Mailing List Archive

Hi Martin,

I removed you.

I'd be glad to talk further on transparency with you.

regards,

Paul

On Wed, 11 Jan 2017, Martin Winter wrote:

> For the ones here who are unaware:
>
> There is a security list (security@quagga.net) which deals with security
> issues reported to Quagga: Assessing them, fixing them, provide the much
> needed disclosures etc. This is a closed list which had mostly “maintainers”
> and a few other selected individuals on it.
>
> As part of our testing, I used to be on this list as well - until yesterday
> when I was taken off without explanation.
>
> Not blaming anyone, but I was surprised on it - and wanted to get a public
> discussion on who is on the list and that I might no longer be able to test
> security fixes in private as part of this.
>
> So who is still on the list? Or did the list get deleted? Or what happened?
>
> Regards,
>
> - Martin Winter
>
> _______________________________________________
> Quagga-dev mailing list
> Quagga-dev@lists.quagga.net
> https://lists.quagga.net/mailman/listinfo/quagga-dev
>

--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
A university faculty is 500 egotists with a common parking problem.

On 11 Jan 2017, at 16:24, Paul Jakma wrote:

> Hi Martin,
>
> I removed you.
>
> I'd be glad to talk further on transparency with you.

I think it would be beneficial for everyone to have a open discussion on
who should be on the list
or not.

I don’t like to have this discussion in privacy - this isn’t about
me. Maybe I did something stupid
or you (or community?) decided on new rules for who should be on it. I
think it would be beneficial
to everyone to have make it public on who is on the list and probably
why they are on the list (so
it makes somehow the selection more transparent.

BTW: It seems it was some larger “cleanup” as more people got
removed as well. Not just me.

So please, can you share your thoughts publicly?

Regards,

- Martin

> On Wed, 11 Jan 2017, Martin Winter wrote:
>
>> For the ones here who are unaware:
>>
>> There is a security list (security@quagga.net) which deals with
>> security issues reported to Quagga: Assessing them, fixing them,
>> provide the much needed disclosures etc. This is a closed list which
>> had mostly “maintainers” and a few other selected individuals on
>> it.
>>
>> As part of our testing, I used to be on this list as well - until
>> yesterday when I was taken off without explanation.
>>
>> Not blaming anyone, but I was surprised on it - and wanted to get a
>> public discussion on who is on the list and that I might no longer be
>> able to test security fixes in private as part of this.
>>
>> So who is still on the list? Or did the list get deleted? Or what
>> happened?
>>
>> Regards,
>>
>> - Martin Winter
>>
>> _______________________________________________
>> Quagga-dev mailing list
>> Quagga-dev@lists.quagga.net
>> https://lists.quagga.net/mailman/listinfo/quagga-dev
>>
>
> --
> Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
> Fortune:
> A university faculty is 500 egotists with a common parking problem.

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

Martin Winter wrote:
> I don’t like to have this discussion in privacy - this isn’t about
> me. Maybe I did something stupid or you (or community?) decided on
> new rules for who should be on it. I think it would be beneficial to
> everyone to have make it public on who is on the list and probably
> why they are on the list (so it makes somehow the selection more
> transparent.

Martin,

Quagga was forked recently: github.com/freerangerouting/frr

The commit logs in FRR show a good deal of activity since the split, and
the freerangerouting.com domain seems to have been registered by Netdef.

Usually forks happen after a breakdown of confidence and/or trust in the
original project. Without prejudice to whatever changes may have been
made to the security@quagga.net email address, it looks like there has
been a serious breakdown of communications.

It would be helpful if there were some public discussion about what's
happened, and why. There are a lot of people who depend on the quagga
code base, and trust in community projects depends on transparency.

Nick

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

> On 11 Jan 2017, at 10:05, Nick Hilliard <nick@foobar.org> wrote:
>
> Usually forks happen after a breakdown of confidence and/or trust in the
> original project. Without prejudice to whatever changes may have been
> made to the security@quagga.net email address, it looks like there has
> been a serious breakdown of communications.
>
> It would be helpful if there were some public discussion about what's
> happened, and why. There are a lot of people who depend on the quagga
> code base, and trust in community projects depends on transparency.

Forks can also happen when developers decide they want to "monetize" the code. Yes, it's still open source, but if you want updates in timely fashion you'll need to subscribe to a maintenance plan. I agree that the community needs to be kept in the loop.

Michael


_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On Wed, 11 Jan 2017, Martin Winter wrote:

> I think it would be beneficial for everyone to have a open discussion on who
> should be on the list
> or not.

Martin, you and I got on well I thought. I respected and trusted you.

So can you please show myself - and everyone else involved in Quagga
(well, the few you havn't been whispering to) - a modicum of respect,
and be up front about what has been going on?

You, NetDEF (or whatever other companies you represent), have been
agitating behind the scenes - contacting people in private - for a fork
*for ~1.5 years* now.

First, because of David. [.I gather NetDEF, or at least David anyway (who
does he work for again?), has been telling people he was kicked out, and
for no reason he knows of. Which is at odds with the version of
documented reality that I am familiar with].

I tried to reconcile with "you" (NetDEF? Except, has David *ever*
worked?). I tried to send signals on that. That didn't work out.

Then you managed to rally the agitation of others about the backlog of
patches. (how did that backlog arise? It wasn't under me.).

You've got your fork. Please enjoy it, but please can you stop messing
me around?

BTW what companies are you or Alistair an officer of? What compan{y,ies}
have David, Christian, etc. been working for the last couple of years?

I assume you're aware I havn't even started to describe what has gone
on.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Freedom is nothing else but the chance to do better.
-- Camus

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On Wed, 11 Jan 2017, Paul Jakma wrote:

> On Wed, 11 Jan 2017, Martin Winter wrote:
>
>> I think it would be beneficial for everyone to have a open discussion on
>> who should be on the list
>> or not.
>
> Martin, you and I got on well I thought. I respected and trusted you.
>
> So can you please show myself - and everyone else involved in Quagga (well,
> the few you havn't been whispering to) - a modicum of respect, and be up
> front about what has been going on?
>
> You, NetDEF (or whatever other companies you represent), have been agitating
> behind the scenes - contacting people in private - for a fork *for ~1.5
> years* now.

Oh, and you've been telling people you're definitely forking for over 6
months now - including people you must have been very certain would tell
me.

> First, because of David. [.I gather NetDEF, or at least David anyway (who does
> he work for again?), has been telling people he was kicked out, and for no
> reason he knows of. Which is at odds with the version of documented reality
> that I am familiar with].
>
> I tried to reconcile with "you" (NetDEF? Except, has David *ever* worked?). I
> tried to send signals on that. That didn't work out.
>
> Then you managed to rally the agitation of others about the backlog of
> patches. (how did that backlog arise? It wasn't under me.).
>
> You've got your fork. Please enjoy it, but please can you stop messing me
> around?
>
> BTW what companies are you or Alistair an officer of? What compan{y,ies} have
> David, Christian, etc. been working for the last couple of years?
>
> I assume you're aware I havn't even started to describe what has gone on.
>
> regards,
>

--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
"Is this foreplay?"
"No, this is Nuke Strike. Foreplay has lousy graphics. Beat me again."
-- Duckert, in "Bad Rubber," Albedo #0 (comics)

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On Wed, 11 Jan 2017, Paul Jakma wrote:

> On Wed, 11 Jan 2017, Martin Winter wrote:
>
>> I think it would be beneficial for everyone to have a open discussion on
>> who should be on the list
>> or not.
>
> Martin, you and I got on well I thought. I respected and trusted you.
>
> So can you please show myself - and everyone else involved in Quagga (well,
> the few you havn't been whispering to) - a modicum of respect, and be up
> front about what has been going on?
>
> You, NetDEF (or whatever other companies you represent), have been agitating
> behind the scenes - contacting people in private - for a fork *for ~1.5
> years* now.
>
> First, because of David. [.I gather NetDEF, or at least David anyway (who does
> he work for again?), has been telling people he was kicked out, and for no
> reason he knows of. Which is at odds with the version of documented reality
> that I am familiar with].
>
> I tried to reconcile with "you" (NetDEF? Except, has David *ever* worked?). I
> tried to send signals on that. That didn't work out.
>
> Then you managed to rally the agitation of others about the backlog of
> patches. (how did that backlog arise? It wasn't under me.).
>
> You've got your fork. Please enjoy it, but please can you stop messing me
> around?
>
> BTW what companies are you or Alistair an officer of? What compan{y,ies} have
> David, Christian, etc. been working for the last couple of years?
>
> I assume you're aware I havn't even started to describe what has gone on.

Oh, and those things that are not public knowledge are the reason why I
had been so stubborn about sticking to pure-consensus decision making,
and not agreeing to give you majority voting. I had ceased to trust you
(NetDEF, or whatever else). And you didn't do much to rebuild trust
either.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
All is fear in love and war.

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

Nick,

On 11 Jan 2017, at 22:05, Nick Hilliard wrote:

> Martin Winter wrote:
>> I don’t like to have this discussion in privacy - this isn’t about
>> me. Maybe I did something stupid or you (or community?) decided on
>> new rules for who should be on it. I think it would be beneficial to
>> everyone to have make it public on who is on the list and probably
>> why they are on the list (so it makes somehow the selection more
>> transparent.
>
> Martin,
>
> Quagga was forked recently: github.com/freerangerouting/frr
>
> The commit logs in FRR show a good deal of activity since the split, and
> the freerangerouting.com domain seems to have been registered by Netdef.

Yes, all true. FreeRangeRouting is an attempt to do development in the
spirit of what was discussed last year. Several community members ask for
better ways to get code in (faster, more predictable) and we had these
discussions in various calls last year.

Paul decided to use his veto to not allow these changes and suggested a
fork.

> Usually forks happen after a breakdown of confidence and/or trust in the
> original project. Without prejudice to whatever changes may have been
> made to the security@quagga.net email address, it looks like there has
> been a serious breakdown of communications.

I tried my best to support both projects until now and didn’t see this
as competition or any rule that I wasn’t supposed to work on 2 projects
at the same time.
Full disclosure: I helped the OpenBGPd folks in the past as well with
testing infrastructure. So I might be a repeated “offender” if this is
a crime.

> It would be helpful if there were some public discussion about what's
> happened, and why. There are a lot of people who depend on the quagga
> code base, and trust in community projects depends on transparency.

If the fork is the reason of getting kicked out, then ok. I assume Paul
has some reason, but I didn’t expect working on 2 open source projects
would be the problem.

A friendly notice to me ahead would have been good and a public statement
for the community might be even better. I was expecting to continue working
on both, but if the Quagga community rather has me stopping testing etc,
then I will respect the wishes.

The main message was less about why, but more about transparency to the
community.

— Martin

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On 12 Jan 2017, at 0:03, Paul Jakma wrote:

> On Wed, 11 Jan 2017, Paul Jakma wrote:
>
>> On Wed, 11 Jan 2017, Martin Winter wrote:
>>
>>> I think it would be beneficial for everyone to have a open
>>> discussion on
>>> who should be on the list
>>> or not.
>>
>> Martin, you and I got on well I thought. I respected and trusted you.

Sorry, if this broke. I didn’t see any mistake.

>> So can you please show myself - and everyone else involved in Quagga
>> (well, the few you havn't been whispering to) - a modicum of respect,
>> and be up front about what has been going on?

Sure, we are involved in a fork, based on a different structure on what
we discussed last year and you
blocked for having it implemented with Quagga.
You suggested the fork after all.

We are working on it since approx mid last year (after the discussions
broken down)

>> You, NetDEF (or whatever other companies you represent), have been
>> agitating behind the scenes - contacting people in private - for a
>> fork *for ~1.5 years* now.

1.5 years? I must have missed 1 year of this. Discussions on a fork came
up multiple times, but up to
last summer, there was always some hope to get changes in the current
structure which would speed things up.

>> First, because of David. [.I gather NetDEF, or at least David anyway
>> (who does he work for again?), has been telling people he was kicked
>> out, and for no reason he knows of. Which is at odds with the version
>> of documented reality that I am familiar with].

David works for NetDEF/OpenSourceRouting. Was that ever a question?
And yes, he got kicked out by you (as documented in the past). This was
discussed many times. You’ve allowed
him back as a “sub-maintainer” (or “roundskeeper”) later, but
made a clear distinction between the maintainers
(like you, Greg and Vincent) and him.

>> I tried to reconcile with "you" (NetDEF? Except, has David *ever*
>> worked?). I tried to send signals on that. That didn't work out.

Yes, he did great work on Quagga. Check out Git history if you need
details.

>> Then you managed to rally the agitation of others about the backlog
>> of patches. (how did that backlog arise? It wasn't under me.).

The fact was that the incoming patch rate was approx 5x to what got in
over years. We needed a way to review
things faster and send back for rework or integrate it. I heard so many
complains from people sending patches
and not getting any feedback for more then a year (if ever).
That was the whole start of the reorg discussion last year.

>> You've got your fork. Please enjoy it, but please can you stop
>> messing me around?

You prefer me to withdraw from the Quagga project? Stop my testing? If
the community (not just you)
wishes this, then no issue. No need to fight over this. I do NOT want to
screw with Quagga and I’m
happy to withdraw my (and potentially everyone else’s from
NetDEF/OpenSourceRouting) contribution.

>> BTW what companies are you or Alistair an officer of? What
>> compan{y,ies} have David, Christian, etc. been working for the last
>> couple of years?

Not sure how this is relevant or even a secret. NetDEF (and
OpenSourceRouting is a project of NetDEF)
is the answer to all of this. Never tried to hide this and not sure
where the confusion is?

>> I assume you're aware I havn't even started to describe what has gone
>> on.

No, I think I get it that working on a fork is ground for distrust and
exclusion. If this community feels
like we can’t get along, then I do not want to have this fight and
I’m happy to withdraw from Quagga.

> Oh, and those things that are not public knowledge are the reason why
> I had been so stubborn about sticking to pure-consensus decision
> making, and not agreeing to give you majority voting. I had ceased to
> trust you (NetDEF, or whatever else). And you didn't do much to
> rebuild trust either.

Can you explain this specific “pure-consensus decision”? Consensus
of who?

BTW: For full transparency, would be still good to announce changes like
this to the list.

- Martin

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On Thu, 12 Jan 2017, Martin Winter wrote:

> Full disclosure: I helped the OpenBGPd folks in the past as well with
> testing infrastructure. So I might be a repeated “offender” if this is
> a crime.

Testing other open-source routing is great.

Funnily enough, I met one of the OpenBGPd guys at the UKNOF in Glasgow
recently. We discussed testing and he mentioned the difficulties of
that. I mentioned your testing work to him, that he should get in touch
with you. He said he had, and that he'd been told that wasn't possible
without money.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
He has shown you, o man, what is good. And what does the Lord ask of you,
but to do justice, and to love kindness, and to walk humbly before your God?

On Thu, 12 Jan 2017, Martin Winter wrote:

> 1.5 years? I must have missed 1 year of this.

David was __suspended__ from Quagga in May '15. A majority of the other
maintainers had serious concerns about some acts. He was asked to
explain a series of unilateral actions he'd taken, either against the
settled view of the maintainers or where it was obvious he was acting
against. Including his having *unilaterally* removed another maintainer.

Only 1 maintainer has ever been kicked out of Quagga, while it was
running under a collective maintainer model anyway[1]. And it was _not_
David.

He gave an initial response, and we waited for a full response. And.,..
nothing. He just went away. However, after some weeks, I heard NetDEF
were pitching around for a fork.

So that's June / July '15 to date. I make that 1.5 years ago. But I have
struggled with a shared understanding of basic terms with others in
NetDEF before (e.g. "consensus"), so maybe my notion of calendars is
wrong too.

1. Note: as of a few weeks ago, I am the executive maintainer of Quagga.
An interim measure hopefully, if there are enough people still
interested in Quagga.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Did you know the University of Iowa closed down after someone stole the book?

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On Thu, 12 Jan 2017, Martin Winter wrote:

> as competition or any rule that I wasn’t supposed to work on 2 projects
> at the same time.

To be clear, I tried my best to reconcile. Even after it was made clear
you were forking, I would probably have been grudgingly OK.

But, NetDEF (or... which company and what kind?) went behind my back to
get contact details for my manager, and talk to him. Just to find out if
my employer thinks and if it would sponsor the fork - nothing else, _of
course_.

Maybe I'm just overly touchy, but I found that a bit low. I couldn't
even open my Quagga mail folder for a while after that.

(That was begin Nov).

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
I'd horsewhip you if I had a horse.
-- Groucho Marx

On Thu, 12 Jan 2017, Paul Jakma wrote:

> On Thu, 12 Jan 2017, Martin Winter wrote:
>
>> as competition or any rule that I wasn’t supposed to work on 2 projects
>> at the same time.
>
> To be clear, I tried my best to reconcile. Even after it was made clear you
> were forking, I would probably have been grudgingly OK.
>
> But, NetDEF (or... which company and what kind?) went behind my back to get
> contact details for my manager, and talk to him. Just to find out if my
> employer thinks and if it would sponsor the fork - nothing else, _of course_.
>
> Maybe I'm just overly touchy, but I found that a bit low. I couldn't even
> open my Quagga mail folder for a while after that.
>
> (That was begin Nov).

Oh, and I discovered the 990s the last couple of weeks over the
Christmas break (idle time).

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Gentlemen, I want you to know that I am not always right, but I am
never wrong. -Samuel Goldwyn

On 12 Jan 2017, at 14:11, Paul Jakma wrote:

> On Thu, 12 Jan 2017, Martin Winter wrote:
>
>> Full disclosure: I helped the OpenBGPd folks in the past as well with
>> testing infrastructure. So I might be a repeated “offender” if
>> this is a crime.
>
> Testing other open-source routing is great.
>
> Funnily enough, I met one of the OpenBGPd guys at the UKNOF in Glasgow
> recently. We discussed testing and he mentioned the difficulties of
> that. I mentioned your testing work to him, that he should get in
> touch with you. He said he had, and that he'd been told that wasn't
> possible without money.

Partially correct. I offered them access to our infrastructure to do
their own testing with some of our tools.
I cannot use funding dedicated for specific work and use it to test
their project. So I offered the best I could
do without much of my time.
They used some of our infrastructure to do some testing. Not sure how
much…

I would love to help them more testing, but I need someone paying for
the time to be able to afford this and so
far I’m unable to do this.

- Martin

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On 12 Jan 2017, at 14:33, Paul Jakma wrote:

> On Thu, 12 Jan 2017, Martin Winter wrote:
>
>> 1.5 years? I must have missed 1 year of this.
>
> David was __suspended__ from Quagga in May '15. A majority of the
> other maintainers had serious concerns about some acts. He was asked
> to explain a series of unilateral actions he'd taken, either against
> the settled view of the maintainers or where it was obvious he was
> acting against. Including his having *unilaterally* removed another
> maintainer.
>
> Only 1 maintainer has ever been kicked out of Quagga, while it was
> running under a collective maintainer model anyway[1]. And it was
> _not_ David.

“suspended” vs “kicked off”

Interesting wording is all I can say.

> He gave an initial response, and we waited for a full response.
> And.,.. nothing. He just went away. However, after some weeks, I heard
> NetDEF were pitching around for a fork.

This was discussed over weeks before. No need to bring it all back.
Everyone interested, look at archive and build
your own opinion.

> So that's June / July '15 to date. I make that 1.5 years ago. But I
> have struggled with a shared understanding of basic terms with others
> in NetDEF before (e.g. "consensus"), so maybe my notion of calendars
> is wrong too.

People asked me (and others) about forking Quagga since I got involved
(short term back compared to you - only 2011)
That doesn’t mean that there were plans for it. I wanted to avoid it
and we tried to the best of our abilities to
avoid it.
But last summer it became clear that it was unavoidable to get faster
progress.

> 1. Note: as of a few weeks ago, I am the executive maintainer of
> Quagga.
> An interim measure hopefully, if there are enough people still
> interested in Quagga.

Thanks for this note. This is what I call “transparency”. Not sure
what “executive maintainer”
means, but I assume something like “chief maintainer” with sole
decision authority ?

Or did I get this wrong?

- Martin

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On 12 Jan 2017, at 14:47, Paul Jakma wrote:

> On Thu, 12 Jan 2017, Martin Winter wrote:
>
>> as competition or any rule that I wasn’t supposed to work on 2
>> projects
>> at the same time.
>
> To be clear, I tried my best to reconcile. Even after it was made
> clear you were forking, I would probably have been grudgingly OK.
>
> But, NetDEF (or... which company and what kind?) went behind my back
> to get contact details for my manager, and talk to him. Just to find
> out if my employer thinks and if it would sponsor the fork - nothing
> else, _of course_.
>
> Maybe I'm just overly touchy, but I found that a bit low. I couldn't
> even open my Quagga mail folder for a while after that.
>
> (That was begin Nov).

So that was the reason? Do you think we should have NOT contacted HP
because you work there? Or have contacted you
instead?

I assume a company might appreciate such a heads-up for their own
planning. Maybe not like it, but better to
be informed and able to plan about it.

- Martin

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

Nick,

sorry, forgot to answer the last part or your email about reason etc
on fork:

First of all, we haven’t announced it yet. We want to get it to “rc1”
quality first before making it public. And we had to get a name (which
was a painful slow process and we are still making sure this name isn’t
violating any trademarks etc).
Name is probably the more important as the github location will change
again if we have to rename again.

In general, the idea on the fork was to try a different model of developing
similar to what was discussed last year (and blocked by Paul’s veto) for
the Quagga community.

We hope to get a much faster turnaround of new features and fixes into the
code. There are several companies interested in Quagga, but see it as
abandoned because of the slow speed. We try to change this by automating
more, have more maintainers and simple processes on getting code into the
project.

But everyone is welcome to join.

- Martin

On 11 Jan 2017, at 22:05, Nick Hilliard wrote:

> Martin Winter wrote:
>> I don’t like to have this discussion in privacy - this isn’t about
>> me. Maybe I did something stupid or you (or community?) decided on
>> new rules for who should be on it. I think it would be beneficial to
>> everyone to have make it public on who is on the list and probably
>> why they are on the list (so it makes somehow the selection more
>> transparent.
>
> Martin,
>
> Quagga was forked recently: github.com/freerangerouting/frr
>
> The commit logs in FRR show a good deal of activity since the split, and
> the freerangerouting.com domain seems to have been registered by Netdef.
>
> Usually forks happen after a breakdown of confidence and/or trust in the
> original project. Without prejudice to whatever changes may have been
> made to the security@quagga.net email address, it looks like there has
> been a serious breakdown of communications.
>
> It would be helpful if there were some public discussion about what's
> happened, and why. There are a lot of people who depend on the quagga
> code base, and trust in community projects depends on transparency.
>
> Nick

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On Thu, 12 Jan 2017, Martin Winter wrote:

>> 1. Note: as of a few weeks ago, I am the executive maintainer of Quagga.
>> An interim measure hopefully, if there are enough people still
>> interested in Quagga.
>
> Thanks for this note. This is what I call “transparency”. Not sure
> what “executive maintainer” means, but I assume something like “chief
> maintainer” with sole decision authority ?

> Or did I get this wrong?

Exactly.

Quagga is an informal association. There is no corporate vehicle. There
are no tax breaks. I have never claimed tax breaks on the small (but
non-trivial at times, esp as a student) cost for some of the required
infrastructure. There are no regulatory requirements for elevated
transparency, compared to the rest of civil life.

_GO ENJOY YOUR FORK_.

Stop talking crap about others.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Quod erat demonstrandum.
[.Thus it is proven. For those who wondered WTF QED means.]

On Thu, 12 Jan 2017, Martin Winter wrote:

> similar to what was discussed last year (and blocked by Paul’s veto) for

Urg, you just can't help spin.

_EVERY MAINTAINER_ had a veto. Further, objections from the wider
community were also usually honoured. *DAVID* vetoed stuff. *YOU* have
objected to stuff and had it honoured. Even after David was suspended,
his objections were still honoured.

I'm not claiming the model was perfect - it may have been past its sell
by date.

Anyway, Why are you here Martin? What are you trying to achieve?

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
genlock, n.:
Why he stays in the bottle.

On Thu, 12 Jan 2017, Martin Winter wrote:

> “suspended” vs “kicked off”
>
> Interesting wording is all I can say.

Just for the record, the relevant bit from the email to David was:

"I have therefore suspended you from the Quagga.net maintainers,
pending a review of your position by the maintainers. "

From the end of my reply to his initial reply:

"If we're to converge again, probably it'd be best at this stage if you
explain what your view is of how maintainers should work with each
other."

I guess "suspended" is another confusing word.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
The days are all empty and the nights are unreal.

On 12 Jan 2017, at 18:47, Paul Jakma wrote:

> On Thu, 12 Jan 2017, Martin Winter wrote:
>
>> similar to what was discussed last year (and blocked by Paul’s
>> veto) for
>
> Urg, you just can't help spin.
>
> _EVERY MAINTAINER_ had a veto. Further, objections from the wider
> community were also usually honoured. *DAVID* vetoed stuff. *YOU* have
> objected to stuff and had it honoured. Even after David was suspended,
> his objections were still honoured.

Objection against something and a veto are different things. I do
believe everyone should speak up if he thinks
something is the wrong way, but also accept to be overruled by a
majority.
But then you made it clear that this isn’t a democracy or anything and
this is your fork and it’s your
way or the highway.

> I'm not claiming the model was perfect - it may have been past its
> sell by date.
>
> Anyway, Why are you here Martin? What are you trying to achieve?

Because I care about Quagga and previously didn’t expect to withdraw
my support and work for it.

So basically Transparency and Clarification:

1) Would be good for people to know that they can’t come to me anymore
for Quagga Security Issues.
I think this is now clear, but there are others who got removed too.
Would be good to know who is still
on the list so I can redirect questions.
(BTW: Email to list doesn’t work - it’s seems to all end up on
waiting for a moderator approval. You should
fix this for a list to report security issues)

2) Clarification if you want anyone from NetDEF to stop providing any
help on Quagga. I didn’t expect to
withdraw from it, but it sounds like this is your wish. Happy to comply
and no screaming needed. A simple
email with a clarification would be all that’s needed.

- Martin Winter

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On 11 Jan 2017, at 22:34, Michael H Lambert wrote:

>> On 11 Jan 2017, at 10:05, Nick Hilliard <nick@foobar.org> wrote:
>>
>> Usually forks happen after a breakdown of confidence and/or trust in
>> the
>> original project. Without prejudice to whatever changes may have
>> been
>> made to the security@quagga.net email address, it looks like there
>> has
>> been a serious breakdown of communications.
>>
>> It would be helpful if there were some public discussion about what's
>> happened, and why. There are a lot of people who depend on the
>> quagga
>> code base, and trust in community projects depends on transparency.
>
> Forks can also happen when developers decide they want to "monetize"
> the code. Yes, it's still open source, but if you want updates in
> timely fashion you'll need to subscribe to a maintenance plan. I
> agree that the community needs to be kept in the loop.

The problem was really getting the name picked. It was way more
painful than expected. And a lot of the work was done while it was
still called Quagga - and that would have caused a really bad confusion
(and most likely upset Paul for the right reasons).

The rename in the code just got done last weekend (finally).

There are absolutely no plans to monetize the code. There might be
always
commercial spins (i.e. any vendor who provides Quagga or the fork on
their
box) and they may try this, but I’m not sure how legal this is under a
GPL
license.
And Quagga and all it’s forks are locked to GPLv2 or later as it’s
probably
impossible to ever contact all contributors and get them to agree to a
license
change.

Some of the organizational structure behind is still in the discussion
phase at this time. We are trying to find a model where there is no
single
entity able to take over or lock others out of it.

But some of the key differences is trying a different model where
patches
submitted or pull requests get automatically integrated into a
development
branch. Based on what was discussed last year for Quagga.

Anyway, no need to discuss this here in details. Donald posted the list
for the fork. Feel free to join and ask questions there. Just don’t
expect
it all be ready yet.

- Martin

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On Thu, 12 Jan 2017, Martin Winter wrote:

> Objection against something and a veto are different things.

I don't think there's much point having yet another argument about the
meaning of words.

> way, but also accept to be overruled by a majority. But then you made
> it clear that this isn’t a democracy or anything and this is your fork
> and it’s your way or the highway.

"democracy"? what do you mean by that?

There isn't a single democracy on this planet where you can just go in
and immediately expect your voice to be heard. Hell, you're not even
_born_ with the right - you have to wait 16, 18+, years.

Further, even in democracies, there usually are ways to _protect_
minority and status-quo interests *from* the majority. Like
constitutional rights, independent judiciaries, establishment-biased
upper houses, etc.

In industry organisations, there often are establishment biases too.
E.g., the IETF, despite ostensibly being a consensus organisation, has a
hierarchy of WG chairs, ADs, etc., which can apply judgement to what
consensus is - and getting into those positions takes time to develop
the standing.

Quagga worked on consensus, amongst a group of maintainers. I could
block things, yes, so could others. Had it grown stale, yes, sure.

The ways to fix that did not include ambushing me on a conference call,
calling a vote on a flimsy document, of people of varied experience in
Quagga.

- There was someone who attended who I'd never heard of before, until a
few working days earlier when they emailed to ask to join that call,
from a vendor with one recent bug report + diagnosis. Who we've never
heard from again since either.

How come they suddenly popped up for that call? It's a mystery. I note
a board member of NetDEF works at that said vendor, but I'm sure
that's a complete co-incidence.

- The document was largely agreeable goal stuff that no one would vote
against.

Except, buried within was changing from maintainers consensus to some
unspecified wider community majority voting. The constitutional
implications of which were not pointed out .

- You had not mentioned, till that day I think, that the two main
agitators for this constitutional change (you and another) were in
fact close business partners.

- You ignored the detailed technical governance process I sent you more
than a year before that, in Jan '15. Which had actual workable
processes in it, and was based on the technical governance model I had
seen work inside Sun Microsystems.

Indeed, you never mentioned that anyone.

That document actually proposed _removing_ individual vetos, and
requiring two objections to block instead. (This was when I
trusted you a lot more than I do now). _You_ rejected that.

It was at that point (earlyish last year), with that call, that I
stopped believing you were acting fully in good faith on the governance
reform stuff.

> Because I care about Quagga

I believe you did, and still do to some extent. But I also believe you
have the self-interest of positioning NetDEF as the guardian of this
code-base.

And it's not wrong to be self-interested, nor to care about this
codebase, per se. What I can't believe is that you don't realise I have
no less of the same self-interest as you. I have been working on this
code-base as long as anyone. I have put sweat and tears into it too.

I told you, and others, I was happy to _share_ the governance.

NetDEF contributions are greatfully accepted, but if you think it's
socio-politically a smart thing to barge in and start demanding the
project's governance be changed to suit you, and try run rough-shod over
the objections of the _founder_ (who did try engage on the topic, but
was ignored) with political games, then you have even fewer people
skills than I do. (I at least _know_ that I suck at politics).

> 2) Clarification if you want anyone from NetDEF to stop providing any
> help on Quagga.

But, you already have.

Least, I see fixes in the FRR tree for my commits in Quagga that you
havn't sent here. E.g., Christian's stuff for the tags width.

(But, maybe technically you're not blowing smoke there, if that work by
Christian, David, etc., is paid for by some other org).

> I didn’t expect to withdraw from it, but it sounds
> like this is your wish. Happy to comply and no screaming needed. A
> simple email with a clarification would be all that’s needed.

Are you offering to commit to keep the Quagga testing in place? To what
date?

Your testing is great. It's really useful (other than that I can't
tinker with it directly). However, I was assuming the timing of access
to that was going depend on your fork.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Little hamster in running wheel had coronary; waiting for replacement to be Fedexed from Wyoming

On Thu, 12 Jan 2017, Martin Winter wrote:

> So basically Transparency and Clarification:
>
> 1) Would be good for people to know that they can’t come to me anymore
> for Quagga Security Issues.

So, I didn't raise it at the time for various reasons (I perhaps hadn't
lost all hope of averting a fork; or at least staying friendly - before
the manager call), but that wasn't really appropriate, was it?

1. Why did you think it appropriate to go to Debian on behalf of Quagga
(as seems to have been the case), when you knew that I knew you are
organising a fork?

You surely should have known you had a clear conflict of interest,
and just reported the security issue to me? I could still have

2. Why do other people think you are the person to go to for Quagga
security issues?

How did that come about? What have you been telling people? Arg.

BTW, I also had the impression you were playing games with me/Quagga on
that security bug - related to your fork.

> I think this is now clear, but there are others who got removed too.
> Would be good to know who is still on the list so I can redirect
> questions.

You _know_ who to direct questions to. Why are you even getting
questions to begin with? What are you telling people elsewhere?

I've noticed elsewhere that people seem to think NetDEF == Quagga. What
have you been telling people at conferences?

> (BTW: Email to list doesn’t work - it’s seems to all end up on waiting
> for a moderator approval. You should fix this for a list to report
> security issues)

I am the moderator. I get the moderator requests, so I see the emails
before they're approved.

There's a huge spam load. I'd rather have it unmoderated, and let the
subscriber's spam filters do the work, but some don't like that.

That wider security list turns out not to have been quite right anyway.
There should be one list for the few who can help with "do the
analysis/fix", and another for 'announce'.

A lot of the subscriber requests seem to be more appropriate for
'announce'. That should become just a public, low-trafic list.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
Nature always sides with the hidden flaw.

On Fri, 13 Jan 2017, Paul Jakma wrote:

> I've noticed elsewhere that people seem to think NetDEF == Quagga. What have
> you been telling people at conferences?

I'd been waiting for you to announce your fork (and note, you can _not_
spam this list with marketing material on it; inc. 'heads up' stuff),
but that reminds me:

You need to fix your website(s) and other material where reasonable to
update references to the Quagga project so it is very clear Quagga is a
different thing to NetDEF, and acknowledge the trademark[1] legibly.
Where it's HTML, make "Quagga" go to https://www.quagga.net/ .

1. I registered that soon after I heard the first whispers of your
fork, after the David issue.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
We are using Linux daily to UP our productivity - so UP yours!
(Adapted from Pat Paulsen by Joe Sloan)

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

Anyway, let's draw a line under the past. You can have the last reply on
the past on those emails, as you wish.

Let's move on. I am thoroughly looking forward to not having these
discussions. To NetDEF and the like-minded being there, and me here.

If there's anything productive to discuss, e.g. what we rescue from the
dying embers in terms of technical co-ordination or testing, we can
discuss that.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
I don't have an eating problem. I eat. I get fat. I buy new clothes.
No problem.

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

Den 2017-01-13 kl. 10:04, skrev Paul Jakma:
>
> I've noticed elsewhere that people seem to think NetDEF == Quagga.
> What have you been telling people at conferences?

Hi,

Just an observation. You were at the RIPE69 meeting, right? You were
registered as coming from NetDef. I for one thought that you were
affiliated with NetDef because of that. I hadn't noticed NetDef before
that and really thought you're a part of it. You also did the status
update for opensourcerouting.org at that meeting. Were you not part of
NetDef and opensourcerouting.org at that time?

ref.
https://ripe69.ripe.net/attend/attendee-list/
https://ripe69.ripe.net/presentations/85-ripe69-os-quagga-update.pdf

regards,


--
/bengan



_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On Fri, 13 Jan 2017, Bengt G?rd?n wrote:

> Just an observation. You were at the RIPE69 meeting, right? You were
> registered as coming from NetDef. I for one thought that you were
> affiliated with NetDef because of that. I hadn't noticed NetDef before
> that and really thought you're a part of it. You also did the status
> update for opensourcerouting.org at that meeting. Were you not part of
> NetDef and opensourcerouting.org at that time?

> https://ripe69.ripe.net/attend/attendee-list/
> https://ripe69.ripe.net/presentations/85-ripe69-os-quagga-update.pdf

I was with NetDEF then yes, and that talk was given with my (then)
NetDEF hat on. The slide on OSRs' activities said "Supporting
maintainers" which is what it was doing (I thought both David and I were
working for NetDEF, but now I don't know who David worked for that year)
and I said its remit was to support open source routing.

All accurate at that time.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
The greatest productive force is human selfishness.
-- Robert Heinlein

On Fri, 13 Jan 2017, Paul Jakma wrote:

> All accurate at that time.

Oh, and Martin via OSR doing excellent testing work remains true. If one
inferred from my other email where I mentioned UKNOF34 in Glasgow (Sept
last year) that I was still recommending that work to people, one would
be correct.

Anyway, let Martin reply to what he feels he needs to, then draw a line,
go our separate ways, and restrict comms to whatever code co-operation
stuff is mutually agreeable.

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
If little else, the brain is an educational toy.
-- Tom Robbins

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev

On 13 Jan 2017, at 16:16, Paul Jakma wrote:

> On Fri, 13 Jan 2017, Paul Jakma wrote:
>
>> I've noticed elsewhere that people seem to think NetDEF == Quagga.
>> What have you been telling people at conferences?
>
> I'd been waiting for you to announce your fork (and note, you can
> _not_ spam this list with marketing material on it; inc. 'heads up'
> stuff), but that reminds me:
>
> You need to fix your website(s) and other material where reasonable to
> update references to the Quagga project so it is very clear Quagga is
> a different thing to NetDEF, and acknowledge the trademark[1] legibly.
> Where it's HTML, make "Quagga" go to https://www.quagga.net/ .
>
> 1. I registered that soon after I heard the first whispers of your
> fork, after the David issue.

No point to discuss this on the list. If there is a confusion at some
page, then please
let me know in a private email the specifics (i.e. where and maybe a
suggestion on how you
would like it changed) and I do my best to get it fixed.

I tried to make it clear in presentations and on the website that we are
just a contributor
like everyone else. Maybe I screwed up somewhere and I apologize for
this. Just asking for
a chance on getting it fixed.

- Martin

_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-dev