Debian communities after the OpenSSL error

8/14/2019 Debian communities after the OpenSSL error

1/111

Debian after the OpenSSL error

Debian after the OpenSSL errorThe OpenSSL error effects on Debians community

dynamics

Jorge Lopez [email protected]

Master on Libre Software

Dynamics of Libre Software Communities, January 23, 2010
http://creativecommons.org/licenses/by-nc-sa/3.0/


2/111


Outline

1 Introduction

2 Individual Resultskernel

kernel-secpkg-opensslpkg-perlpython-modulesdebian-edu

3 Global Results

4 Possible Improvements On This Study


3/111


Introduction

Objective

The objective of this study was to find out if Debians OpenSSLerror on 2008 resulted in some variation on its community dailywork.

The OpenSSL Error

On May 13th 2008 programmer Luciano Bello discovered

that Debians OpenSSL package had a predictable randomnumber generator, thus an important security weakness. Debian

fixed it very fastly, but as the error was caused by Kurt Roeckx,a Debian programmer, their policy of changing external code

started to be questioned by some people.

More info: Barrapunto

f O SS
http://barrapunto.com/articles/08/05/13/1442221.shtmlhttp://barrapunto.com/articles/08/05/13/1442221.shtml


4/111


Introduction

Working Mechanics

Debian has lots of repos, so its important to think on some kind ofworking mechanics. This is the one which was used for this report:

1 Filtering Debian repos for obtaining the most interesting ones.

2 Most interesting or important repos detailed analysis.

3 Results extraction from the individual repos.

4 Global results extraction from the repos results.

The analysis wont be made over all Debian history, because that isnot our objective. We will cover 2007, 2008 and 2009, and see ifthere was some change on the dynamics slightly after the OpenSSLerror fixing.

D bi f h O SSL


5/111


Introduction

Working Mechanics







D bi ft th O SSL


6/111


Introduction

Working Mechanics









7/111


Introduction

Working Mechanics









8/111


Introduction

Working Mechanics Detailed

Now Ill explay how each step was accomplished:

1 Filtering Debian repos for obtaining the most interesting ones:a R script was created for filtering Debian repos. With therepos names it used CVSAnaly for obtaining their data, andafter that it made some simple queries for obtaining the

number of commits and committers. If they werent biggerthan a barrier, then the DB was dropped. In other case, moredetailed analysis were made.

2 Most interesting repos detailed analysis: most of this wasintegrated with the previous step.

3 Results extraction from the individual repos: had to check thevarious graphs obtained, and in some cases needed specificqueries for confirming my hypothesis.

4 Global results extraction from the repos results: simply

extracted the global trend of the repositories from theindividual results.



9/111


Introduction







4 Global results extraction from the repos results: simply

extracted the global trend of the repositories from theindividual results.



10/111


Introduction







4 Global results extraction from the repos results: simplyextracted the global trend of the repositories from theindividual results.



11/111

p

Introduction







4 Global results extraction from the repos results: simplyextracted the global trend of the repositories from theindividual results.



12/111

p

Introduction

Selected Repositories

When the R script had finished, I selected the following repositoriesamong all the ones wich were at least minimally interesting:

kernel

kernel-secpkg-openssl

pkg-perl

python-modules

debian-edu

All packages can be downloaded or simply browsed at Debiansrepositories page.

http://svn.debian.org/wsvn/kernelhttp://svn.debian.org/wsvn/kernel-sechttp://svn.debian.org/wsvn/pkg-opensslhttp://svn.debian.org/wsvn/pkg-perlhttp://svn.debian.org/wsvn/python-moduleshttp://svn.debian.org/wsvn/debian-eduhttp://svn.debian.org/http://svn.debian.org/http://svn.debian.org/http://svn.debian.org/http://svn.debian.org/wsvn/debian-eduhttp://svn.debian.org/wsvn/python-moduleshttp://svn.debian.org/wsvn/pkg-perlhttp://svn.debian.org/wsvn/pkg-opensslhttp://svn.debian.org/wsvn/kernel-sechttp://svn.debian.org/wsvn/kernel


13/111

Introduction

Analysis Limitations

I wasnt able to use all of Libresoft tools due to some Debians

features, or lack of them.Debian has a policy of not creating mboxes out of their mailinglists, so mlstats cant be used for obtaining data about them(but Debian provides some graphs about these mailing lists).

Debian uses its own bug tracking system, and Bicho isnt ableto parse it.



14/111

Individual Results

kernel

Outline

1 Introduction



3 Global Results




15/111

Individual Results

kernel

General Description

This repository stores many types of files related to Linuxskernel as its distributed with Debian.

Some Simple Data About It

Total # committers: 42

Total # commits: 14840

Avg. commits/month: 145,49

Total # actions: 51543

Total # files: 19860

2007 commits: 1949

2008 commits: 2526

2009 commits: 2298

Gini coefficient (2007-2009):0,234639 (23% work done by20% developers)

Data collected on January 4

th

2010



16/111

Individual Results

kernel

Analysis GraphsCommits Over Time

Commits by date

Time

#Commits

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

100

150

200

250

300

350

100

150

200

250

300

350


I di id l R l


17/111

Individual Results

kernel

Analysis Graphs (cont.)Commits Time Analysis

# Commits Time analysis

100

200

300

data

50

0

50

seasonal

100

150

200

trend

100

0

50

100

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


I di id l R lt


18/111

Individual Results

kernel

Analysis Graphs (cont.)Actions Over Time

Actions by date

Time

#

Actions

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

500

1000

1500

2000

500

1000

1500

2000


Individual Results


19/111

Individual Results

kernel

Analysis Graphs (cont.)Actions Time Analysis

# Actions Time analysis

500

1000

2000

data

200

200

600

season

al

400

600

800

trend

500

0

500

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time

Debian after the OpenSSL errorIndividual Results


20/111

Individual Results

kernel

Analysis Graphs (cont.)Managed Files Over Time

Managed files by date

Time

#ManagedFiles

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

200

400

600

800

1000

1200

1400All files

Nondeleted files

200

400

600

800

1000

1200

1400



21/111

Individual Results

kernel

Analysis Graphs (cont.)New Committers Over Time

New Committers

Time

#New

Committers

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0.0

0.5

1.0

1.5

2.0

0.0

0.5

1.0

1.5

2.0



22/111

Individual Results

kernel

Analysis Graphs (cont.)Active Committers Over Time

Active committers by date

Time

#ActiveCommitters

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

5

6

7

8

9

10

11

12

5

6

7

8

9

10

11

12


23/111



24/111

kernel

Analysis Graphs (cont.)Core Committers (On Each Period) Time Analysis

# Commits By Core Committers Time analysis

50

100

150

200

250

data

60

20

2

0

60

season

al

60

80

100

140

trend

50

0

50

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time



25/111

kernel

Analysis Graphs (cont.)Period Top Committers Time Analysis

# Commits By Top 5 Committers On 20072009 Time analysis

50

150

250

35

0

data

50

0

50

season

al

50

100

150

200

trend

100

50

0

50

100

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time



26/111

kernel

Analysis Graphs (cont.)Period Non Top Committers Time Analysis

# Commits By Non Top Committers On 20072009 Time analysis

0

20

40

60

80

100

data

5

0

5

10

15

season

al

10

20

30

40

50

60

trend

30

10

10

30

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time



27/111

kernel

Analysis Results

It had an important drop on working on 2008.

It started to grow again on 2009s early months, and it reached itspeak on March 2009.

On 2009s final months it had again an important grow, specially on

commits by non-core committers.

Conclusions

The repository showed a normal behavior, because it had a drop onits activity during 2008 with no special changes close to May, and

after that on September 2009 Debian released its latest version, sothe activity grew again to an important level, specially on committersthat didnt work on past months, who returned to their work withthe release of lenny, probably because a new release needs lots ofwork at the beginning.



28/111

kernel-sec

Outline

1 Introduction



3 Global Results




29/111

kernel-sec

General Description

This repository stores the CVE files related to bugs orrequests about Linuxs kernel as its distributed with Debian.






Total # files: 805

2007 commits: 407

2008 commits: 206

2009 commits: 381

Gini coefficient (2007-2009): 0.3254886 (33% work done by 20%developers)

Data collected on January 4

th

2010


k l


30/111

kernel-sec


Commits by date

Time

#Commits

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

10

20

30

40

50

60

10

20

30

40

50

60


k l


31/111

kernel-sec



10

20

30

40

50

60

data

15

5

0

5

10

15

seasonal

15

25

35

45

trend

15

5

5

15

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


kernel sec


32/111

kernel-sec


Actions by date

Time

#

Actions

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

50

100

150

0

50

100

150


kernel sec


33/111

kernel-sec



0

50

100

150

data

40

20

0

20

40

seasonal

60

70

80

90

110

trend

60

20

20

60

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


kernel-sec


34/111

kernel sec



Time

#ManagedFiles

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

20

40

60

80

100

120

All files

Nondeleted files

0

20

40

60

80

100

120


kernel-sec


35/111

kernel sec


New Committers

Time

#New

Committers

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0.0

0.5

1.0

1.5

2.0

0.0

0.5

1.0

1.5

2.0


kernel-sec


36/111



Time

#ActiveCommitters

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

1

2

3

4

5

6

1

2

3

4

5

6


kernel-sec


37/111

Analysis Graphs (cont.)Active Committers Time Analysis

# Active Committers Time analysis

1

2

3

4

5

6

data

0.6

0.2

0.

2

0.6

seaso

nal

2.0

2.5

3.0

3.5

trend

1

0

1

2

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


kernel-sec


38/111



5

10

20

30

data

8

4

0

2

4

6

seaso

nal

12

16

20

24

trend

5

0

5

10

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


kernel-sec


39/111



10

20

30

40

50

60

data

10

0

5

10

15

seaso

nal

15

25

35

45

trend

20

10

0

10

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


kernel-sec


40/111



0

2

4

6

8

101

2

data

1

0

1

2

3

4

seaso

nal

0.5

1.0

1.5

2.0

trend

4

2

0

2

4

6

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


kernel-sec


41/111

Analysis Results

It had an important drop on working on 2007 and 2008.

It had a small growth 2009s early and middle months.

On October 2009 there was an immense growth.

Conclusions

Like the previous one, this repository showed a normal behavior, butthis time its biggest increase was immediately after Debians releaseon September (a new release = lots of bugs and requests), and theactivity was mainly done by core committers simply because thereare so few committers that in every period there arent many apartfrom the top ones.


pkg-openssl


42/111

Outline

1 Introduction



3 Global Results



pkg-openssl


43/111

General Description

This is the OpenSSL repository, thus directly affected by theerror.


Total # committers: 5Total # commits: 439



Total # files: 6592007 commits: 77

2008 commits: 72

2009 commits: 94


Data collected on January 4th 2010


pkg-openssl

A l i G h


44/111


Commits by date

Time

#Commits

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

5

10

15

20

25

30

35

0

5

10

15

20

25

30

35


Individual Results

pkg-openssl

A l i G h ( )


45/111



0

5

15

25

3

5

data

5

0

5

10

seaso

nal

3

4

5

6

7

8

9

trend

15

5

0

5

10

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


Individual Results

pkg-openssl

A l i G h ( )


46/111


Actions by date

Time

#

Actions

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

50

100

150

200

0

50

100

150

200


Individual Results

pkg-openssl

A l i G h ( t )


47/111



0

50

100

150

2

00

data

20

0

20

40

60

80

seaso

nal

20

25

30

trend

50

0

50

100

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


Individual Results

pkg-openssl

Anal sis G a hs (cont )


48/111



Time

#ManagedFiles

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

50

100

150 All files

Nondeleted files

0

50

100

150


Individual Results

pkg-openssl

Analysis Graphs (cont )


49/111

Analysis Graphs (cont.)Managed Documentation Files Over Time

Managed documentation files by date

Time

#ManagedDocumentation

Files

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

2

4

6

8

0

2

4

6

8


Individual Results

pkg-openssl



50/111


New Committers

Time

#New

Committers

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0.0

0.2

0.4

0.6

0.8

1.0

0.0

0.2

0.4

0.6

0.8

1.0


Individual Results

pkg-openssl



51/111



Time

#ActiveCommitters

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0.0

0.5

1.0

1.5

2.0

2.5

3.0

0.0

0.5

1.0

1.5

2.0

2.5

3.0


52/111


Individual Results

pkg-openssl



53/111



0

5

10

20

30

data

5

0

5

10

seasonal

3

4

5

6

7

8

trend

10

0

5

10

15

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


Individual Results

pkg-openssl

Analysis Graphs (cont.)


54/111



0

5

15

25

35

data

5

0

5

10

seasonal

3

4

5

6

7

8

9

trend

15

5

0

5

10

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


Individual Results

pkg-openssl



55/111

Analysis Graphs (cont.)Top Committers Commits On 2007

1 2 3 4 5 6 7 8 9 10 11 12

Committer #1 kroeckxCommitter #2 chrismCommitter #3 keescookguestCommitter #4 keesCommitter #5 jamieguest

Committs By Top 5 Committers Evolution

Month

#Commits

0

5

10

15

20

0

5

10

15

20


Individual Results

pkg-openssl



56/111

y p ( )Top Committers Commits On 2008

1 2 3 4 5 6 7 8 9 10 11 12



Month

#Commits

0

2

4

6

8

0

2

4

6

8


Individual Results

pkg-openssl



57/111

y p ( )Top Committers Commits On 2009

1 2 3 4 5 6 7 8 9 10 11 12



Month

#Commits

0

5

10

15

20

25

30

0

5

10

15

20

25

30


Individual Results

pkg-openssl

Analysis Results


58/111

y

It really has an only committer, Kurt Roeckx.

Kurt Roeckx didnt commit any work between November 2008 andApril 2009, but didnt find out any specific causes (maybe it wasntrelated to his work).

On May 2008 two new members started to commit code, the monthwhen the error was discovered.


Individual Results

pkg-openssl

Analysis Results (cont.)


59/111

y ( )

Conclusions

This repository is a bit special, because it has an only true committer, Kurt

Roeckx. The other ones dont commit OpenSSL code, they are in charge of

what they call openssl-blacklist, a package that identifies the weak certificate

chains that were affected by the error. Obviously, it was created on May 2008

and had most of its work on that month and the immediately next ones. It hadonly a little work on 2009. Kurt Roeckx made a stop on his work on November

2008, and he returned on May 2009. It seems that he was encouraged to be in

charge of more repositories, and even to become the new Debian Secretary, so

he probably was in charge of too much work. When he returned, he continued

the work from the point he left it at, the same version of OpenSSL. He made alot of work on these months, probably because OpenSSL released a bunch of new

versions that he didnt uploaded yet, so he had a real delay. This repositorys

behavior was clearly affected by its own error, but some months later it returned

to its normal state (unless that 6 months break had some relation with it).


Individual Results

pkg-perl

Outline
http://qa.debian.org/[email protected]://qa.debian.org/[email protected]://www.h-online.com/open/news/item/Kurt-Roeckx-is-the-new-Debian-Secretary-740219.htmlhttp://www.h-online.com/open/news/item/Kurt-Roeckx-is-the-new-Debian-Secretary-740219.htmlhttp://qa.debian.org/[email protected]://qa.debian.org/[email protected]


60/111

1 Introduction

2 Individual Resultskernelkernel-secpkg-opensslpkg-perlpython-modulesdebian-edu

3 Global Results



Individual Results

pkg-perl

General Description


61/111

This repository stores libraries and small programs related to

Perl.


Total # committers: 134Total # commits: 50781



Total # files: 1963332007 commits: 7174

2008 commits: 17080

2009 commits: 20581




Individual Results

pkg-perl

Analysis GraphsC i O Ti


62/111

Commits Over Time

Commits by date

Time

#Commits

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

500

1000

1500

2000

2500

0

500

1000

1500

2000

2500


Individual Results

pkg-perl

Analysis Graphs (cont.)C i Ti A l i


63/111

Commits Time Analysis# Commits Time analysis

0

500

1500

2500

data

400

200

0

200

seas

onal

0

500

1500

trend

600

200

200

600

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


Individual Results

pkg-perl

Analysis Graphs (cont.)A ti O Ti


64/111

Actions Over Time

Actions by date

Time

#

Actions

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

5000

10000

15000

20000

25000

0

5000

10000

15000

20000

25000


Individual Results

pkg-perl

Analysis Graphs (cont.)A ti Ti A l i


65/111

Actions Time Analysis# Actions Time analysis

0

5000

15000

25000

data

2000

0

2

000

6000

seas

onal

5000

10000

15000

trend

5000

0

5000

10000

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


Individual Results

pkg-perl



66/111

Managed Files Over Time


Time

#ManagedFiles

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

5000

10000

15000

20000

All files

Nondeleted files

0

5000

10000

15000

20000


Individual Results

pkg-perl



67/111

New Committers Over Time

New Committers

Time

#New

Committers

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

1

2

3

4

5

6

7

0

1

2

3

4

5

6

7


Individual Results

pkg-perl



68/111

Active Committers Over Time


Time

#ActiveCommitters

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

5

10

15

20

25

30

5

10

15

20

25

30


Individual Results

pkg-perl



69/111

Active Committers Time Analysis# Active Committers Time analysis

5

10

15

20

25

30

data

2

0

1

2

3

4

seasonal

5

10

15

20

25

trend

6

4

2

0

2

4

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


Individual Results

pkg-perl



70/111

Core Committers (On Each Period) Time Analysis# Commits By Core Committers Time analysis

0

500

1000

2000

data

400

200

0

100

seasonal

0

500

1000

1500

trend

400

0

200

600

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


71/111


Individual Results

pkg-perl



72/111

p y# Commits By Non Top Committers On 20072009 Time analysis

200

600

1000

data

200

0

100

200

seasonal

0

200

400

600

trend

200

0

200

400

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


Individual Results

pkg-perl

Analysis Results


73/111

It has an amazing continuous flow of new committers.

Along with this flow of commiters, its number of commits andactions is always growing.

There is a small drop on its growing speed on 2008s summer, butits not so important and it soon grows again at an incredible pace.


Individual Resultspkg-perl



74/111

Conclusions

This repository has a continuous growth, on both commits and com-mitters, which doesnt seem to have been affected in any way by theOpenSSL error. We can also see that there was no massive work near

the September 2009 release, so it seems they didnt have any delaywith that huge number of committers (or they didnt care about therelease) and there were no critical bugs submitted immediately afterthe release (on the mailing lista we can see that the number of bugssubmitted on October and November is no much bigger than on any

other month).

ahttp://lists.debian.org/debian-perl/


Individual Resultspython-modules

Outline
http://lists.debian.org/debian-perl/http://lists.debian.org/debian-perl/


75/111

1 Introduction

2 Individual Resultskernelkernel-sec

pkg-opensslpkg-perlpython-modulesdebian-edu

3 Global Results



76/111





77/111

Commits by date

Time

#Commits

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

100

150

200

250

300

350

400

100

150

200

250

300

350

400





78/111


100

200

300

400

data

40

0

20

40

sea

sonal

150

200

250

300

350

trend

100

50

0

50

100

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time





79/111

Actions by date

Time

#

Actions

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

500

1000

1500

500

1000

1500





80/111


500

1000

1500

data

200

0

100

300

sea

sonal

650

700

750

800

trend

400

0

200

600

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time





81/111


Time

#ManagedFiles

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

200

400

600

800

1000

1200

All files

Nondeleted files

200

400

600

800

1000

1200





82/111

New Committers

Time

#New

Committers

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

2

4

6

8

0

2

4

6

8





83/111


Time

#ActiveCommitters

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

10

15

20

25

30

35

10

15

20

25

30

35






84/111


10

15

20

25

3

0

35

data

3

1

0

1

2

3

seasonal

15

20

25

30

trend

4

2

0

2

4

6

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time






85/111


50

100

200

300

data

30

1

0

10

30

seasonal

100

150

200

trend

50

0

50

100

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time






86/111

# Commits By Top 5 Committers On 2007 2009 Time analysis

0

50

100

150

200

data

20

0

10

20

seasonal

0

20

40

60

80

trend

40

0

20

60

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time






87/111

y p y

50

100

200

300

data

20

0

20

40

seasonal

150

200

250

trend

50

0

50

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time



Analysis Results

Thi i h i fl f i


88/111

This repository has again a great flow of new committers.

Along with this flow of commiters, its number of commits andactions is always growing.

There is again an unimportant drop on its growing speed on 2008ssummer.

ConclusionsAgain this repository is continuously growing, being unaffected bythe OpenSSL error. On 2009 latest months many people becamenew committers (and active ones), so the work done by non-corecommitters grew even more. This time there was an importantwork right after the release, probably due to new bugs or requests(the mailing list shows many bugs on October 2009a)

ahttp://lists.alioth.debian.org/pipermail/python-apps-team/

2009-October/thread.html
http://lists.alioth.debian.org/pipermail/python-apps-team/2009-October/thread.htmlhttp://lists.alioth.debian.org/pipermail/python-apps-team/2009-October/thread.htmlhttp://lists.alioth.debian.org/pipermail/python-apps-team/2009-October/thread.htmlhttp://lists.alioth.debian.org/pipermail/python-apps-team/2009-October/thread.html


89/111


Individual Resultsdebian-edu

General Description

This repository stores a Debian project to make the best


90/111

This repository stores a Debian project to make the best

distribution for educational purposes.






Total # files: 11417

2007 commits: 10114

2008 commits: 16335

2009 commits: 4272






Commits by date


91/111

Commits by date

Time

#Commits

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

1000

2000

3000

4000

5000

6000

0

1000

2000

3000

4000

5000

6000






92/111

0

2000

4000

6000

data

500

0

500

1000

se

asonal

0

500

1000

1500

trend

1000

1000

300

0

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time




Actions by date


93/111

Actions by date

Time

#

Actions

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0

1000

2000

3000

4000

5000

6000

7000

0

1000

2000

3000

4000

5000

6000

7000






94/111

0

2000

4000

6000

data

500

0

500

1500

se

asonal

500

1000

1500

2000

trend

2000

0

2000

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time






95/111


Time

#ManagedFiles

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

100

200

300

400

500

600

All files

Nondeleted files

100

200

300

400

500

600




New Committers


96/111

New Committers

Time

#New

Committers

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

0.0

0.5

1.0

1.5

2.0

2.5

3.0

0.0

0.5

1.0

1.5

2.0

2.5

3.0






97/111

y

Time

#ActiveCommitte

rs

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

4

6

8

10

12

14

4

6

8

10

12

14






98/111

4

6

8

10

12

14

data

3

2

1

0

1

2

se

asonal

7.5

8.5

9.5

10.5

trend

3

1

0

1

2

3

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


99/111


Individual Results

debian-edu



000


100/111

0

2000

4000

60

data

500

0

500

1000

se

asonal

0

500

1000

1500

trend

1000

1000

3000

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


Individual Results

debian-edu




101/111

0

20

40

60

80

data

15

5

0

5

10

se

asonal

15

25

35

45

trend

20

0

10

20

30

2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0

remainder

time


Individual Results

debian-edu

Analysis Results


102/111

This is a community with small growth, a little more near itsreleases1.

Its activity volume is quite important, with peaks near the releases(the peak on August 2008 is a bit false, so it will be discussed later).

1More info: http://wiki.debian.org/DebianEdu


Individual Results

debian-edu


Conclusions
http://wiki.debian.org/DebianEduhttp://wiki.debian.org/DebianEdu


103/111

Conclusions

This repository is a very consistent one, with lots of work by its corecommitters, a slight growth of the number of committers, irregularwork by the non-core committers and peaks near the releases. Thereis an important detail about that peak on August 2009: almost all

the commits were made by a bot (numbers are on the next page).The developers had many troubles with the installation system ofthe upcoming release, so they decided to update logs and files witha list of installed files after each builda. It becomes obvious whenwe look at the number of managed files and we compare it with the

number of actions or commits. Anyway, we can conclude that thisrepository was unaffected by the OpenSSL error.

ahttp://lists.debian.org/debian-edu/2008/08/msg00000.html


Individual Results

debian-edu

Analysis Results (cont.)Additional Data
http://lists.debian.org/debian-edu/2008/08/msg00000.htmlhttp://lists.debian.org/debian-edu/2008/08/msg00000.html


104/111

Commits by committer on August 2008:

Committer # Commitsde-build-guest 6831

pere 95

karbon-guest 1


Individual Results

debian-edu


Managed Files


105/111

overview.log

missingpkglist-etch-

test.txt

wantedpkglist-etch-

test.txt

pkgdeblist-etch-

test.txt

filelist-etch-test.txt

cdspacelist-etch-

test.txt

sort-by-popcon-etch-

test.txt

cd-build-etch-

test.log

cdspacelist-lenny-

test.txt

filelist-lenny-test.txt

missingpkglist-lenny-

test.txt

pkgdeblist-lenny-

test.txt

sort-by-popcon-

lenny-test.txt

wantedpkglist-lenny-

test.txt

filelist-lenny-test-

dvd.txt

sort-by-popcon-

lenny-test-dvd.txt

wantedpkglist-lenny-test-dvd.txt

cdspacelist-lenny-

test-dvd.txt

missingpkglist-lenny-test-dvd.txt

pkgdeblist-lenny-

test-dvd.txt


Global Results

Outline


106/111

1 Introduction



3 Global Results



Global Results

Major Points


107/111

All repositories have the usual drops on working on summer everyyear.

Gini coefficient isnt specially accurate on most repositories becausethey have a very small number of committers.

Repositories with a wider range of files and applications have muchmore committers (pkg-perl, python-modules, debian-edu).

Bugs and requests documentation repositories have lots of workimmediately after the releases, whilst code ones have it before thereleases.

A new major release usually needs more work, so the number ofcommits by non-core committers grows quite a lot.


Global Results

Global Conclusions


108/111

Conclusions

We have seen that only the OpenSSL repository had a special be-havior due to the OpenSSL error. All other repositories continued

with their previous trends, usually lots of work near the releases andslight drops on summer.

With all this data we can conclude that the OpenSSL error didntchange the Debian global community dynamics.


Possible Improvements On This Study

Outline

1


109/111

1

Introduction



3 Global Results




Other Possible Studies On This Repositories


110/111

Check the number of commented lines on the OpenSSLrepository, to see if after the error Kurt decided to add morecomments explaining his changes, or if, on the opposite, hedecided to make less changes on the original code. It could

also be checked on other repositories managed by him.Check if some users decided to leave Debian and develop forother distros (this would be achieved by tracking their usernames or mails, what doesnt seem easy).

Check if the new committers focused on adding more

developers documentation for detecting and preventing thosekind of errors.



Possible Studies Out From This Repositories


111/111

Check the number of bugs discovered after the OpenSSL errordiscovery.

Check the mailing lists global activity to see if there was some

kind of special behavior near the error discovery, or evenchecking if the people talked about it, and in that case whatthey thought about it.

Obtain Kurt Roeckxs activity on all of his repos from thosemonths when he didnt work on OpenSSL, to see if that was

its real cause.

Debian communities after the OpenSSL error

Documents

Transcript of Debian communities after the OpenSSL error