time and energy and runs counter to a plain reading of the Debian constitution. If the DPL is a powerless and symbolic title we might as well make Ian Murdock, Bruce Perens or some other recognizable individual DPL for life and stop with the silly elections.
      Anthony's platform was more active than the other potential DPL's, but it included plenty of caviats to indicate that ultimately he'll follow the tradition of doing very little with the position. For instance:

      Another issue was that of "supporting delegates". As it turns out, that's perhaps an overly limited description, since a number of roles, including the security team and ftpmaster, might be better thought of as "infrastructure maintainers" instead, which implies a different relationship to the DPL.

      And:
      Some of the goals I hope to work towards in the coming year include getting updates accepted into the archive more frequently than once a day, having frequent beta releases of etch/testing that we can legitimately call a release (benefiting from the ongoing work of the installer and testing-security teams), and having reliably quick resolution of RC bugs in unstable. None of those require, or even necessarily benefit from magical DPL powers; but I think the project will benefit if whoever is elected DPL takes that idea on board, and sets a good example at making frequent and improvements to Debian.

      For me, these simply aren't compelling reasons to elect a DPL. OTOH, Anthony's platform was better than what the other candidates offered.
  • Good luck, a good number of people are depending on you.

    I don't use Debian for my workstation. I do use it in an embedded device I am working on.
    Keep it stable and keep them the new stuff coming.
    • It's not that easy (Score:3, Insightful)

      by lanc (762334)
      One needs a stable _and_ fresh distro.
      Debian is stable. period.
      And bureaucratic.
      and many others base their work on it and give nothing back.
      and Debian moves as slowly as a rheumatic snake.

      BUT

      Debian is still the least bad. ( != best, that is nonexistent for years now)

      • by MoxFulder (159829) on Tuesday April 11, 2006 @04:54PM (#15108772) Homepage
        In my opinion, the combination of Debian+Ubuntu is simply "the best" right now. I went from Debian to Ubuntu on my laptop about a year ago, and recently installed Ubuntu on my new AMD64 box.

        Ubuntu is very stable, installed *almost* flawlessly (NVidia :-/) on my new AMD64 box, and best of all it's based on Debian. Also, they take a principled stand (IMHO) against closed-source software, but are more pragmatic in terms of offering closed-source packages while alternatives are developed.

        Plus, Ubuntu and Debian devs interact a lot as far as I can tell, so Ubuntu is contributing to the improvement of Debian to a significant degree.

        The way I see it:
        * Debian is a super-stable FLOSS-only server OS
        * Ubuntu is its almost-as-stable up-to-the-minute desktop OS

        Neither of them is "the best" alone, but the combined strengths of the two are a knockout in my opinion.
        • * Debian is a super-stable FLOSS-only server OS

          Stable, no question about that. But always outdated.

          marvin:~# for i in mysql-server tomcat4 tomcat5 postgresql ; do echo $i ; apt-cache show $i | grep ^Version ; done
          mysql-server
          Version: 4.0.24-10sarge1
          Version: 4.0.24-10
          tomcat4
          Version: 4.1.31-3
          tomcat5
          W: Unable to locate package tomcat5
          E: No packages found
          postgresql
          Version: 7.4.7-6sarge1
          marvin:~#

          yes, I am aware of apt-get source -b ... but the more machines I administer, the less magic I want to do

        • IMHO, the *biggest* thing Ubuntu needs to work on, is BOOT SPEED. Bust out the parallel-INIT that we've been needing for YEARS.

          On a 750MHz laptop with 384MB of Ram, it takes *several* minutes to boot into console (non-X) mode. XP takes 2 minutes on the same machine. Not a troll, I use Linux for 90% of my day-day work. But since XP boots faster, I end up booting that instead, if all I'm going to be doing is light work/Web browsing.
          • by Anonymous Coward
            You should watch to see if it is hanging on any part of the bootup. Likely candidates would be:

            - wireless lan searching for an access point, delays bringing up the network.
            - trouble contacting ntp.ubuntulinux.org to sync the clock (big delay)
            - any sort of fsck

            That's just off the top of my head. But I run a machine with similar specs and have nowhere near the Ubuntu boot time that you are reporting, even when I'm starting up X.
            • Thanks. All of those are n/a, I checked. It's just slow, and I've tweaked it to disable stuff that doesn't need to be running.

              Right now, the things that seem to take the most time are auto-hardware detection, USB and hotplug stuff. Thisbox has no wireless.

              Still, I know there are things that could be running in parallel. M$ did make an effort with XP to speed up the boot process; I'd really like to see *every* Linux distro do the same, as a best-practices issue. Linux should be able to boot *faster* on t
          • by advocate_one (662832) on Wednesday April 12, 2006 @07:28AM (#15112492)
            the boot process is being worked on for the Dapper release. On my boxes, I can see a distinct improvement in the boot time in Dapper compared to that of Breezy.

            But boot time has never really worried me as my boxes are on 24/7 and only get rebooted for a kernel upgrade. Even my daughter's laptop has got some 40+ days of uptime at the moment...

            • I'll second you about Dapper boot time being a great improvement over Breezy. I also have turned off the boot-time NTP sync, as that always introduces a delay.

              I keep my laptop off when not in use, since I like to conserve electricity, but my desktop seems to be up all the time these days since I never know when I'll need to remote-access it.
        • Stable, no question about that. But always outdated.

          Well, if there wasn't a trade-off there, there'd be nothing to discuss would there? Debian is a really great server - if the server already does what you want it to do. If you are just waiting for that new feature in version $X just released, well you better have patience if you want to run it on debian stable. What Debian is doing is not very glamorous, but I think it's important. The only other free alternative in that class is CentOS, which is nothing b
        • The way I see it:
          * Debian is a super-stable FLOSS-only server OS
          Debian is also the basis for the OS for Nokia's Internet Tablet. So it's the "best" Internet Tablet OS as well.
      • by jZnat (793348) * on Tuesday April 11, 2006 @05:02PM (#15108835) Homepage Journal
        Debian doesn't really move slow at all; the only perceived slowness is in the stable distribution. If you keep up to date with unstable (which will literally always have something to update for you every day), you'd notice that they keep up to date with the majority of its software. For instance, KOffice 1.5 just came out, and it's available in Debian Sid (unstable) and thusly also available in Ubuntu Dapper (they keep their developmental releases in sync with Sid until a release-freeze starts every six months).
        • Unstable? On a productive server? contradiction. Again - I did that years long. I want a stable release on my productive boxes. Not mixing with etch, not mixing with ubuntu, no backports.org, no experimental branch. Pretty please.

        • BUT you don't wan't that kind of upgrade treadmill on a production box. And if you don't follow the upgrade treadmill you lose any modicum of security support.

          the REAL problem is that most developers run the bleeding edge distros (unlike in the windows world where people test at least down to 2K and often down to 98 or even 95!)

          wheras i can't reliablly run recent linux software on woody (which is newer than windows XP!)

          running sarge is tenable for the moment but unless debian gets their house in order and d
          • And if you don't follow the upgrade treadmill you lose any modicum of security support.

            Testing now has a security team.

            • All secure-testing did is try to get security updates to those on the testing treadmill faster. you still have to either stay on the upgrade treadmill to make use of them (mixing bits from testing a few months apart can be a very bad idea).

              Noone is going to provide security updates targeted at where testing was a couple of months ago.

              the ONLY ways to get timely security support are
              1: stay on the upgrade treadmill for testing or unstable (which is a lot of work and has fairly high risk of breaking something
              • stay on the upgrade treadmill for testing

                Yes, however, with testing this is neither very much work, nor is it very risky. In fact, in my experience, it's not risky at all as long as you watch what's being upgraded. I've never experienced any breakage due to testing updates, but what has happened to me is that an app is upgraded to a new major release that uses a different configuration format, etc., and requires effort on my part to make it work the way it did before. That's only happened to me a coup

                • but what has happened to me is that an app is upgraded to a new major release that uses a different configuration format, etc., and requires effort on my part to make it work the way it did before.
                  i consider that to be breaking.

                  yes it doesn't happen too often but i still wouldn't wan't to risk a server.

                  also while your right its not that much effort for one box i wouldn't wan't to maintain more than a couple of testing boxes.
                  • yes it doesn't happen too often but i still wouldn't wan't to risk a server.

                    Which is why if you're running testing on a server you need to pay attention to what's being upgraded. If you see some package receiving a major upgrade, hold it until you can investigate it.

                    also while your right its not that much effort for one box i wouldn't wan't to maintain more than a couple of testing boxes.

                    Actually, it's not much different. The same packages are going to be the issue on each machine, so the effort d

        • by Anonymous Coward
          The debian project officially tells me to *not* run debian unstable and to expect it to break.

          I have experienced debian unstable breakages such as Xfree86 being broken and unusable for days.

          Unstable is *not* the answer. In spite of all the fanboy anecdotal evidence to the contrary.
          • You think that's bad? Try running testing.

            • I think you have the two mixed up. Stuff only makes it into testing after it has already been in unstable. Most of the stuff that makes it into testing works.

              OTOH, running a sid(unstable)-based desktop system is a lot of fun if you don't depend on it. It is like a game of russian roultette every time you run apt-get upgrade. What will break this time?
          • Have you heard of apt-listbugs ? Every time yoou upgrade your system, it checks the BTS (Debian Bug Tracking System) and displays grave bugs related to packages you are about to upgrade. You can check the reported bugs (most of them are not related to the version you are about to install or to the platform you are using)

            I have been using apt-listbugs for a while actually, and I have never experienced any bad crash recently with sid.

        • I think that is an utterly ridiculous idea for anyone who is not a developer. The "testing" [debian.org] distribution is there for a reason, use it!

          This release started as a copy of sarge, and is currently in a state called testing. That means that things should not break as badly as in unstable or experimental distributions, because packages are allowed to enter this distribution only after a certain period of time has passed, and when they don't have any release-critical bugs filed against them.

          The downside with te

    • Keep it stable and keep them the new stuff coming.

      Your aim is sabotage sir!
  • by Anonymous Coward on Tuesday April 11, 2006 @04:25PM (#15108493)
    unfortunately, it took Debian several years to release it because it had to be translated into 15 languages, including aramaic
    • ...etch (the codename for the forthcoming release, due in December)...

      was anyone else surprised that the etch release date is this december?
  • by Beryllium Sphere(tm) (193358) on Tuesday April 11, 2006 @04:31PM (#15108540) Homepage Journal
    then is Gentoo ruled by the GPL?
  • Good luck (Score:5, Informative)

    by upside (574799) on Tuesday April 11, 2006 @04:40PM (#15108631) Journal
    Firstly, congrats and good luck to Anthony from an avid Debian user.

    Having read the article and AT's campaign platform [debian.org] I got the sense that the project really needs not only direction, but also a leader who can steer the project while keeping people onboard and happy. This means leading the people as well as managing the project.

    It seems that bickering and infighting are open source projects' achilles' heel due to strong personalities and oversensitive or overinflated egos. I hope Anthony does a good job at making the Debian team as strong as their product is already.
  • You know what most pisses me off about Debian? I can't apt-get install mod_security because of their licencing issues.
    I'm really glad they have principles. I really am. I admire them for sticking to their guns. But because of this, I have to jump through hoops, and use third party packages, or install the apache source packages and build against them.
    It's all a lot of faffing around. Have 2 repositories. One for people that want only the most GPL'd, clean packages. And another one where they put the same packages, as well as the ones that people want.
    Debian aren't going to change the world with this system, and they're just going to make it hard for people to have a complete system as they want.

    Now, here come all the posts telling me "You just need to do this", or "Point your apt at this server", or x, y, z. Why not just have a setup flag or a config file - perhaps if /etc/allow-other-packages exists, it works.
    • You have included contrib and non-free in your sources.list, haven't you? Example:
      deb ftp://ftp.us.debian.org/debian sid main contrib non-free
    • Go download mod_security and look at the license, it is GPL.
      • Go download mod_security and look at the license, it is GPL.

        That's actually the reason it was removed from Debian; from what I gather, it uses Apache headers that are licensed under the Apache License, which is apparently incompatible with the GPL. Here's the relevant bug: #313615 [debian.org]

        Disclaimer: I haven't done enough research to have an opinion on whether this removal was justified or not.

        • Yep, that's the issue. Basically, it doesn't matter why, but they don't support it. And that sucks. Sort of like Red Hat and the mp3 stuff. Just flash up a message, and let the user decide. "You're about to install MP3 support for XMMS - are you aware that the MP3 support might be subject to patents worldwide, and do you absolve Red Hat from all responsibilities?"
          • I'm sorry, but saying "I am aware that Redhat is committing a serious crime and absolve them of any responsibility" does not actually stop it being a serious crime or absolve them of any responsibility. Private individuals just can't do that. Talk to your government if you want to do that, and get the stupid laws fixed.

            That's the problem. It's probably not illegal for you to receive this software. It's a crime, prosecuted by your government, for Redhat or Debian to give this software to you. Neither you nor
            • It's only a crime if using that software is illegal either where you're downloading it from or where you are located.

              Further more, it's quite possible that you work for an organisation that has a blanket licence for the patent or you have individually licenced it.

              But feel free to keep pushing the "it's illegal for some people so everyone doing it must be bad" meme.
              • It's only a crime if using that software is illegal either where you're downloading it from or where you are located.

                I'm sorry, but you seem to have forgotten that copyright exists.

                Copyright is a law which says you may not create copies of certain classes of information and then give those copies to other people. It also says that if you give enough copies to other people then it is a crime. Putting a copy of it up on a web server qualifies. Just ask the MPAA and RIAA.

                If you do not have the specific, explic
        • Headers are not subject to copyright.
    • It's illegal to distribute mod_security binary under GPL. Apache could sue Debian for copyright infrigenment if they did.
      • I don't think Apache is the problem here. I might be wrong, but I don't think the Apache license puts any restrictions on the license terms of modules that are loaded into Apache. The problem is that the author of mod_security chose a license (GPL) for it that doesn't allow you to use it for what it was intended for (i.e. being loaded into Apache). The author could easily solve this by changing the license (e.g. adding an explicit exception permiting you to use it with Apache).

        Obviously, it's very unlikely

        • Obviously, it's very unlikely that he would sue Debian for distributing mod_security, and even if he did, I don't think he would be likely to win, considering it does seem like his intensions are for mod_security to be used with apache.

          Since copyright violations are now a crime in many countries, Debian could be prosecuted by the government. That's either the DA or DHS in the US. The author would have little or no control over this; it would be a political decision.

          That makes these things a lot trickier tha
    • by Jorgensen (313325) on Tuesday April 11, 2006 @05:37PM (#15109114) Homepage

      "I'm really glad they have principles."...

      "Debian aren't going to change the world with this system, and they're just going to make it hard for people to have a complete system as they want."

      Sorry, but you can't have it both ways. Either it's OK for Debian to have principles (and thus Debian is doing the "right thing") or Debian should forego the principles to make it easier for you to not abide them?

      Logic Error. Parsing abandoned.

    • by discord5 (798235) on Tuesday April 11, 2006 @05:40PM (#15109135)
      I can't apt-get install mod_security because of their licencing issues.

      Don't choose a distro that has that as one of their guidelines then. Debian is a great distribution if you're willing to abide by the principles on which it's built, unfortunatly sooner or later you'll find something that is missing because of it. In all honesty, the easiest thing to do is to build the package for yourself then, if you really want to use debian.

      Again, this isn't a solution that works for everyone. There are time-issues, costs asociated with building those packages, and you have to keep them up to date yourself, but if you've got a couple of machines that need that package, building it once and running "dpkg -i" on several machines is a small price to pay

      Now, here come all the posts telling me "You just need to do this", or "Point your apt at this server", or x, y, z. Why not just have a setup flag or a config file - perhaps if /etc/allow-other-packages exists, it works.

      Really, what did you expect, this is slashdot after all. Nobody is forcing you to use debian, you know, and you can always get involved. But again, many people (like myself) simply don't have the time to get involved and build a package they can install themselves, apt it from someplace, or whatever seems like the best solution at the time.

      If this is unacceptable, debian is not the distribution for you. You're better off with Redhat perhaps, or any other distro that doesn't make such an issue out of licensing. This isn't an elitist argument here, saying debian isn't for you in this case, it's simply pointing out that perhaps there are more time- and cost-effective solutions for you.

    • The allow other package flag doesn't need to exist as it's always TRUE. The config file is, guess what, /etc/apt/sources.list

      This solution is more general than the one you propose, as you can choose where to fetch the unofficial packages if alternatives exist.

      There is also a sources.list.d directory where to put .list files, I discovered it now.
    • I like how nobody in this thread, including the parent actually tried to investigate the problem. mod_security is gpl'd and available in Debian as libapache2-mod-security, so wtf are you talking about? Next time try to actually look for the packages before claiming that they don't exist.

      In general, though, Debian already does what you ask for. It has a main distribution, for software that meets the Debian Free Software Guidelines [debian.org], and a non-free distribution for other software. If Debian doesn't distribute
    • I can't apt-get install mod_security because of their licencing issues.

      You're probably looking in the wrong place. libapache-mod-security is the package you're looking for. It's only in stable, not in testing and unstable.

      It's all a lot of faffing around. Have 2 repositories. One for people that want only the most GPL'd, clean packages. And another one where they put the same packages, as well as the ones that people want.

      They already do. The proprietary software is in the non-free branch.
    • Why not get pissed at mod_security's license and talk to THEM about it rather than get pissed at Debian? Your ire is misdirected.

      Or go write a replacement that has proper open source licensing.

      Plenty of options. None you like. Not Debian's fault.
  • by Cumikaze (955966) on Tuesday April 11, 2006 @05:53PM (#15109245) Homepage
    That has to be one of the most difficult jobs in Debian. I couldn't imagine having to deal with over a thousand maintainers/developers all screaming for something different. So good luck to the new DPL!


    A few things that would be good for this year:

    1. Get AMD64 release into the main pool, enough already. Don't wait until December or whatever for Etch - just get it done!

    2. Get security.d.o mirrored on a few more servers.

    3. Try and trim the releases down to every 12 months (or less!) and drop the "when it's ready" attitude because that just drives people away.

    4. (related to #3) If it's broken, don't include it, but don't hold up a release because of it - put it in "proposed updates" or something when it's fixed.

    5. If it's ready for most archs, but not one (i.e. m68k) release anyway and m68k can just play catch up...
    • 1. Get AMD64 release into the main pool, enough already. Don't wait until December or whatever for Etch - just get it done!
      afaict amd64 is almost totally built in the official sid archive now and should be making its way into etch gradually atm

      the amd64 sarge is an unoffical rebuild and won't ever be part of the official archives.

      3. Try and trim the releases down to every 12 months (or less!) and drop the "when it's ready" attitude because that just drives people away.
      i think 12 months is a bit too fast gi
    • by mvdwege (243851)

      Try and trim the releases down to every 12 months (or less!) and drop the "when it's ready" attitude because that just drives people away.

      I wouldn't know about that. I switched to Debian somewhere in 2002 (during the potato/woody crossover), and it definitely was a fringe distribution at that time. The big players were Red Hat, SuSE and Mandrake.

      Since that day, I have seen both Debian itself and Debian derivatives like Linspire and Ubuntu making lots of headway. Debian is very popular as a base distro t

    • 1: I agree, although ive not had any problems running amd64 sarge on a production webserver

      2: Security patches aren't mirrorred because they wont always be up to date.

      3/4: It would be nice if stable stayed stable for as long as it does, but occasionally added new packages (eg php5 alongside php4, mysql5 alongside mysql4, apache2.2, etc)

      4: Give me Xen!
  • by Anonymous Coward
    Debian is the best disro for the enterprise, for it is stable (as in "doesn't crash AND doesn't change very often).

    If Debian were to make major release more often than once in two (2) years then, I guess, we would have to be looking for something more stable. One release in three (3) years would probably be the best, from our point of view.

  • ...when you need your software as out of date as possible!

    (I kid, I kid; at least until slackware finishes downloading...)
  • So many people seem to be fundamentally misguided in their knowlege of Debian. I keep seeing complaints over and over about the ultra-long release cycle and consequent lack of official .debs for important newer releases of important apps like languages, databases, and application servers. This criticism does have a good basis in many instances as Debian's lag in its stable release behind versions of some major apps can be annoying. After the last release of Sarge it was said that there would not be a rep

Asynchronous inputs are at the root of our race problems. -- D. Winker and F. Prosser

Working...