Debian Conference 2014

Speaker: Don Armstrong
Brief overview of the current state of the BTS, new features, and new developments in the ongoing onslaught of bugs.

Speaker: Martin Zobel-Helas
What has DSA done for you and what you can do for DSA.

Speaker: Didier Raboud
During this free-form talk, we'll take a look at the current status of the Debian Printing stack as well as the upcoming challenges.

Speaker: Wookey
The use of stable in our infrastructure and understandably conservative rules for backports, stable updates and infra changes make it very difficult to even test something like Build Profiles (or Mulitarch builds) (which need changes in build tools and core infra), never mind get them into widespread use, without waiting for a whole stable release cycle (these are just recent examples - it's a general problem). So this also means that it takes 2-4 years to make a change, which hampers progress. This session is a discussion on whether we can do anything to be a bit more nimble than this?

Speaker: Bdale Garbee
An opportunity to meet the members of the Debian Technical Committee who are in attendance at Debconf, hear the status of open issues, and discuss pending and future issues with the committee.

Speaker: Gunnar Wolf
The Debian OpenPGP keyring is a vital part of the project's infrastructure: It provides a secure way to ensure each participant's identity in a way amenable to the geographically distributed nature of the project, and is used for basically all actions requiring authentication — Package uploads, General Resolution votes, mails to the =-announce= lists, etc. For several years already, the keyring maintenance team has been pushing to migrate to more secure keys. In July 2010, the last PGPv3 keys were replaced. The current push is to get developers to migrate from older 1024D keys to (at least) 4096R keys. In this talk, we want to: - Introduce keyring-maint's work processes and policies, to get them better understood by the overall Debian community - Present the migration process to stronger keys in numbers, highlighting the migration rhythm and possible issues - Delineate a consensuated migration plan, with deadlines to be followed, to allow for a complete migration to 4096R and higher keys - Reviewing, as a group, what constitutes proper identification and what we require. - Address all of your questions regarding keyring maintenance in Debian

Speaker: Stefano Zacchiroli
Ledger-CLI is the double-entry accounting tool for the discriminating hacker. If you are into doube-entry accounting and using Ledger-CLI for your accounting needs (personal, family, organization, whatever) this BoF is for you. Come with your Ledger-CLI experiences, work-flows, success stories, pet peeves, frustrations, and share them with other Ledger-CLI users. Note: this BoF is targeted at people who are already using Ledger-CLI. Newbies are absolutely welcome, but the event will be structured as an exchange of best practices (or rants) rather than a tutorial. A separate Ledger-CLI tutorial event could be organized in case there is enough interest.

Speaker: Daniel Kahn Gillmor
This is a social event, where you will get a chance to meet other conference attendees and talk to them. We will discuss the nature of OpenPGP cryptographic certification, and try to encourage best practices before breaking into smaller groups that should allow people in the groups to learn more about each other.

Speaker: Rocky Craig
HP's public and private cloud offering, Helion, gets software reality from an internal Debian derivative called hLinux. We'll cover our constraints, goals, and mechanisms span developers to paying customers, plus a look at the future.

Speakers: Ana Guerrero López, René Mayorga
The Purpose of the MIA(Missing In Action) team is to track the inactive developers/maintainers with a main concern for the quality of their packages. In the past years the MIA process and tools have not changed so much, the purpose of this discussion is to improve our process, get more feedback of what we are doing good, what we are doing wrong and how can we improve; Before the discussion starts we will give a brief introduction on how does the MIA team works right now, which tools we have at hand and how do we handle the MIA process.

Speaker: Daniel Kahn Gillmor
GnuPG is a critical part of debian infrastructure. Upcoming changes to GnuPG may have significant impact on debian. This will be a convening of people involved with debian packaging of GnuPG and its related tools, and an attempt to plan for the future. Some topics for discussion: * Making gpg an alternative that can be gpg1 or gpg2 * Thoughts on making the default gpg be gpg2 (or gpg 2.1?) * More shared maintenance via pkg-gnupg. * cross-building and gpg's place in bootstrapping debian

Speaker: Daniel Kahn Gillmor
Computer users leave traces of data on local and remote machines that record their activity. These records can cause problems for people who do not want their activities tracked, and they facilitate both mass and targeted surveillance. Service operators are put in an uncomfortable position because of the existence of this data: they have a responsibility to protect their users, but they may also be at risk of compelled data disclosure against their users' interests. One way to avoid this problem is to reduce or eliminate the quantity of data generated and stored by any system by default in its regular operations. If you don't have the data, it can't be used against you or against your users. Debian is in a good position to shape norms around this -- we can configure default logging levels; we can tune what specifically gets logged, and we can determine how long logs are kept by default. This is a discussion about how to achieve the goal of data minimization within Debian, while considering the tradeoffs and consequences of this sort of change. We should cover at least: * what kind of statement (if any) about default levels of logging for debian packages might belong in Debian Policy * points of convenient control for minimizing logging on standard debian systems * different system logging architectures and how they can support data minimization * how to provide both data minimization and useful debugging information at a system level

Speaker: Jérémy Bobbio
How can we enable multiple parties to verify that a binary package has been produced untampered from a given source in a distribution like Debian? With free software, anyone can inspect the source code for malicious flaws. But most distributions provide binary packages to their users. We would like them to be able to verify that no flaws are introduced during the build process. The idea of “deterministic” or “reproducible” builds is to enable anyone to reproduce a byte-for-byte identical binary packages from a given source. Last year at DebConf13, a last minute BoF kicked off the effort. The last large scale experiment on 5151 source packages yield 62% of them producing matching binaries after a couple changes to the toolchain. A pretty encouraging result! The presentation will explain why we need reproducible builds, what has been done over the past yeast, the problems that have been identified so far and possible solutions. A subsequent BoF will allow interested parties to discuss solutions to some hard problems that were found during this first year of research.

Speaker: Eric Dorland
For various reasons, obsolete packages can accumulate in Debian. They may be old versions kept around for compatibility. They may be things long obsoleted by a newer piece of software. Eventually, they're all cruft cluttering up our beautiful archive. I'll briefly walk through the work I did to remove old versions of automake from the archive, including dramatized accounts of bug filings, NMUs, tools used, and maintainers cajoled. Then I'll lead a discussion of how we can make this easier, around these areas: * Tools that are missing that could make this easier. * How to encourage maintainers to do the right thing. * Best ways to proceed with mass bug filings & NMUs. * What to do about the long tail of broken packages and obstinate maintainers. Hopefully we can share techniques and come up with ideas to make this easier in the future.

Speaker: Alexandra Yates
In this talk we will do a reality-check in terms of the power consumption on off-the-shelve systems running “out of the box” Linux distributions. The goal is to prove how out-of the-box Linux distros on the latest commercial hardware is not optimal. We will demonstrate the steps needed to achieve optimal system power using various tools and analysis techniques including PowerTOP & Turbostat. Upon completion of the talk, the audience should understand the steps needed to properly configure an out of the box Linux distro to take advantage of the power features available on the latest Intel platforms.

Speaker: Jonathan Wiltshire
We aim to establish a 'nice' protocol for negotiating package salvaging, without the negative connotations of hijacking. This is the continuation, and hopefully conclusion, of a discussion in Nicaragua last Debconf. It's a meeting for a few teams, not a public talk or BoF.

Speaker: Joey Hess
This session is about filling out a wiki page and defining a process, not making any kind of controversial decision.

Speaker: Roopa Prabhu
This talk introduces ifupdown2, a new network interface manager for Debian. ifupdown2 is a rewrite of ifupdown. It maintains backward compatibility with ifupdown. ifupdown2 is used on Cumulus Linux, a Debian based distribution for network switches. Existing tools for network interface configuration have several shortcomings when applied to network switches. These challenges include the lack of ability to handle interface dependencies, incremental updates to interface configuration without disruption, interface configuration validation and simplifying interface configuration in large scale deployments. The lack of such functionality increases operational burden. ifupdown2 attempts to solve these challenges through an implementation based on dependency graphs, querying running state before applying interface configuration, extensions to ifquery to support validation of interface configuration, templates for large scale cookie-cutter interface configurations, JSON support and more. ifupdown2 on github: https://github.com/CumulusNetworks/ifupdown2 ifupdown2 documentation on github: http://cumulusnetworks.github.io/ifupdown2/

Speaker: Lucas Nussbaum
Discussion of the State of the Union^HProject

Speaker: Josh Triplett
Let's look at a future Debian system, taking full advantage of systemd components and features. This presentation will take an entirely different approach from past discussions of systemd in Debian. Rather than thinking about how to avoid or replace individual components, we'll look at how they fit together, and what unique functionality they provide. Finally, after exploring this world of the future, we'll return to the present and discuss ways to enable smooth transitions. We'll also explore facilities in systemd that support easier and better integrated selection of components, both for system services and within user sessions. Technologies covered include journald, systemd-networkd, socket activation, timer units, containers, and systemd user sessions. Goals include reducing boot time, reducing duplicate configuration, improving system manageability, improving battery life, and unifying graphical session startup.

Speaker: Ben Hutchings
The Linux kernel is under rapid development. Stable releases are made around 5 times per year, each including many new features and support for new hardware. This talk will summarise the features that have been added and enabled in the last year. There have been many changes to Linux between 3.10 and 3.16. Some of these will require new or updated userland applications to take advantage of them. I will attempt to summarise the most interesting changes and the state of integration in Debian.

Speaker: Aurelien Jarno
General discussion about the MIPS port, including the future mips64 and mips64el ports.

Speaker: Enrico Zini
Upstreams are doing their best packaging their tarballs, and then we redo most of their work when we debianise them. I personally find this situation wasteful and boring. I like how debhelper7 allows to write debian/rules files that describe only when something diverges from the norm, and I think that debianising a package should be the same. I want to debianise a package by just saying "I'm fine with everything upstream says, and put this in Section: foobar". I want to fix upstream's packaging by sending them patches instead of redoing it in debian/. I want most policy or toolchain updates to be handled with just a binNMU. I don't want to manually do any of the work that can possibly be done by a computer. debdry is a prototype tool that tries to address that by running autodebianisation tools, which exist and work reasonably well for at least perl, python, haskell, ruby and node.js, and then applying semantically significant, manually maintained tweaks, if any is needed. The bulk of my debian work should be adding Debian-specific metadata, testing, interacting with upstream, dealing with the BTS. It should not involve writing files that say that the README needs to be installed with the package documentation. Let's make it happen.

Speaker: Steve McIntyre
General discussion on how ARM is going: the existing armel and armhf ports, and the exciting new world of arm64.

Speaker: Wookey
Update on the work on making debian bootstrappable. BuildProfiles infra and package-fixing, rebootstrap, cross-building, and recent port work, including news from last week's sprint.

Speaker: Michael Vogt
A overview of APTs recent past, present and future(s).

Speaker: Paul Tagliamonte
Bits from the Docker Maintainer. Brief overview of Docker, it's pros, cons, best practices and loads of opinions.

Speakers: Tassia Camoes, Moray Allan, Martín Ferrari
DebConf organisation working group

Speaker: Paul Wise
Debian's Upstream Guide has grown organically since it was created. In this BoF we hope to improve the guide and make it more comprehensive and comprehendable. We will copy the wiki text into gobby, review the text, make changes and add new recommendations and push the changes back to the wiki. https://wiki.debian.org/UpstreamGuide

Speaker: Enrico Zini
Last Debconf Debian Contributors started to take form, and now a year has passed and we have a working site. I'm going to talk about what happened, where we are now, and where we can go with it.

Speaker: Michael Banck
The etch release was updated halfway through with an etch 'n half release, including a new kernel and X stack. This BoF will explore the possiblity of redoing this for wheezy.

Speaker: Neil McGovern
SteamOS is one of the latest Debian derivatives and is set to be hugely popular. This talk will explore some of the decisions and implementation details behind the creation of (what will hopefully be!) the biggest linux gaming platform ever. Presented by Neil McGovern (DD, Collabora) and John Vert (Valve)

Speaker: Ian Jackson
dgit lets you clone, commit, and push to the Debian archive. Other Developers don't even need to know you're using git, but if they use dgit you share history with them. The talk will cover the basic design choices, include a demo, and go on to the current status and future plans. http://www.chiark.greenend.org.uk/~ijackson/2014/debconf-dgit-talk/slides.pdf and .../talk.txt

Speaker: Paul Wise
Debian is the basis for a number of other software distributions. This BoF provides a space for representatives from derivatives and Debian to share experiences, find out what is is being worked on and discuss problems, solutions and tools. We will begin with a quick round of introductions and then begin open discussion. https://wiki.debian.org/Derivatives