Nicolas Dandrimont

By now, we should have conquered the hearts, minds, and bandwidths of Debian contributors all over the world. Traditionally, this is the right spot to present some statistics, give us all a final group hug. See you next year!

Other people: Anisa Stefano Rivera Antonio Terceiro Jonathan Carter Gunnar Wolf Margarita Manterola Nattie Mayer-Hutchings Praveen Arimbrathodiyil Andrew Martin Adrian Cater

DebConf 2020 has been scheduled to take place in Israel. We need to have an open discussion about the political message that this project decision sends, and how it affects the people within our community who support the BDS (Boycott, Disinvestment, Sanctions) movement against the policies of the Israeli Government, all the while reiterating our support to the individual members of the local organizing team, who are our peers in Debian. A campaign has been brewing for a few weeks, calling on the DebConf Committee and the Debian Community to rescind the decision of holding the project's yearly conference in Israel. We hold this session to have an open, small scale conversation, hopefully with members from the DebConf 2020 team, members of the DebConf Committee, supporters of the boycott movement, and other stakeholders in the Debian community, to try to come up with ideas how to move forward.

This Panel Discussion features Debian contributors from around the world, including: * Bdale Garbee (USA) * David Prévot (Tahiti) * Jonathan Carter (South Africa) * Josué Ortega (Guatemala) * Hideki Yamane (Japan) * Nicolas Dandrimont (France) Moderated by: Hong Phuc Dang (Vietnam)

Other people: Josué Ortega Bdale Garbee David Prévot Jonathan Carter Hideki Yamane Hong Phuc Dang

Créée il y a bientôt 25 ans, la distribution Debian est devenue incontournable dans l'écosysteme de GNU/Linux et du logiciel libre en général. Lors de cette présentation, nous ferons une visite guidée de la distribution : sa philosophie, ses contributeurs, son fonctionnement et son écosystème (projets amont et distributions dérivées), pour placer en contexte l'importance continue et le rôle central de Debian dans l'univers du logiciel libre aujourd'hui.

[Software Heritage](https://www.softwareheritage.org/), the universal source code archive, was announced to the public in 2016. During DebConf in Cape Town, we opened [our own source code](https://forge.softwareheritage.org/) to the world. Since then, we have [opened up our API to the public](https://archive.softwareheritage.org/), and Inria, our umbrella institution, [signed an agreement on software preservation with UNESCO](http://en.unesco.org/news/agreement-software-preservation-signed-unesco). So far, we have archived more than 3 billion source files, spanning almost 800 million revisions across 60 million projects. Our primary focus was the archival of version control systems, as this is where the history of software is being preserved right now and will be in the future. We have now laid out most of the ground work, and our infrastructure is (mostly) humming along, so we're ready to go further and to take in contributions from the community ! We want to give a status update on the last few months of development, and to show the areas with which we would welcome help from the community: listing new data sources, archiving Linux distributions, ... The sky is the limit!

Other people: Stefano Zacchiroli

Let's all come together and enjoy treats brought by attendees from all around the world. Lactose, mold, grapes and ethanol, everything is optional. The only imperative is that the stuff you bring is edible/drinkable, can be shared, and that (at least some) people will enjoy it! Bonus points for intriguing artifacts from your corner of the world.

How do people trust a service that you run? They could blindly trust that you are both honest and competent, but they shouldn't have to and you might not want to be trusted [0]. This BoF is meant for people providing (or using?) services over the network, to third-parties, and want to do so as transparently as possible. - Step 0 is simply running free software: how could one trust the service without even knowing what it does? Yet, the software itself is not enough: whether it performs as intended (in the scope of the service) and securely depends on its configuration. - The next step should be to document the setup, and publish the documentation. Unfortunately, documentation will get out of sync with the configuration, as it is wont to do. - Then, it seems intuitive to publish the configuration (as in, the entire `/etc` directory), likely kept in version control. The solution I have used so far is simply keeping `/etc` versionned in `git`, using `etckeeper`, and automatically pushing the modifications to a public repository. This approach also brings some unexpected benefits: - It make it very easy to (re)build the same infrastructure, even if it involves several systems. This is a boon, both for automated testing and for users who decide they wish to self-host the same setup. - Users can actually contribute back configuration changes, as patches/pull requests. They are not passive consumers anymore. - It is extremely convenient to use this mechanism to manage the configuration of several servers running the same service (with the same config). Some challenges I have been facing: - How to handle secrets? (cryptographic keys, credentials, ...) - How to handle automatic upgrades? (In the multi-server case) - How to prove to the user that the configuration that is published is was is actually being run? [0] By some weird cultural quirk, “trusted” is usually seen as a positive adjective. Yet, “X is trusted” means “X can break your security if compromised”: the less trust there is in a system, the more resilient it is.

Other people: nicoo

20:30pm in the Super Cow Hack Lab, in the Fuller Hall Residence https://wiki.debconf.org/wiki/DebConf16/CheeseWineBoF

In the past few decades, software has become a critical part of every single bit of infrastructure running the world, from the tiniest devices we embed in our bodies to improve our health, to the biggest human creations. Software is the key to accessing all the digital information we're constantly creating, and therefore is an essential part of our cultural heritage. But software is just a bunch of bits. Unlike antique stone carvings, software gets lost, deleted, or corrupted. Software Heritage has set out to build the biggest archive of free software ever conceived. Our mission is to collect, preserve, organise and facilitate the sharing of all the available free software. We are laying down foundations on which a wealth of applications can be built, ranging from cultural heritage, to research and industry. We started working in May 2015, and (as of April 2016) we have archived 2.2 billion unique files, more than 480 million project revisions across more than 16 million data sources, among which Debian source packages from snapshot.debian.org, public GitHub repositories, and the GNU project's FTP archive. This presentation will cover in more detail the why and the how of Software Heritage, as well as opportunities for the community to help us fulfill our goals.

Fedmsg, the federated message bus, is a distributed system allowing bits of a project's infrastructure to publish events. This lightweight framework provides a central place to watch the life of a project, and allows anyone to listen in and trigger actions when an event is received.

Initially built by the Fedora Infrastructure team to uniformise communication between its services, the Fedmsg framework has now been adopted by Debian and even outside the realm of Linux distributions to broadcast events. All those deployments are using the same framework, and the same tools, fostering the ever-needed interoperability and collaboration between free software and open data projects.

In this talk, we will present how fedmsg works, how it was deployed in the Fedora and Debian infrastructures, and some of the technical choices that were made during those deployments. We will also present the applications being developed around the bus, as well as some ideas for future ones.

Other people: Pierre-Yves Chibon