This is the most nuts Debian Security Advisory I've ever seen

is debian your preferred distro

I’m a Debian developer lol

thanks google

From: MasterOfMagic at 2021-01-03 01:38:09
I’m a Debian developer lol

oh that’s cool. what’s it like?

From: Dylar at 2021-01-03 23:07:05

From: MasterOfMagic at 2021-01-03 01:38:09
I’m a Debian developer lol

oh that’s cool. what’s it like?

It’s incredibly boring. I work with on team that maintains a set of packages. I can upload to the archives but do not do so except in rare circumstances.

I mainly help with debugging on non-standard configurations.

it’s something you do like in your spare time? or is it a paid gig?

100% spare time right now. Had some small contributions in college (wasn’t a full Debian Developer yet). It’s been useful on a resume before.

so the packages you maintain were something you initially had an interest in, made some contributions, and then just grew from there?

feel free to ignore if you’re tired of talking about it i just find this interesting lol

one of my packages is in debian but i have no idea why
thansk debian

From: Dylar at 2021-01-04 23:28:57
so the packages you maintain were something you initially had an interest in, made some contributions, and then just grew from there?

Yeah. I had some uncommon, buggy hardware that the package group supported and I helped debugging and testing fixes to it.

From: Tiko at 2021-01-05 01:10:20
one of my packages is in debian but i have no idea why
thansk debian

Things are added to Debian when they meet the DFSG and are useful to whoever packages and maintains them, so at least one Debian developer thought it was cool. You can probably search “Debian ITP package-name” so see the mailing list discussion around it.

oh neat
i guess loadimpact/k6 depends on it so it got added
kewl

Never change, Chromium

who even pays developers to work on Debian

From: grep at 2021-04-07 17:43:55
who even pays developers to work on Debian

Depends. I am not paid now. I was a consultant at a previous position and part of what I did was help them integrate with the parts I work on - they got my expertise for the things on their side and Debian got good bug reports and fixes on their side.

There was a previous Debian Project Leader that put together funding to pay the release engineers to help accelerate a release and that caused a Debian Developer revolt, so the history of it is not great….

Wait they revolted against getting paid

Only a few developers got paid - many of the rest were angry about that.

LWN covered it at the time: https://lwn.net/Articles/201488/

thanks google

I assume that’s why they make it auto-upgrade, and I’m sympathetic because they have to deal with malicious, attacker controlled network input, but so does Firefox and it seems to have fewer CVEs across the same amount of time.