

Re: Making Debian Responsible For Its Actions - spahl
http://sheddingbikes.com/posts/1285693551.html

======
kilian
This is a good, levelheaded response. But it makes it seem as if the process
of becoming a sponsored maintainer was straightforward.

It's not.

A number of months ago, I tried getting trimage (a gui image optimizer,
<http://trimage.org>) into debian. Since I already had a working Ubuntu PPA, I
figured it wouldn't be too hard. Packaging instructions for debian are
available at various official websites, but contradictionary and they all seem
to presume you have packaged for Debian before. Jargon like RFP (request for
packaging) and ITP (intent to package) is thrown around frequently without
explanation.

Luckily, there is debian-mentors, meant to help upstream developers with
becoming a sponsored maintainer. Most of the debian-mentors site links to
outdated packaging instructions, using which will mean you will be ridiculed
on the way-too-hostile mailinglist. Trying to do 'the right thing' is almost
impossible, as most of the feedback will depend on the personal opinion of the
person responding. I suspect this is because they, too, don't know which
packaging instructions to use or point to.

Trying to get my application into debian has been nothing but a massive,
timesinking frustration, and I wish that wasn't the case.

~~~
zedshaw
I've also brought up a counter question that people seem to not be able to
answer: How do you get a bad Debian Developer fired?

It seems once they get in they're in for life. Yet, some of the worst DDs who
crap on programmers seem to somehow get in charge of projects they actually
hate. If they hate it, and they're breaking the software because of this, then
why can't I, the original author, get them fired.

At an even simpler level, why can't you report bad DDs and have them
reprimanded or taken off the project? That alone would bring out some better
responses.

~~~
todayiamme
Why do you need to get them fired?

Just remove the community from an open source community and things will start
happening FAST.

Since, most people reading this thread are truly influential can't you guys
talk with canonical and fork Debian under the Ubuntu project? You could model
a community around how HN runs and vote things organically into existence
while keeping a high level of quality. Instead of a rant match between a bunch
of egos.

If you think about it the HN model is _perfect_ for such stuff. If and only if
you attract the right audience, but your work already reaches them!

Have you ever considered doing that? Or is there something wrong in my
suggestion?

~~~
cmsj
Have you seen how many packages there are in Debian/Ubuntu and how many Debian
Developers there are? Forking Ubuntu entirely away from Debian would be a
_massive_ task and would need a huge injection of skilled people. (Also
internet voting for things leads to a system that encourages gaming the votes,
see digg ;)

~~~
todayiamme
What I meant was inviting the best of those Debian devs to start afresh with
the same code and create something even better under a new system.

You could always make voting tiered and restricted like stack overflow to
avoid this... Moreover, if you attract just the right kind of people then the
community will start moderating itself and keep the fluff at bay.

Surely, we need to try something like this out.

~~~
cmsj
what are you trying to achieve with the voting? and what is the incentive for
volunteers to put hours into packaging work if they're being motivated by
votes rather than their personal interests?

~~~
todayiamme
A real democratic community where muscle flexing doesn't work and people can't
exclude PHP from a package because it is "impure". If their big idea gets
accepted they can collaborate with others to make it.

Wouldn't that be a better way to do things?

~~~
cmsj
It would seem to me that the outcome would depend a great deal on who was
voting.

------
hapless
This significantly increases my respect for Zed Shaw.

Yes, he wrote an offensive post crying for blood, but after he had a chance to
cool down, he used his own fame and audience to exhibit a well-reasoned
response from someone who disagreed. That's a very adult thing to do. In some
ways, it's actually better than an apology.

~~~
adambyrtek
He reacted in the right way, but on the whole my impression is negative. I'm a
bit disappointed, because most of Zed's previous rants were humorous, amusing
and well researched. But in this case he didn't put any effort neither in
research nor writing. He'd stumbled upon a dependency bug and, instead of
reporting it, he for some reason concluded that it means that Debian is evil
and everybody should boycott it. Weird.

PS. Excuse me, there was one amusing paragraph in the rant. The one in which
he equaled Debian, the most independent and free software obsessed
distribution out there, to Microsoft.

~~~
blasdel
He didn't just stumble upon an overlooked dependency bug — the Debian
maintainers _intentionally_ broke their Ruby package years ago because of the
legal problems they imagine to exist with using OpenSSL.

I don't think it's so out of bounds to compare Debian, the most copyright-
license-obsessed distribution out there, to Microsoft.

~~~
rbanffy
Maybe it's a name problem. It was said _ruby-full_ provides the full Ruby
language, while _ruby_ provides the export-restricted version Debian has to
distribute in order not to have police officers knocking down doors. In
Python's case (sorry, I am more familiar with Python) there are _python_ and
_python-minimal_ packages. They may or may not mean the same as _ruby_ and
_ruby-full_ , but their names communicate a similar intention.

~~~
blasdel
While "police officers knocking down doors" over crypto export restrictions do
not exist, that's not what Debian's wankfest over OpenSSL is about.

They think that the advertising clause in the OpenSSL license makes it
impossible to use with any GPL programs — despite the fact that the OpenSSL
developers think it's fine as a platform library and tons of upstream
developers of GPL software choose to link against it. In Debian's world,
they'll only allow you to use it if you get every contributor to agree to a
special exemption clause appended to the GPL.

Through their absolute fealty to the most draconian interpretation of the
letter of the law, Debian does more to further the cause of software patents
and non-free licensing than any other organization. They choose to demonstrate
how idiotic such ideas about IP are by implementing them to their fullest —
_by being idiots_.

~~~
davidw
> Debian does more to further the cause of software patents and non-free
> licensing than _any other organization_.

Wow. Really?

> They choose to demonstrate how idiotic such ideas about IP are by
> implementing them to their fullest — by being idiots.

From the guidelines:

> Be civil. Don't say things you wouldn't say in a face to face conversation.

> When disagreeing, please reply to the argument instead of calling names.
> E.g. "That is an idiotic thing to say; 1 + 1 is 2, not 3" can be shortened
> to "1 + 1 is 2, not 3."

I for one do not care at all for your rude name calling.

For what it's worth, I'm not particularly fond of debian-legal either, but
it's entirely possible to express that disagreement without calling everyone
who does not see the world as you do "idiots".

~~~
blasdel
So who else is out there doing the work of enforcing American software patents
on the users of the world? Even the BSA doesn't do that! Apple isn't out there
enforcing their patent on the truetype hinting bytecode interpreter, but
Debian refuses to ship a full version of freetype. The DVD-CCA gave up years
ago, but Debian still won't ship a DeCSS implementation.
Fraunhofer/Thomson/MPEG-LA only really care about companies shipping hardware,
but Debian cares more about FUD and promoting OGG than actual use.

None of this shit matters _at all_ when shipping source code, and binaries
only matter if both parties are in the US. But the Debian project is out there
with jackboots on, doing what they can to take useful freely-licensed software
out of distribution. What other organization is doing anything like that?

I'm sorry that you find yourself so wrapped up in such an organization, I did
not mean to insult you directly, but rather the ideology y'all are applying to
make my world a worse place to live. And I would be far more acerbic in a
face-to-face conversation.

You didn't understand my line of argument centering around idiocy (should have
used fewer anaphora) — my point was that the Debian people know that they're
being idiots, and that it's the purpose of their actions in this squabble. We
all know that software patents are stupid, but Debian's approach is to show
the world just how stupid software patents are by fully respecting them,
implementing the letter of the law until it is repealed. I think that's a
useless and infuriating course of action.

~~~
davidw
With regards to the legal stuff, I simply don't know. One of the things that
bugged me about debian-legal were all the people convinced that they did know
it all. I'm not a lawyer and neither are most people there. Neither are you or
the OpenSSL guys either, though, as far as I know. My firm conviction is that
most "open source legal debates" are essentially the blind arguing with the
blind about various painters. Although, of course, many real lawyers are also
so vague and non-commital in what they say that they're not much use either,
so I tend to just want to stay as far away as possible from that kind of
discussion.

That said, one thing I don't agree with you on is that "well, they probably
won't notice / bother us, so it's ok to skirt the letter of the law". I think
that's not really the right attitude either. Debian makes some strong
commitments to shipping free software that people can use and redistribute as
they see fit, so I think they have to be cautious at times.

I am not a part of Debian any more. I moved on to being simply a user (and bug
reporter) of Ubuntu, which I think gets some things right that Debian didn't.
I just don't like the "you fucking idiots" style of debate.

------
sradu
I am Debian Developer with upload rights.

If HN people want to get involved with Debian, packaging and so on email me
and I'll do my best to help you.

Probably the best way to fix whatever you believe is wrong is by getting
involved.

------
nkurz
Coincidentally, I just happened to see a link on Reddit leading to a post by
the same Ersek:
[http://groups.google.com/group/comp.lang.c/msg/22e3473f80eec...](http://groups.google.com/group/comp.lang.c/msg/22e3473f80eec512)

Like his message to Zed, it's clear, concise, and seemingly accurate. It also
includes a wonderful and well commented example program in expert idiomatic C
showing signal handling. I hadn't even known comp.lang.c was a going concern!

It's exactly the sort of quality code I'd expect from someone who writes such
good prose. While I'm sure there are some examples of good prose writers who
can't code, are there any definitive examples of good C programmers who can't
write? Or is this just a "true Scotsman" problem?

------
btilly
I still think my point at <http://news.ycombinator.com/item?id=1735344> is
important. If Debian didn't throw away unit tests, a lot of these integration
errors could get caught automatically.

~~~
zedshaw
Actually, I _really_ agree with you here. In fact, it got me thinking about
sort of a protection clause in licenses along these lines. Where you can say,
"This software is BSD licensed, providing you follow the guidelines in the
PACKAGING file."

Then, any OS distribution would be required to follow your wishes or not
include your software. If you want unit tests, they include them. If you want
all of it, or parts of it, they do it. If they don't want to or can't then
they don't adopt your project.

I'm currently just figuring out how to word the license that way so it'd still
work.

~~~
_delirium
Sounds like you want a license where you get to dictate exactly how any
downstream user reuses your software, down to the details of the packaging,
and prohibit modifications/forks/removals/etc.? But that's not really an open-
source license at all, then.

The whole point of open-source software is that I can take a thing, decide
that I only want 50% of it, rip out the other 50%, add on a bunch of new
stuff, totally change some of the remaining stuff, use it for a new purpose,
package it in a new way, undo a decision the maintainer made that I disagree
with, etc. If you don't like people having that freedom, open-source just
doesn't seem like the way to go. It sounds like you want a "freeware for
verbatim distribution" proprietary-but-no-cost license.

~~~
davidw
> dictate exactly how any downstream user reuses your software

I agree with your post. It's also worth pointing out that if someone abandons
open source licensing, one thing I'd put in my licenses - _way_ before we talk
about fiddling with the path layout and such - is that the software can't be
used by people I find reprehensible: neonazis, repressive governments, and so
on and so forth.

Of course, I prefer freedom to that kind of licensing, so I just live with the
knowledge that horrible people may use things I wrote.

~~~
avar
The people you harm by restricting neo-nazis from using your software aren't
neo-nazis, but everyone else who has to pay for lawyer time to review your
custom license before they can use it. Or what's more likely: aren't going to
use it at all once they see what sort of license you have.

~~~
davidw
Not to mention that actual neonazis will probably not give a great deal of
thought to violating said license, meaning you'd have to have a way to monitor
usage, and then go to court to stop them. All in all, a hassle that's not
worth it.

------
ars
This is a reply to <http://sheddingbikes.com/posts/1285659877.html> which was
discussed here <http://news.ycombinator.com/item?id=1734936>

------
cmsj
I guess this discussion is dead, with essentially no useful outcomes :(

