Closing old Firefox bugs

Back in October I ran a Firefox/Iceweasel bug triage which resulted in handling 60% of the bugs. 5 months later, this leaves ~130 bugs which I’d like to close as the submitters aren’t responsive (2/3 pings as usual).

It will probably take me some time to manually review the reminding bugs before closing them. The reason for manually reviewing the bugs is to try and lower the false positives. Although I don’t see too much of them anyway as there were enough chances to verify them.

The list of the old bugs is at http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=firefox. Help reviewing them will be appreciated.

Ubuntu and the lack of Thunderbird Hebrew localization

Almost a year ago Ubuntu uploaded thunderbird-locales for Thunderbird 2.0.0.0. As the Hebrew localization wasn’t ready then, they dropped the hebrew l10n package & files.

During the last year Mozilla released more localizations for Thunderbird, but it doesn’t seem Ubuntu updated their package since the initial upload. In the same period Debian (thanks to Daniel Baumann) has added 5 more languages (some are unofficial localizations), including Hebrew.

The Israeli Mozilla team is quite annoyed by Ubuntu users which (rightfully) want a “native” support for Hebrew as opposed to installing the xpi file themselves. Same for users which upgrade from feisty to newer versions and discover the support isn’t available any more.

Officially, the bug report is open for 3 weeks. But like Tomer, I do too remember an older report about this issue. I do hope to see the issue solved, as I’m (as a member of the debian-hebrew team) also getting questions about the package.

So, Ubuntu people – please help us get the long waited Hebrew localization for Thunderbird…

Status of the binNMU unsafe packages

Back in July, I started reporting bugs against binNMU unsafe packages. All reports include a patch, to ease the work of the maintainer.

During the last 8 months 58 bugs were closed and 19 more and still open. Resulting in an almost empty page for Lintian’s not-binnmuable-any-depends-any tag. The not-binnmuable-any-depends-all and not-binnmuable-all-depends-any aren’t that fare behind.

We still have 572 packages which use the old style substvar (“${Source-Version}”). As this is used with arch-dep only packages, they are still binNMU safe, as all the packages get the version number increased, so nothing breaks. See Lintain’s substvar-source-version-is-deprecated tag for more info.

The numbers above might change a bit due to extending the binNMU checks, but I don’t expect them to change too much.

The benefits of focused group maintainership

Instead of everyone maintaining his own packages, we try to have several people cooperating to maintain the packages. This reduces the dependency on a single person to take care of packages and makes it possible to keep the packages in a good shape while people are busy or absent.

Having such groups focused on a specific set of packages is even better, because they develop a standard for that packages type. While the Debian’s KDE and GNOME teams have a large variety of packages (application, libraries, etc…), other groups maintain packages which are similar in their technology. The Debian Perl group and Debian fonts group are good examples (and I’m sure there are much more examples).

We can see that such group can easily (the facto) enforce the policy rather than having to “just talk” with other people to comply with the policy. This of course makes Debian a better distribution in which more parts are working well.

The Debian Perl group has recently took text-bidi into their maintainership, and I
was amassed to see the amount of changes they did on their first upload. That made me very happy about “giving” them the package and showed me how much more do I have to learn about Perl related packages.

I don’t expect people to let go of their packages, but please consider working more closely with such groups. I’m sure you and your package users will benefit.

Novell’s de Icaza criticizes Microsoft patent deal

Elizabeth Montalbano quotes Miguel de Icaza while speaking on a panel that also included representatives from Microsoft and open-source companies Mozilla and Zend:

“I’m not happy about the fact that such an agreement was made, but [the decision] was above my pay grade; I think we should have stayed with the open-source community,” de Icaza said.

My take: Go Miguel… (:

Status of the 2nd Debian Openoffice.org bug triage

10 days have passed since the start of the triage, and more than 40% of the bugs were handled. 71 bugs were confirmed to be already fixed in recent versions of openoffice.org and about 50 were confirmed to still exist.

During FOSDEM, I talked with Rene about the triage and it seems he intends version 2.4.0 for Lenny. So I decided not to ping users again until 2.4.0 (a non RC version) will enter Lenny, as don’t want to ping our Lenny users twice.

Dan Jacobson opened a thread about the new style of “mass triage” on -devel. Most of the points were already answered on my triage announcement post. But the thread on -devel have resulted in a few interesting points:

• Some of our largest (as openoffice.org) and important (as aptitude) packages are under maintained – referring to the amount of people working on the packages relatively to the amount of work which needs to done.
• While we have under maintained packages, people are still eager to add new packages instead of helping existing packages. Notice the amount of ITPs we have in the WNPP page.

On the users “frontend”, I found a lot of thankful people who gave possitive feedback on the process. Others were just responsive enough to get things forward and in some cases I could help with checking the bugs themselves instead of “just” pinging people about them.

Some users even took the opportunity, and upgraded to Lenny to test the bugs, and I still have a few bugs waiting for similar upgrades to be completed. It’s very nice to see users willing to invest time and effort to help DDs.

How open source has influenced Windows Server 2008

Every time, I’m surprised to rediscover that Microsoft is a software company (just covered with tons of layers). Seems that without the marketing FUD, there are reasonable people at Microsoft who can write on and to the point.

Sam Ramji, director at Microsoft’s Open Source Software Lab writes at port25 on “How open source has influenced Windows Server 2008“:

Overall, we’ve learned and continue to learn from open source development principles. These are making their way into the mindset, development practices, and ultimately into the products we bring to market.

Risk report: Three years of Red Hat Enterprise Linux 4

Mark J Cox, the Director of the Red Hat Security Response Team, published an update to RHEL 4 risk report:

Red Hat® Enterprise Linux® 4 was released on February 15th, 2005. This report takes a look at the state of security for the first three years from
release.

Two of the lines in the conclusion are:

A default installation of Enterprise Linux 4 AS was vulnerable to seven critical security issues over the first three years.

A customised installation of Enterprise Linux 4, selecting every package, would have been vulnerable to 76 critical browser security issues, and 11 in non-browser packages in the three years.

But I doubt how many people use the default installation “as is” or are fulish enough in install everything. I would like to know the security effect of RHEL4 minimal installation, as this my way to install RHEL.

It will also be interesting to see similar reports from other distributions, especially on the response times, as I guess most security issues are common anyway due to shared applications.