[ubuntu-hardened] Leading situation and future of Ubuntu Hardened and Hardened Debian (leaving).

Lorenzo Hernández García-Hierro lorenzo at gnu.org
Sat Apr 30 16:44:07 CDT 2005


First, and trying to make this the disclaimer that applies the rest of
this email, I want to note that there's no intention for creating a
flame war nor spreading any other type of malicious (dis)information.

As a little introduction to the background of this email, I will talk
about my activities and procedures as the Ubuntu Hardened and Hardened
Debian lead (even if it's not well advised in some places, creating some
confusion around who cares of the goals, desires, head development and
leading politics of the projects, for the good and the bad, taking the
*not imperative at all* responsibility of *any* result, desired or
undesired, expected or unexpected).

I've been trying to communicate as better as possible with the
"official" developers and communities behind Ubuntu Linux and Debian,
trying to coordinate the work and organizing it for ensuring a good work
conditions, and the Q/A.

Mostly, I've been doing development, more than politics, as it's
something that happens usually, that people can talk too much and say
too less, and even lesser work. That is, vaporware, not clear ideas with
an end date.

During the development and work within Hardened Debian, good and bad
things happened. We lived with them and we were taking care as better as
possible (thanks for Andrew Dobbie and the other people who helped and
made those bad times less heavy to handle), and putting attention in a
project which was growing up quickly, and making a brilliant
approach, that was Ubuntu Linux for us.

Thus, due to the nonexistence of any collaboration and coordination with
any Debian developer (and the negative or pretty inaccurate feedback in
certain cases), I toke a personal decision, by starting a "fork
project", Ubuntu Hardened, moving the work done in Hardened Debian and
deploying it in Ubuntu Linux as best we could do it (I must say
that there was a great welcome for it, and I must thank Martin Pitt for
it, at first place).

Now, things are slightly different. Before the UDU started, that is, 1
month before, I was working out the tasks for the SELinux herd. I did
the 90% of the work in a weekend, among the other Ubuntu Hardened tasks
like fixing, checking and releasing the libssp packages,
designing and organizing the project itself, doing plans on the IBM
SSP/ProPolice deployment, doing a little porting job to make it
available for GCC 4.0 as of Breezy needs, thinking
that it might be the first time that we (Hardened Debian/Ubuntu
Hardened) get something *really* accepted and deployed. There was a
feeling of having things well-done and having a good feedback.
But later things changed. UDU started. I couldn't attend because of
economical and personal reasons, thus, leaving the BOF sessions to other
people that I was trusting to make good decisions. Seems that I was

The information provided was completely inaccurate, the decisions are
worthless in my opinion (and I have strong reasons to have such
opinion), the subjects were incomplete and the credit of my work was
*missing*. The information was out there, I just can't give *all done*,
sometimes people need to work out their stuff at their own.

Let's take a look: SSP won't be accepted and not deployed at all (after
the work that has been done since the start) just because it won't be
accepted upstream. Well, that wouldn't be a problem if, there's not a
decision of deploying arbitrary patches in the Ubuntu kernel packages,
that may (and I tend to believe that they *will*), just to add *some
security enhancements that were proposed to upstream and never got
I asked. The reply was just that the kernel team knows what they do. I
also know what I do on the SSP deployment, and also about the patches
that I developed and *being asked* to write.
That's not the only one thing. Also, there was no credit at all of my
work, or at least, the public information of UDU shows that. I don't
reclaim it, but it would be polite to credit the work of someone
that wanted to help and invested *many* time to finish up things quickly
and well-done. I was also asked to port the kernel helpers of SSP to
other architectures (it was only available for i386, and currently it's
not tested yet), before the UDU and the "decisions" were taken (among
that I still don't know about what decisions resulted of the SELinux
BOF, if there were even taken, without mention to the Proactive Security
BOF), so, what I do, after "wasting" my time while working on it
if someone decided to *discard* it with no visible reason and
announcement. After I complained about this, the reply was again
worthless: walk in our way or walk in yours and live alone. Sorry of
walking in my own way, but I won't go in a wrong way, if you want to
blindly walk to the failure, do it. But don't ask me to follow you.

Because of all of these issues, and other ones that I prefer to don't
talk about (such as the obvious prejudices and aversion of some third
parties, due to worthless and meaningless reasons), I've decided to
leave the projects, as there's nothing good coming from them, for an
undefined period of time, and until the situation gets clear and the
issues solved. Don't think I'm giving up, just think that I'm going to
*not* take part of a mess for no good reason. It's something not on
my list of goals. There's a lot to help out there, and a lot to choose.

At least I've learnt that, instead of investing my time in a fight with
no good end, it's better to stay away and become a spectator of the doom
or the success, and give help out only when someone comes up with an
honest and worthy question.

"Prudence, indeed, will dictate that Governments long established should
not be changed for light and transient causes; and accordingly all
experience hath shewn, that mankind are more disposed to suffer, while
evils are sufferable, than to right themselves by abolishing the forms
to which they are accustomed."
(The Declaration of Independence, July 4, 1776)

My best wishes to all who helped, giving continuously their feedback and
opinion, critics and feelings about how things were going on. Also, my
best wishes to Ubuntu Linux, Debian and all the people involved in it's

Thanks to all.

Lorenzo Hernández García-Hierro <lorenzo at gnu.org> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20050430/2ea88746/attachment.pgp

More information about the ubuntu-hardened mailing list