In October I spent 10 hours on Debian LTS:

• Investigating the number of packages with invalid PEP-440 versions. These are problematic when using newer setuptools or pip on an older system.

• Updating the distro-info-data database. This was more complex than usual, because the update changed a number of historical dates, breaking the distro-info test-suite.

• Updating distro-info to account for the date changes above, and while we were at it:

  • Generate valid PEP-440 versions for the python module in stable updates.
  • Handle unknown extra columns in the CSV data, allowing us to more easily backport distro-info-data updates in the future.

In October I spent 3 hours on Debian ELTS, on the same distro-info-data and distro-info update tasks.

In April I spent 1 hour on Debian LTS, and 1.5 hours on Debian ELTS, for the same task:

• Updating the distro-info-data database.

My Freexian-sponsored Debian work is now reported on in the Freexian blog:

• January & February
• March

In January I spent 4.5 hours on Debian LTS, resulting in no uploads:

• Work on backporting security fixes to ceph, which I still haven't tested yet, so it hasn't been uploaded.

In January I spent 0 hours on Debian ELTS. I'm cutting my LTS & ELTS hours down to 0, for the next couple of months, as I'm sailing and have more limited time.

During the month, Freexian sponsored 8 hours of 37 I spent on Debian:

• debian.socal infrastructure administration:
  • Handling an outage on matrix.debian.social due to a full disk. This happens somewhat frequently, the database grows fast, we need to implement proper monitoring...
  • Upgraded pleroma on pleroma.debian.social. And then investigated constant performance issues.
  • Escalated a host machine outage to people who had the rights to file issues with the hosting company.
  • Some general cleanup.
  • Upgraded element on element.debian.social.
• debian.net VM creation: botfleet.debian.net, meetbot2.debian.net
• DebConf administration:
  • Helped some minidebconfs to set up websites.
  • Set up an email alias for the treasurer team.
  • Requested write access to debconf.org domains DNS for terceiro.
  • Reviewed and gave feedback on the proposed venue contract for DebConf 23.
• python-team package maintenance: beets, hatch-vcs, hatchling, python-pip, pystemmer, configobj.
• python-team sponsorship: bidict, foolscap, scikit-build, Reviewed twisted security patches for CVE-2022-39348.
• General package maintenance: re2 (which missed the transition window for bookworm), dh-python: 1 + 2, distro-info-data.
• Python 3.11 transition: adonthell, cadabra2 (investigation only), python-cryptography, python-rstr, gavodachs, pytorch (investigation only), setuptools-scm, python3-defaults: 1 + 2, foolscap.
• Implementing PEP-668: python3.11, python-pip, upstream-coordination,
• Bug Triage: reviewed some future design questions about distro-info-data, did a big cleanup of python3-defaults and python3.10 bugs.

A Freexian customer also sponsored some work on Debian packages:

• Python 3.11-transition related uploads: pyobjcryst: 1 + 2, cctbx.
• Unsticking autopkgtests: libobjcryst: 1 + 2, freesas, silx.

In December I spent 2.5 hours on Debian LTS, resulting in no uploads:

• Work on backporting security fixes to ceph, will be uploaded in January.

In December I spent 0 hours on Debian ELTS.

During the month, Freexian sponsored 7.5 hours of 36 I spent on Debian:

• General package maintenance:
  • New releases of pypy3: 7.3.10 and 7.3.11.
  • New releases of hatch-vcs: 0.2.1 and 0.3.0.
  • New release of hatchling: 1.11.1.
  • New release of platformdirs: 2.6.0.
  • New release of pystemmer: 2.2.0.
  • New release of python-authlib: 1.2.0.
  • New release of twine: 4.0.2.
  • New release of python-installer: 0.6.0.
  • New upstream snapshot of configobj: 5.0.6+git20201014.3e2f4cc-1.
  • New upstream release of python-pip: 22.3.1.
  • Land John David Anglin's patch to support hppa (again) in python-cffi.
• Python Team Package sponsorship during the Python Team sprint: python-amply, python-gssapi, python-parameterized, python-schema, python-pkginfo, python-statsd, python-peakutils, python-pyotp, python-exceptiongroup, ×2, python-ssdeep, python-setoptconf. Also reviewed: pygubu, python-freesasa, and python-phonenumbers.
• Python Team Package sponsorship: transmissionrpc, scalene, xdoctest. Also reviewed: kivey.
• Python Team administration, including catching up on a lot of membership requests.
• Python 3.11 support: python-cffi, ponyorm, pytango, boost1.74, i3pystatus, python-boltons, python-limits, python-omegaconf, python-pyramid, cypari2.
• Support Debian's Python package scheme in: pyobjcryst.
• Support setuptools 60 in cctbx.
• Work on dh-python: Supporting --remaining-packages, multiple libraries in a source package, and removing Python 2.7 / PyPy 2.7 support. Landing Antonio Terceiro's changes to add an automatic test runner, pybuild-autopkgtest, and some follow-up patches to it. Supporting data installation in PEP517 builds.

In November I spent 2.5 hours on Debian LTS, resulting in no uploads:

• Investigating erlang (which we eventually decided to backport)
• Investigating fwupd (which turned out to not have the affected code)

In November I spent 0 hours on Debian ELTS.

During the month, Freexian sponsored 16 hours of 80 hours I spent on Debian:

• General package maintenance: wheel, platformdirs, wheel.
• Supporting setuptools >= 60: I went down the rabbit-hole of applying a lot of patches to work-around bug #1025216 - a missing .pth file, before realizing that Debian was missing the .pth file that setuptools used to avoid the problem: python-feather-format, genshi, osc, ofxstatement-plugins, python-pyhcl, rapid-photo-downloader, python-easygui, python-ldap3, python-maxminddb (and migrated nose→pytest), django-js-reverse, python-openflow, pykafka (and migrated nose→pytest), kytos-utils, python-http-parser, python-pyeclib (and migrated nose→pytest), python-av, pylint-celery, python-mbed-host-tests, python-requirements-detector (and migrated nose→pytest), m2crypto (and fixed CVE-2020-25657), deluge, python-preshed, xrstools (investigated but not fixed), python-cbor, python-ssdeep (investigated but not fixed), ddupdate, yaramod, python-grpc-tools, python-mbed-ls, python-peachpy.
• Attending the debconf-video sprint at Jonathan's house. Migrated our YouTube uploader tool to use the loopback OAuth 2 flow. Migrated sreview to bootstrap4 and spent most of the weekend implementing a Vue.js-driven frontend. Including some followup.
• Starting the Python 3.11 transition in python3-defaults: python3-defaults, and some follow-up patches.
• Filing Python 3.11 transition bugs.
• Fixing Python 3.11 related build failures (FTBFS): virt-manager, python-whisper bug #2, temporarily build numpy without inskscape, 2 matplotlib uploads, python-snappy, python-http-parser, sponsored jpy, blist, pybluez, pylibmc, python-coverage, opengv, python-clickhouse-driver, python-libtrace, python3-typed-ast, pythonmagick (investigated but not building yet), python-pyscss (migrated to PCRE2 too), beancount, pycxx, pyliblo, python-cassandra-driver, cython to fix a problem showing up in python-cassandra-driver, python-clevercsv, python-jpype, python-line-profiler (investigated but not building yet), python-cffi (investigated and forwarded, but not fixed yet), objgraph.
• Debugged a regression in sbuild on LXD.
• Uploaded a new PyPy RC to experimental, and reorganized the packaging of headers a bit.
• Work on dh-python: Applied a patch to fix flit buildswith multiple supported python versions. Deprecated the flit plugin in favour of pyproject. Clean up more license files from dist-info directories. Write to debhelper.log files, in overrides, to support --remaining-packages. Rebased the pybuild-autopkgtest branch to prepare to land it. Tested it on several of my packages.
• Attended debconf-team meetings.
• Raising our request for unittest to exit non-zero when there are no tests upstream.

In October I spent 5.5 hours on Debian LTS:

• Issuing a security updates for CVE-2022-37454, a buffer overflow in the reference SHA-3 implementation, XKCP in: pysha3 and python3.7.
• Updating distro-info-data in Debian LTS, to include Ubuntu 23.04, and make other corrections.

In October I spent 2 hours on Debian ELTS:

• Updating distro-info-data in Debian ELTS, which hadn't been updated in a long time.

During the month Freexian sponsored 20 hours of Debian time, which I spent on:

• Winding up DebConf 22 Accounting.
• Helping the DebConf 23 team to get set up their budget.
• Maintenance of dh-python: fixing a bug I introduced in handling dh_python3 -X, handling a wider range of PEP-440 version constraints in environment markers.
• Python Team package maintenance: unidecode, beets, python-discogs-client, git-filter-repo, hatchling, python-distro, lazr.restfulclient, python-launchpadlib.
• Debian Python team sponsorship: pmbootstrap
• Supporting the nodoc and nocheck build profiles in my key packages, to help the release team to reduce the size of the key package set: beautifulsoup4, configobj, dh-python, distro-info, distro-info-data, hatch-vcs, platformidrs, python-cachecontrol, python-cffi, python-flexmock, python-installer, python-launchpadlib, python-mitogen, python-pip, python-virtualenv, python-wadllib, python-webencodings, snowball, wheel.
• Supporting Python 3.11 in key packages where we had noticed problems: python-cffi, python-py, toolz, python-greenlet.
• Updating distro-info-data for the release of Ubuntu 22.10. Including an update for the next Debian stable point release.
• Dealing with CVE-2022-37454 in unstable, by patching pypy3. Patched python-opentimestamps to migrate off pysha3, so it could be removed from the archive, as it's no longer maintained upstream.
• Dealing with CVE-2022-37454 in stable, by patching pypy3 and pysha3.

In September I spent 12.5 hours on Debian LTS.

This was spent on on an update to netatalk that I've been working on, but ran into some trouble and haven't completed it.

Also made some improvements to LTS documentation.

During the month Freexian sponsored 27.5 hours of Debian time, which I spent on:

• Fixing some Python Team FTBFSs: twisted, flit, mypy x2.
• Python Team package maintenance: python-pathspec, hatchling, python-cache-control, hatchling, python-authlib.
• Some Python Team upload sponsorship. Uploading: webtest, pyhamcrest, python-absl, python-ppft, python-statmake, python-vttlib.
• Other sponsorship: fonts-creep2.
• Winding up DebConf 22 Accounting.
• Preparing the DebConf 23 Accounting.
• Some work on archiving old Debconf Summit sites to static HTML (incomplete).
• Archiving the DebConf 21 Website as static HTML.
• Some work on supporting setuptools > 60 in Python packages: xonsh, setuptools itself, cppimport, yoyo.
• Adding ansible 6 support in ansible-mitogen, and then fixing some fallout.
• Maintenance of debian.social infrastructure.
• Reducing the dependencies of virtualenv in Debian, which required a few follow-ups as it exposed new bugs. And updating poetry-core.
• Updating dh-python, fixing a crash, and migrating to nose2.

In August 2022 I spent 9 hours on Debian LTS.

This was largely spent investigating CVE-2022-29154 for rsync, backporting it, and then realising that it depended on the change in argument parsing behaviour in 3.2.4, so it couldn't be backported without affecting users.

I also completed the kicad upload for LTS, as previously prepared for bullseye-security.

And started on an update to netatalk.

During the month, Freexian sponsored 14 hours of Debian time which I spent on dh-python, leading to uploading dh-python 5.20220819. This was mostly bunch of minor bug-fixes, with the addition of some tests. The bug change was refactoring argument parsing (migrating to argparse) to allow -O=-foo style options to be parsed.

I was travelling in June and very inactive.

In June, I spent 8.5 hours working on LTS security updates for systemd. As well as backporting patches, I spent a lot of time getting the right environment to test them in, and getting the autopkgtests to pass (blacklisting the ones that won't). Then I got busy and wasn't able to complete the upload before someone else grabbed it.

I've pushed the autopkgtest blacklisting to the lts-team branch.

During the month I spent 6.5 hours of Freexian-sponsored Debian time working on preparations for DebConf 22, and reconciling accounts from previous DebConfs.

April was my first month contributing Freexian sponsored work to Debian LTS. I started with ELTS in May. As April was my first month, and I didn't have any hours allocated, covering both months in one report.

In April, I spent 5 hours doing LTS security updates for:

• twisted, backporting a fix for CVE-2022-24801 to stretch (finished in May)

In May, I spent 14 hours doing LTS security updates for:

• completing the twisted update from April.
• kicad, backporting a fix for CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947 to stretch.
• waitress, backporting a fix for CVE-2019-16785, CVE-2019-16786, CVE-2019-16789, CVE-2019-16792, CVE-2022-24761 to stretch.
• lrzip, backporting a fix for CVE-2022-28044 to stretch.
• openssl, backporting a fix for CVE-2022-1292 to stretch.

In May I spent 4 hours doing ELTS security updates for:

• openssl, backporting a fix for CVE-2022-1292 to jessie.
• openjpeg2, backporting a fix for CVE-2022-1122 to jessie.
• intel-microcode, looking at backporting a newer version. Not uploaded due to more updates on the way.

In April, I spent 4 hours of Freexian-sponsored Debian time on:

• The DebConf 22 website.
• Preparations for DebConf 22.
• Applying related security updates (from LTS work) to Debian stable.

In May, I spent 12 hours of Freexian-sponsored Debian time on:

• The DebConf 22 website.
• Preparations for DebConf 22.
• Applying related security updates (from LTS work) to Debian stable.
• Fixing the flit support in dh-python.