Dear Gentlebeings, . Welcome to the 2021 Annual General Meeting of The NetBSD Foundation. . I am the moderator, i.e. voice-bot, for todays AGM. . this is the agenda for this AGM: . Intro by our intrepid president . Reports from: * communications * security-team * finance-exec * gnats * admins * core * membership-exec * pkgsrc-pmc * pkgsrc-security * releng . Are there any last-minute additions to the reports? msg me. . Q&A session for all of the above, and general questions. . When Q&A begins, msg me "I have a question for " or "I have a question for " and I will give you voice when it's your turn. Here comes the intro (also, the report by board): Hello, and welcome to the 19th Annual General Meeting of The NetBSD Foundation. - First off, I'd like to thank spz for volunteering to handle moderating and admins for doing the behind the scenes magic to make this event (and all our communication) possible. - The NetBSD Foundation Board of Directors presents a consolidated list of the relevant and major actions that occurred since last AGM. Quite a few discussions, actions, and follow-ups crossed multiple meetings. Very few meetings resulted in not reaching quorum. Check our weekly meeting minutes in: localsrc/tnf/board/minutes for the latest on our progress. During this period, new directors were elected and officers were renewed or installed. -- We continued our support of BSDcan, AsiaBSDcon, and EuroBSDcon to improve our representation at conferences and developer summits. However, with the cancellations and virtual summits due to the ongoing COVID-19 pandemic, any approved contributions were shifted to be used next year. - We successfully participated in the Google Summer of Code for 2020 and attended the virtual Google Summer of Code Mentor Summit. We are currently participating in GSoC this year with 1 student on our ZFS boot GSoC project. - Like last year, we have provided core with a pre-approved, reasonable budget, to spend as they see most fit without an additional confirmation step from us. - We continued to improve our interaction and relationships with vendors, as well as participating in industry PSIRT with vendors and other open-source projects. - The funded contracts continued for: o - improvements in release engineering by martin - We continued a fundraising campaign and many many other minor things. - We would like to thank the vote coordinator, vote validator, and nomcom for the handling of last year’s slate. - We finished the work on a streamlined election voting process and changes to our by-laws for you to vote on in this nomcom. Details were sent in email earlier. - It has been an honor and pleasure working with khorben, leot, mef, mlelstv, riastradh, and wiz to accomplish all that we have in this year. - Respectfully submitted on behalf of the Board of Directors .eof next is the report by communications: A non-scientific representation of Social Media Presence: - Twitter: (very active) @netbsd has 9,490 followers up from 9,021 @pkgsrc has 639 followers up from 611 - Facebook: 1,900 members up from 1,579 (sort of active) - FreeNode IRC users: (very very active) #NetBSD: 248 down from 298 #NetBSD-code: 56 down from 60 #pkgsrc: 92 down from 113 - NOTE: The numbers from FreeNode are likely going to be off due to their recent implosion. We have set up channels on irc.libera.chat, but have not made a formal decision yet. Numbers fluctuate due to people not staying on persistently. .eof and the report by security-team This is a brief report for security-team: - Since the last AGM, we have released two Security Advisories: o - NetBSD-SA2021-001 Predictable ID disclosures in IPv4 and IPv6 o - NetBSD-SA2020-003 USB network interface jumbo packet memory corruption - We’d like to encourage the NetBSD project members to participate in the security-team. The process of writing advisories and handling the patches is time-consuming but rewarding: one gets to learn about different ways used to subvert security which in turn improves their ability to write secure code, implement security fixes, and at the same time learn how to convey complex technical concepts in clear and concise manners. Because we are short-handed, we are slow responding to known issues (eg. SAD DNS), or we are slow publishing already corrected security issues (eg. CVE-2021-3472). To be able to be more responsive, we need more hands on board! Feel free to contact us at security-team@ - NetBSD continues to be represented in a product security incident response working group with other operating system vendors (CERT/VINCE/FULL DISCLOSURE/FIRST) as well as software package distributors (ISC/OpenSSL/NTP), and we are in direct contact with the security teams of the other BSD projects. This framework allows us to better work with vendors requiring an embargoed and/or coordinated release with other operating systems. We can begin working on issues that affect NetBSD much faster, instead of only notified after an embargo is lifted. - Submitted respectfully on behalf of the security-officer(s),the security-team, and the sirt team. .eof next up is the report from finance-exec Hi! Finance-exec maintains The NetBSD Foundation's financial records and assets at the board's direction. We make sure the books are balanced and we send thank-you letters to donors so they can get tax deductions (in the US). . We keep the books with ledger-cli , which we've been doing for a few years now, and use it to prepare the public financial report and internal reports with more detail. This way we have an audit trail, under source control, for all changes to the log of all transactions by TNF, which we reconcile with statements from financial institutions and payment processors. . The NetBSD Foundation's public 2020 financial report is at: https://www.NetBSD.org/foundation/reports/financial/2020.html . Highlights: - We have net assets of a little under 200k USD. - We spent and took in about 50k USD last year -- not quite breaking even, but we nearly hit our fundraising target, within >90%. - 2020 was an unusual year for obvious reasons, but we took in more donations than previous years despite the pandemic. - (We are not very good at going out and actually doing fundraising, so the fact that we nearly hit the fundraising target is pretty nice!) - This is the 16th year we have been producing this report. Can you guess what our first balance was? (No cheating!) . Happy to answer any questions about what finance-exec does! Thanks, -finance-exec the report on gnats from our chief entomologist Here's the bug database report since the last AGM (12 months): - GNATS statistics for 2020 (as of May 22 2021) - New PRs this year: 879, of which 562 are still open. Closed PRs this year: 727. Net change: +152. Total PRs touched this year: 1237. Oldest PR touched this year: 1880. Oldest open PR: 1677; PR ignored for the longest: 3019. - Total number open: 5967 - This year the overall count, after having been down some in the early spring, chugged steadily upward over the summer until we busted 6000 open at once in September. That milestone prompted some work, and the number wavered up and down some before peaking at 6030 in late December. Since then we have remained under 6000, except for briefly hitting 6006 last week. This is all somewhat depressing (it wasn't that far back that crossing 5000 was the bad news), and this year's counts of new PRs remaining open, the total number touched, and the net change are all worse than last year. It's anyone's guess how much (and in what way) the pandemic contributed to this. - On the plus side, the primary problem is (as it always has been) connecting bug reports with people who want things in their area of experience to work on, and I expect myself to finally have some time again this year to work on this, as well as to do more of the general database maintenance than I have been. - This is the week-by-week plot: *** 6030 **** ******** * ******** **************** ************ ******************************************* *********************************************** ************************************************** **************************************************** ***************************************************** 5820 - Here are the people who've been fixing the most bugs, as counted by commit messages found in PRs closed during the year. - 14 ryoon@netbsd.org 15 nia@netbsd.org 21 christos@netbsd.org 30 wiz@netbsd.org 43 jdolecek@netbsd.org - As always there's a very long tail on this list; the average number of PR commits per person (of those who've made any at all) is 5.8. I would also like to point out that, same as last year, Maya has been doing a huge fraction of the routine gnats maintenance (as measured by PR state changes) by herself. Thanks, Maya. - And here are those who've been processing pullups, according to the same analysis: - 2 snj@netbsd.org (releng) 3 bouyer@netbsd.org (releng) 3 jdolecek@netbsd.org (releng) 6 bsiegert@netbsd.org (releng) 89 martin@netbsd.org (releng) - This has gotten even more lopsided this year, and once again it's Martin carrying nearly the whole load. Thanks again and again, Martin. admins Donning my admins’ hat: good localtime() all . admins is the following people: christos, dogcow, gendalia, mspo, phil, riz, seb, soda, spz, tls . Statistics: - admins runs the following TNF systems: @ TastyLime + 10 (11) hardware systems and 6 Xen guests = 3 earmv7hf, the rest amd64 @ Columbia University + 11 hardware systems and 4 Xen guests, = 2 i386 guests, the rest amd64 @ Washington University + 7 hardware systems and 2 Xen guests = 1 earmv7hf and the rest amd64 . - donated resources for the off-site backup, archive, wip.pkgsrc.org and the new babylon5.netbsd.org (anita tests): @ Regensburg (commercial housing) + 2 hardware systems, one of them with 2 Xen guests, = all amd64 . - CDN services donated by Fastly . NetBSD versions in use: 6 pre-8.1 8 10 8.1_STABLE 6 9.0_STABLE 16 9.1_STABLE 2 currentish . Changes in use of system: old babylon5 developed issues with its disk system, which caused hangs and crashes. Since a replacement at TastyLime was not practical at the time, the service was moved to a machine I bought for the purpose. . NetBSD-archive used to reside on ftp.NetBSD.org, but since that needed more disk space and expanding the raid of SSDs it uses was not feasible, plus the archive doesn't need the speed, I bought large if slow disks for my Xen server in Regensburg and moved the archival content. archive.netbsd.org points to Fastly which knows where to get what it doesn't have in cache. . Notable plans are to get out of this pandemic and regain time&energy for NetBSD. . Thanks to riz, tls and phil for their resources, time and blood sacrifices, too. :} . next is the report from core Core's job is to provide technical leadership for the project, manage funded projects, create roadmaps for the future of the project, and resolve disputes. Although we mean well, we have been doing less that what we've hoped to achieve, and we welcome help. Our group is: Alistair Crooks Christos Zoulas Chuck Silvers Robert Elz Martin Husemann Matthew Green Taylor R Campbell The group can be reached at One of the tasks of the core team is to oversee, initiate and approve funded projects. We had a few of those in the last year and a few ongoing and planned for the future. - Martin working on merging wifi from FreeBSD (with nat@ helping big time and hopefully soon more developers chiming in to adapt their own wifi hardware - as soon as tutorials/docs are available). - releng work (martin) - this year we only received one GSoC slot, but had another worthwhile proposal, so we are funding a second student working on a posix_spawn(2) extension to support chdir(2) We are always open for suggestion from developers who would like to work on specific topics that require larger work or have been long neglected and need cleanup. Another task of the core team is to resolve disputes between developers and provide ruling for contested issues. Luckily this year was quiet in this regard. The most painful task for core is to automatically be part of the security team and acting as fallback to make sure that security issues are handled in a timely fashion. Please consider joining our security team to help. Another way you can help the core team is to take over maintenance of some of our big 3rd party software. Currently most of this is done by both christos@ and mrg@, who could use more time for core and other business. If you feel you could help, please contact the current maintainer (see src/doc/3RDPARTY). Right now we are moving most architectures over to GCC 10. It would be great to finish that move and only carry over a single GCC instance into the netbsd-10 branch. We are planning to branch before August 1st. Finally we have a many ports that don't have a named caretaker (portmaster). Here is the list: amd64, avr32, bebox, cats, cesfic, dreamcast, evbarm, evbppc, evbsh3, hpcarm, i386, ibmnws, iyonix, m88k, mmeye, mvme68k, mvmeppc, netwinder, next68k, ofppc, prep, riscv, shark, sun2, sun3, sun3x, zaurus If you are interested taking over one or more of the above, please let us know! thanks the report from membership-exec The current members of membership-exec are: - Christos Zoulas - Martin Husemann - Lex Wennmacher - Thomas Klausner , and - Ken Hornstein (on sabbatical) .Membership-exec is responsible for all aspects of "membership". This year we had very few disputes or inappropriate behavior to act upon, so in practice our main task was to handle membership applications. The number of active developers (as of 2021-03-14) is 152 (down from 160 last year). As in the last years, Thomas Klausner conducted our annual account cleanup. . Since the last AGM we gained 4 new developers, lost 7 due to the account cleanup, and 2 resigned. . The difference between developers and active developers is explained in the bylaws: an active developer has committed something in the last year. . We'd like to emphasize that we appreciate all your replies to our membership RFC e-mails, although we do not usually acknowledge them. Please keep on providing feedback to the RFC mails. . In other words, business as usual. Thanks for listening. . the report from pkgsrc-pmc (the previous report was prepared by wennmach@, thanks) This next report was prepared by gdt@, also thanks. . Once again, the pkgsrc team kept pkgsrc-current up to date and in good working order, and delivered four -- the 67th through 70th -- stable branches, both source code and binary packages. Remarkably, this consistency is now unremarkable. The count of binary packages in the NetBSD 9 amd64 and aarch64 bulk builds has crossed 24000. A number of platforms are over 20000, including NetBSD 9.0/earmv7hf, NetBSD 9/alpha, CentOS 8/x86_64 and SmartOS/x86_64. . The pkgsrc team has welcomed a number of new developers. . pkgsrc has a new process for assessing binary package sets before flipping the default symlink to them, and thus causing binary package users to use them. The goal is to make sure enough resolvable issues have been resolved before the switch, so that users don't update and then not have e.g. firefox. Thanks to nia@ for the idea and doing the assessing and symlink changing. . Some upstream packages continue to fail to build on some platforms. While pkgsrc has attempted to mitigate this, older platforms such as NetBSD 8 are increasingly losing some packages that have complicated and difficult build requirements. . Rust support has been improved substantially, particularly on NetBSD, with bootstraps being more robust. Users can now select binary builds of rust, useful to avoid long build times and when building rust from source fails. . The default Fortran compiler is now gfortran instead of g95. . Initial support was added for M1 (aarch64) processors on macOS. . Many packages that do not build, have no functioning upstreams, and are believed to have no users have been removed. While pkgsrc has always done this, the accumulated cruft has felt a bit more burdensome, and we've been a bit more aggressive about pruning, so far without complaints. . End of last year we switched the default path for the PKGDB on NetBSD from /var/db/pkg to ${PREFIX}/pkgdb. There were some iterations to get this right, but in the end it made for a more consistent setup. . pkgsrc continues to struggle with the conflicting goals of having all packages updated to the latest upstream releases immediately, and simultaneously having all depending packages continue to build and work, despite the other upstreams not having releases that work with the latest versions of dependencies. In general this problem is not solvable, but we continue to move slightly in favor or stability as judged by buildable and working packages in each stable branch. . jperkin has left the pkgsrc-pmc last fall. Thank you, Jonathan, for all your continuing work on and enthusiasm for pkgsrc! . -- gdt, for pkgsrc-pmc . the report from pkgsrc-security Hello! - The mission of the pkgsrc Security Team is to ensure that the ever-growing ecosystem of third party software is either safe to use or at least be sure people are aware of the known vulnerabilities. - Our members monitor publicly available vulnerability feeds mainly CVE. - A special thanks to Thomas Klausner who established the conversion of NVD RSS feed to mails that populate the pkgsrc-security RT queue via newspipe. - We aggregate received advisories believed to impact pkgsrc into the pkgsrc vulnerability list and notify individual package MAINTAINERs. When time allows we locate and commit patches to fix the vulnerabilities. - Our ticket handling crew is currently only 2 people, unfortunately pretty understaffed. We are looking and welcome people volunteering to join us! - Currently handling tickets are: - Thomas Merkel - Leonardo Taccari - Travis Paul left the pkgsrc-security rotation this year. Thank you very much Travis for all your work! - The other current members of the team are: - Alistair G. Crooks - Daniel Horecki - Thomas Klausner - Tobias Nygren - Ryo ONODERA - Travis Paul - Fredrik Pettai - Joerg Sonnenberger - Tim Zingelman - The year in numbers: In 2020, the vulnerability list had 1732 lines added to it (458 less than last year) for a total of 20386 known vulnerabilities. In 2020, the ticket queue received 29847 new advisories (5649 less than last year). Of these 29847 new advisories: stalled: 0 ( 0%) resolved: 1452 ( 5%) (affecting pkgsrc packages) rejected: 28395 (95%) (no impact/duplicates) - The current count of vulnerable packages in pkgsrc-current is 671 (80 more than last year), in pkgsrc-stable is 696 (20 more than last year). See the periodic email to packages@NetBSD.org for the list. We can always use help locating and committing security patches, in particular for the many of these that are maintained by pkgsrc-users. - We encourage all developers to help us keep the vulnerability list up-to-date. If you become aware of a security issue or perform a security update in pkgsrc please edit the list. You don't need any special privilege for this. You'll find the list in localsrc CVS repository: localsrc/security/advisories/pkg-vulnerabilities The team periodically signs off and uploads new revisions to ftp.NetBSD.org. If you prefer, you can contact us to make the edits, just by emailing the info to pkgsrc-security@. - EOF the report from releng We are: abs agc bouyer he jdc martin msaitoh phil reed riz sborrill snj Since the last meeting, we have: - released 9.1 (October 18, 2020) - released 9.2 (May 12, 2021) - Processed hundreds of pullup requests. Similar to last years meeting we hoped to have branched for NetBSD 10 by now, but even a year later current does not look quite good enough yet (but we are mostly there). We had a very smooth and well received 9.2 release last week. A lot of stuff happened since 9.1, a lot developers still care about the netbsd-9 release branch, which is a very good thing! Another release for the netbsd-8 branch will happen, but likely not too soon. We will desupport it a month after the NetBSD 10.0 release, and ideally before September 2021. There are some issues with the OpenSSL version on that branch - we can not upgrade it without violating our binary compat promises, and we can not fix it either, since upstream only offers patches for paying customers. Since pkgsrc already uses the pkgsrc openssl on this branch, this problem is not critical, but of course it is not ideal either. Things will get even worse when in September 2021 the DST Root CA X3 will expire, and (due to a signature verification bug in old openssl versions) all Let's Encrypt certificates will not verify any more with netbsd-8 base system OpenSSL. Luckily the server side of things should not be affected. Now looking forward, once it is ready NetBSD 10 will have a lot of major improvements, especially performance on multi core machines. We are eager to get it onto our build cluster. We are hoping to branch for netbsd-10 before august 1. While talking about the build cluster: we will take it out of production for a few days sometime in the next two weeks. The build system we use currently is tied quite closely to CVS - we will test patches that make it independent of that. To close, I would like to remind everyone that release branches only improve because developers took the time to test their changes on the branch and submit a pullup request. We have been pretty good with this, and pulled up lots of security and usability improvements, as well as bug fixes to the various active branches. This is good for our users, thank you to everyone who cared and made it possible. thanks we are starting the Q&A now. msg me to get voice to send your question. no questions? let's wait another 5 min for questions; if none arrive I'll close the official meeting I would like to question -releng team that can we follow CentOS stream life cycle for NetBSD 9.x stable ? So NetBSD 9 stream till EOL sorry, I do not understand the question can you clarify? What I meant is that we can rather than having point stable releases have something as continued stable release as we already do daily stable binary on repo I see And we already have all pkgsrc packages compatible across point releases there are a few additional things happening for the formal releases, especially the mac* ports we have not automated that part yet otherwise the difference to the daily builds is negligible jaypatelani: does that answer your question? Oh Thanks martin I didn't think of other ports :( but if possible we can follow continued life cycle for amd64 & arm will be good :) spz: yes. And Thanks board for allowing me to speak. Can someone quickly summarize the state of the repository migration? please msg me to get voice to answer questions, too short version: the main problems with aborted clones should be solved; there is one issue around non-caching of certain changeset evolution data left (which is noticeable quite a bit on anonhg, e.g. with src-all) that one I consider a stopper and it is worked on finally there is the question of waiting for the sha1 alternative for the main hash function or doing a second hg->hg migration in the not so far future I'm more leaning on the second, but input is appreciated generally speaking, if you try it and hit issues, send me a good bug with a recent version of hg :) good meaning including what version you tried and what actually failed while talking for releng I mentioned: While talking about the build cluster: we will take it out of production for a few days sometime in the next two weeks. The build system we use currently is tied quite closely to CVS - we will test patches that make it independent of that. That's what prompted me to ask :-) thanks. we also considered replacing the home-grown auto build system with an off-the-shelf CI so this is just a test, no final decision drawn yet I would like to suggest to Marketing team to do live coding sessions of certain daily work NetBSD developers do once a quarter or whenever it can be possible. I think that is not really a question and we can continue to the next, right? Given the shortage of hands mentioned several times is there a point to join to the team for developers like me who don't have much OS development and C experience? I mean outside pkgsrc development. msg me to pick up the question that is a very good question if you want to do technical documentations (not only man pages, but everything on the web site, the wiki, the guide, ...) you can certainly help w/o real coding and e.g. writing security advisories is more an organizational + writing task, but requires basic code and source control understanding I'd also like to add that few of us were born writing kernel code in C NetBSD is very weighted towards senior staff at this point, probably too much so, and there's definitely room for juniors. If your coding skill is in python or whatever, you'll find it's surprisingly transferable. If you don't have much yet, you can pick it up... OK, understood, thank you. Who can I contact for further discussions? There's also a good deal of administrative work that only developers have access to do (like maintaining the bug database) that does not require coding skill at all. Unfortunately, most of that is also scutwork :-( I'm not sure which is the best contact, if in doubt, talk to core@NetBSD.org or hang out in #netbsd-code We should really find better ways to welcome contributions that don't start with submitting patches to C code in gnats! we have another question Hello! Two questions embedded in one. 1) How does a developer become such? Are there some conventional steps, or it's just a natural process (after several Mailing List interactions, PR submissions and similar, the person is invited at some point to become a developer by another developer)? 2) I can not provide a constant commitment: some weeks I can, some weeks I can't. Frankly speaking, is this a limitation if I'd like to become a developer? 1) yes; you contribute and we think you have good judgement Certainly a constant commitment to working on things is not necessary; except for a handful of specific consulting projects that TNF pays for, we're all volunteers spending our own time as we see fit! ok! Thank you! Remember, the standard for remaining an active developer is committing one thing a year. After someone has made more contributions, the process is often something like: an existing developer asks, `wait, isn't a developer already?', and finds a couple of sponsors to invite filling out a membership application. Sometimes it takes a while for us to notice because we're not always on top of things! (not always on top of things -> see also: we're all volunteers spending our own time as we see fit) we no longer have open questions, so now to the "closing" part Thanks spz! This presentation was prepared by Cryo, thanks Cryo! - The NetBSD Foundation would like to thank (in no particular order): - We'd like to thank all of the places that host our servers as well as the wonderful heroes who do the hands-on work with them as needed. - Thank you to all of the executive committees who do a lot of the behind-the-scenes magic to keep EVERYTHING running smoothly, and resolving not-so-smooth situations. - A special thank you goes to those who are running our services, as well as those bug reporters filing Problem Reports. - Finally, thank YOU, for being part of this process today, fixing bugs and committing new features, and making NetBSD and pkgsrc the best operating system and packaging system We couldn't do it without you. Keep up the excellent work. - .eof thanks everybody, I now declare this channel to be open