Upload
skubrick
View
250
Download
0
Embed Size (px)
Citation preview
8/14/2019 Debian communities after the OpenSSL error
1/111
Debian after the OpenSSL error
Debian after the OpenSSL errorThe OpenSSL error effects on Debians community
dynamics
Jorge Lopez [email protected]
Master on Libre Software
Dynamics of Libre Software Communities, January 23, 2010
http://creativecommons.org/licenses/by-nc-sa/3.0/8/14/2019 Debian communities after the OpenSSL error
2/111
Debian after the OpenSSL error
Outline
1 Introduction
2 Individual Resultskernel
kernel-secpkg-opensslpkg-perlpython-modulesdebian-edu
3 Global Results
4 Possible Improvements On This Study
8/14/2019 Debian communities after the OpenSSL error
3/111
Debian after the OpenSSL error
Introduction
Objective
The objective of this study was to find out if Debians OpenSSLerror on 2008 resulted in some variation on its community dailywork.
The OpenSSL Error
On May 13th 2008 programmer Luciano Bello discovered
that Debians OpenSSL package had a predictable randomnumber generator, thus an important security weakness. Debian
fixed it very fastly, but as the error was caused by Kurt Roeckx,a Debian programmer, their policy of changing external code
started to be questioned by some people.
More info: Barrapunto
f O SS
http://barrapunto.com/articles/08/05/13/1442221.shtmlhttp://barrapunto.com/articles/08/05/13/1442221.shtml8/14/2019 Debian communities after the OpenSSL error
4/111
Debian after the OpenSSL error
Introduction
Working Mechanics
Debian has lots of repos, so its important to think on some kind ofworking mechanics. This is the one which was used for this report:
1 Filtering Debian repos for obtaining the most interesting ones.
2 Most interesting or important repos detailed analysis.
3 Results extraction from the individual repos.
4 Global results extraction from the repos results.
The analysis wont be made over all Debian history, because that isnot our objective. We will cover 2007, 2008 and 2009, and see ifthere was some change on the dynamics slightly after the OpenSSLerror fixing.
D bi f h O SSL
8/14/2019 Debian communities after the OpenSSL error
5/111
Debian after the OpenSSL error
Introduction
Working Mechanics
Debian has lots of repos, so its important to think on some kind ofworking mechanics. This is the one which was used for this report:
1 Filtering Debian repos for obtaining the most interesting ones.
2 Most interesting or important repos detailed analysis.
3 Results extraction from the individual repos.
4 Global results extraction from the repos results.
The analysis wont be made over all Debian history, because that isnot our objective. We will cover 2007, 2008 and 2009, and see ifthere was some change on the dynamics slightly after the OpenSSLerror fixing.
D bi ft th O SSL
8/14/2019 Debian communities after the OpenSSL error
6/111
Debian after the OpenSSL error
Introduction
Working Mechanics
Debian has lots of repos, so its important to think on some kind ofworking mechanics. This is the one which was used for this report:
1 Filtering Debian repos for obtaining the most interesting ones.
2 Most interesting or important repos detailed analysis.
3 Results extraction from the individual repos.
4 Global results extraction from the repos results.
The analysis wont be made over all Debian history, because that isnot our objective. We will cover 2007, 2008 and 2009, and see ifthere was some change on the dynamics slightly after the OpenSSLerror fixing.
Debian after the OpenSSL error
8/14/2019 Debian communities after the OpenSSL error
7/111
Debian after the OpenSSL error
Introduction
Working Mechanics
Debian has lots of repos, so its important to think on some kind ofworking mechanics. This is the one which was used for this report:
1 Filtering Debian repos for obtaining the most interesting ones.
2 Most interesting or important repos detailed analysis.
3 Results extraction from the individual repos.
4 Global results extraction from the repos results.
The analysis wont be made over all Debian history, because that isnot our objective. We will cover 2007, 2008 and 2009, and see ifthere was some change on the dynamics slightly after the OpenSSLerror fixing.
Debian after the OpenSSL error
8/14/2019 Debian communities after the OpenSSL error
8/111
Debian after the OpenSSL error
Introduction
Working Mechanics Detailed
Now Ill explay how each step was accomplished:
1 Filtering Debian repos for obtaining the most interesting ones:a R script was created for filtering Debian repos. With therepos names it used CVSAnaly for obtaining their data, andafter that it made some simple queries for obtaining the
number of commits and committers. If they werent biggerthan a barrier, then the DB was dropped. In other case, moredetailed analysis were made.
2 Most interesting repos detailed analysis: most of this wasintegrated with the previous step.
3 Results extraction from the individual repos: had to check thevarious graphs obtained, and in some cases needed specificqueries for confirming my hypothesis.
4 Global results extraction from the repos results: simply
extracted the global trend of the repositories from theindividual results.
Debian after the OpenSSL error
8/14/2019 Debian communities after the OpenSSL error
9/111
Debian after the OpenSSL error
Introduction
Working Mechanics Detailed
Now Ill explay how each step was accomplished:
1 Filtering Debian repos for obtaining the most interesting ones:a R script was created for filtering Debian repos. With therepos names it used CVSAnaly for obtaining their data, andafter that it made some simple queries for obtaining the
number of commits and committers. If they werent biggerthan a barrier, then the DB was dropped. In other case, moredetailed analysis were made.
2 Most interesting repos detailed analysis: most of this wasintegrated with the previous step.
3 Results extraction from the individual repos: had to check thevarious graphs obtained, and in some cases needed specificqueries for confirming my hypothesis.
4 Global results extraction from the repos results: simply
extracted the global trend of the repositories from theindividual results.
Debian after the OpenSSL error
8/14/2019 Debian communities after the OpenSSL error
10/111
Debian after the OpenSSL error
Introduction
Working Mechanics Detailed
Now Ill explay how each step was accomplished:
1 Filtering Debian repos for obtaining the most interesting ones:a R script was created for filtering Debian repos. With therepos names it used CVSAnaly for obtaining their data, andafter that it made some simple queries for obtaining the
number of commits and committers. If they werent biggerthan a barrier, then the DB was dropped. In other case, moredetailed analysis were made.
2 Most interesting repos detailed analysis: most of this wasintegrated with the previous step.
3 Results extraction from the individual repos: had to check thevarious graphs obtained, and in some cases needed specificqueries for confirming my hypothesis.
4 Global results extraction from the repos results: simplyextracted the global trend of the repositories from theindividual results.
Debian after the OpenSSL error
8/14/2019 Debian communities after the OpenSSL error
11/111
p
Introduction
Working Mechanics Detailed
Now Ill explay how each step was accomplished:
1 Filtering Debian repos for obtaining the most interesting ones:a R script was created for filtering Debian repos. With therepos names it used CVSAnaly for obtaining their data, andafter that it made some simple queries for obtaining the
number of commits and committers. If they werent biggerthan a barrier, then the DB was dropped. In other case, moredetailed analysis were made.
2 Most interesting repos detailed analysis: most of this wasintegrated with the previous step.
3 Results extraction from the individual repos: had to check thevarious graphs obtained, and in some cases needed specificqueries for confirming my hypothesis.
4 Global results extraction from the repos results: simplyextracted the global trend of the repositories from theindividual results.
Debian after the OpenSSL error
8/14/2019 Debian communities after the OpenSSL error
12/111
p
Introduction
Selected Repositories
When the R script had finished, I selected the following repositoriesamong all the ones wich were at least minimally interesting:
kernel
kernel-secpkg-openssl
pkg-perl
python-modules
debian-edu
All packages can be downloaded or simply browsed at Debiansrepositories page.
Debian after the OpenSSL error
http://svn.debian.org/wsvn/kernelhttp://svn.debian.org/wsvn/kernel-sechttp://svn.debian.org/wsvn/pkg-opensslhttp://svn.debian.org/wsvn/pkg-perlhttp://svn.debian.org/wsvn/python-moduleshttp://svn.debian.org/wsvn/debian-eduhttp://svn.debian.org/http://svn.debian.org/http://svn.debian.org/http://svn.debian.org/http://svn.debian.org/wsvn/debian-eduhttp://svn.debian.org/wsvn/python-moduleshttp://svn.debian.org/wsvn/pkg-perlhttp://svn.debian.org/wsvn/pkg-opensslhttp://svn.debian.org/wsvn/kernel-sechttp://svn.debian.org/wsvn/kernel8/14/2019 Debian communities after the OpenSSL error
13/111
Introduction
Analysis Limitations
I wasnt able to use all of Libresoft tools due to some Debians
features, or lack of them.Debian has a policy of not creating mboxes out of their mailinglists, so mlstats cant be used for obtaining data about them(but Debian provides some graphs about these mailing lists).
Debian uses its own bug tracking system, and Bicho isnt ableto parse it.
Debian after the OpenSSL error
8/14/2019 Debian communities after the OpenSSL error
14/111
Individual Results
kernel
Outline
1 Introduction
2 Individual Resultskernel
kernel-secpkg-opensslpkg-perlpython-modulesdebian-edu
3 Global Results
4 Possible Improvements On This Study
Debian after the OpenSSL error
8/14/2019 Debian communities after the OpenSSL error
15/111
Individual Results
kernel
General Description
This repository stores many types of files related to Linuxskernel as its distributed with Debian.
Some Simple Data About It
Total # committers: 42
Total # commits: 14840
Avg. commits/month: 145,49
Total # actions: 51543
Total # files: 19860
2007 commits: 1949
2008 commits: 2526
2009 commits: 2298
Gini coefficient (2007-2009):0,234639 (23% work done by20% developers)
Data collected on January 4
th
2010
Debian after the OpenSSL error
8/14/2019 Debian communities after the OpenSSL error
16/111
Individual Results
kernel
Analysis GraphsCommits Over Time
Commits by date
Time
#Commits
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
100
150
200
250
300
350
100
150
200
250
300
350
Debian after the OpenSSL error
I di id l R l
8/14/2019 Debian communities after the OpenSSL error
17/111
Individual Results
kernel
Analysis Graphs (cont.)Commits Time Analysis
# Commits Time analysis
100
200
300
data
50
0
50
seasonal
100
150
200
trend
100
0
50
100
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
I di id l R lt
8/14/2019 Debian communities after the OpenSSL error
18/111
Individual Results
kernel
Analysis Graphs (cont.)Actions Over Time
Actions by date
Time
#
Actions
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
500
1000
1500
2000
500
1000
1500
2000
Debian after the OpenSSL error
Individual Results
8/14/2019 Debian communities after the OpenSSL error
19/111
Individual Results
kernel
Analysis Graphs (cont.)Actions Time Analysis
# Actions Time analysis
500
1000
2000
data
200
200
600
season
al
400
600
800
trend
500
0
500
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL errorIndividual Results
8/14/2019 Debian communities after the OpenSSL error
20/111
Individual Results
kernel
Analysis Graphs (cont.)Managed Files Over Time
Managed files by date
Time
#ManagedFiles
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
200
400
600
800
1000
1200
1400All files
Nondeleted files
200
400
600
800
1000
1200
1400
Debian after the OpenSSL errorIndividual Results
8/14/2019 Debian communities after the OpenSSL error
21/111
Individual Results
kernel
Analysis Graphs (cont.)New Committers Over Time
New Committers
Time
#New
Committers
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0.0
0.5
1.0
1.5
2.0
0.0
0.5
1.0
1.5
2.0
Debian after the OpenSSL errorIndividual Results
8/14/2019 Debian communities after the OpenSSL error
22/111
Individual Results
kernel
Analysis Graphs (cont.)Active Committers Over Time
Active committers by date
Time
#ActiveCommitters
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
5
6
7
8
9
10
11
12
5
6
7
8
9
10
11
12
8/14/2019 Debian communities after the OpenSSL error
23/111
Debian after the OpenSSL errorIndividual Results
8/14/2019 Debian communities after the OpenSSL error
24/111
kernel
Analysis Graphs (cont.)Core Committers (On Each Period) Time Analysis
# Commits By Core Committers Time analysis
50
100
150
200
250
data
60
20
2
0
60
season
al
60
80
100
140
trend
50
0
50
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL errorIndividual Results
8/14/2019 Debian communities after the OpenSSL error
25/111
kernel
Analysis Graphs (cont.)Period Top Committers Time Analysis
# Commits By Top 5 Committers On 20072009 Time analysis
50
150
250
35
0
data
50
0
50
season
al
50
100
150
200
trend
100
50
0
50
100
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL errorIndividual Results
8/14/2019 Debian communities after the OpenSSL error
26/111
kernel
Analysis Graphs (cont.)Period Non Top Committers Time Analysis
# Commits By Non Top Committers On 20072009 Time analysis
0
20
40
60
80
100
data
5
0
5
10
15
season
al
10
20
30
40
50
60
trend
30
10
10
30
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL errorIndividual Results
8/14/2019 Debian communities after the OpenSSL error
27/111
kernel
Analysis Results
It had an important drop on working on 2008.
It started to grow again on 2009s early months, and it reached itspeak on March 2009.
On 2009s final months it had again an important grow, specially on
commits by non-core committers.
Conclusions
The repository showed a normal behavior, because it had a drop onits activity during 2008 with no special changes close to May, and
after that on September 2009 Debian released its latest version, sothe activity grew again to an important level, specially on committersthat didnt work on past months, who returned to their work withthe release of lenny, probably because a new release needs lots ofwork at the beginning.
Debian after the OpenSSL errorIndividual Results
8/14/2019 Debian communities after the OpenSSL error
28/111
kernel-sec
Outline
1 Introduction
2 Individual Resultskernel
kernel-secpkg-opensslpkg-perlpython-modulesdebian-edu
3 Global Results
4 Possible Improvements On This Study
Debian after the OpenSSL errorIndividual Results
8/14/2019 Debian communities after the OpenSSL error
29/111
kernel-sec
General Description
This repository stores the CVE files related to bugs orrequests about Linuxs kernel as its distributed with Debian.
Some Simple Data About It
Total # committers: 14
Total # commits: 1667
Avg. commits/month: 32,06
Total # actions: 5522
Total # files: 805
2007 commits: 407
2008 commits: 206
2009 commits: 381
Gini coefficient (2007-2009): 0.3254886 (33% work done by 20%developers)
Data collected on January 4
th
2010
Debian after the OpenSSL errorIndividual Results
k l
8/14/2019 Debian communities after the OpenSSL error
30/111
kernel-sec
Analysis GraphsCommits Over Time
Commits by date
Time
#Commits
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
10
20
30
40
50
60
10
20
30
40
50
60
Debian after the OpenSSL errorIndividual Results
k l
8/14/2019 Debian communities after the OpenSSL error
31/111
kernel-sec
Analysis Graphs (cont.)Commits Time Analysis
# Commits Time analysis
10
20
30
40
50
60
data
15
5
0
5
10
15
seasonal
15
25
35
45
trend
15
5
5
15
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL errorIndividual Results
kernel sec
8/14/2019 Debian communities after the OpenSSL error
32/111
kernel-sec
Analysis Graphs (cont.)Actions Over Time
Actions by date
Time
#
Actions
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
50
100
150
0
50
100
150
Debian after the OpenSSL errorIndividual Results
kernel sec
8/14/2019 Debian communities after the OpenSSL error
33/111
kernel-sec
Analysis Graphs (cont.)Actions Time Analysis
# Actions Time analysis
0
50
100
150
data
40
20
0
20
40
seasonal
60
70
80
90
110
trend
60
20
20
60
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL errorIndividual Results
kernel-sec
8/14/2019 Debian communities after the OpenSSL error
34/111
kernel sec
Analysis Graphs (cont.)Managed Files Over Time
Managed files by date
Time
#ManagedFiles
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
20
40
60
80
100
120
All files
Nondeleted files
0
20
40
60
80
100
120
Debian after the OpenSSL errorIndividual Results
kernel-sec
8/14/2019 Debian communities after the OpenSSL error
35/111
kernel sec
Analysis Graphs (cont.)New Committers Over Time
New Committers
Time
#New
Committers
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0.0
0.5
1.0
1.5
2.0
0.0
0.5
1.0
1.5
2.0
Debian after the OpenSSL errorIndividual Results
kernel-sec
8/14/2019 Debian communities after the OpenSSL error
36/111
Analysis Graphs (cont.)Active Committers Over Time
Active committers by date
Time
#ActiveCommitters
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
1
2
3
4
5
6
1
2
3
4
5
6
Debian after the OpenSSL errorIndividual Results
kernel-sec
8/14/2019 Debian communities after the OpenSSL error
37/111
Analysis Graphs (cont.)Active Committers Time Analysis
# Active Committers Time analysis
1
2
3
4
5
6
data
0.6
0.2
0.
2
0.6
seaso
nal
2.0
2.5
3.0
3.5
trend
1
0
1
2
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL errorIndividual Results
kernel-sec
8/14/2019 Debian communities after the OpenSSL error
38/111
Analysis Graphs (cont.)Core Committers (On Each Period) Time Analysis
# Commits By Core Committers Time analysis
5
10
20
30
data
8
4
0
2
4
6
seaso
nal
12
16
20
24
trend
5
0
5
10
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL errorIndividual Results
kernel-sec
8/14/2019 Debian communities after the OpenSSL error
39/111
Analysis Graphs (cont.)Period Top Committers Time Analysis
# Commits By Top 5 Committers On 20072009 Time analysis
10
20
30
40
50
60
data
10
0
5
10
15
seaso
nal
15
25
35
45
trend
20
10
0
10
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL errorIndividual Results
kernel-sec
8/14/2019 Debian communities after the OpenSSL error
40/111
Analysis Graphs (cont.)Period Non Top Committers Time Analysis
# Commits By Non Top Committers On 20072009 Time analysis
0
2
4
6
8
101
2
data
1
0
1
2
3
4
seaso
nal
0.5
1.0
1.5
2.0
trend
4
2
0
2
4
6
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL errorIndividual Results
kernel-sec
8/14/2019 Debian communities after the OpenSSL error
41/111
Analysis Results
It had an important drop on working on 2007 and 2008.
It had a small growth 2009s early and middle months.
On October 2009 there was an immense growth.
Conclusions
Like the previous one, this repository showed a normal behavior, butthis time its biggest increase was immediately after Debians releaseon September (a new release = lots of bugs and requests), and theactivity was mainly done by core committers simply because thereare so few committers that in every period there arent many apartfrom the top ones.
Debian after the OpenSSL errorIndividual Results
pkg-openssl
8/14/2019 Debian communities after the OpenSSL error
42/111
Outline
1 Introduction
2 Individual Resultskernel
kernel-secpkg-opensslpkg-perlpython-modulesdebian-edu
3 Global Results
4 Possible Improvements On This Study
Debian after the OpenSSL errorIndividual Results
pkg-openssl
8/14/2019 Debian communities after the OpenSSL error
43/111
General Description
This is the OpenSSL repository, thus directly affected by theerror.
Some Simple Data About It
Total # committers: 5Total # commits: 439
Avg. commits/month: 12,54
Total # actions: 1600
Total # files: 6592007 commits: 77
2008 commits: 72
2009 commits: 94
Gini coefficient (2007-2009): 0.638203 (64% work done by 20%developers)
Data collected on January 4th 2010
Debian after the OpenSSL errorIndividual Results
pkg-openssl
A l i G h
8/14/2019 Debian communities after the OpenSSL error
44/111
Analysis GraphsCommits Over Time
Commits by date
Time
#Commits
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
5
10
15
20
25
30
35
0
5
10
15
20
25
30
35
Debian after the OpenSSL error
Individual Results
pkg-openssl
A l i G h ( )
8/14/2019 Debian communities after the OpenSSL error
45/111
Analysis Graphs (cont.)Commits Time Analysis
# Commits Time analysis
0
5
15
25
3
5
data
5
0
5
10
seaso
nal
3
4
5
6
7
8
9
trend
15
5
0
5
10
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Results
pkg-openssl
A l i G h ( )
8/14/2019 Debian communities after the OpenSSL error
46/111
Analysis Graphs (cont.)Actions Over Time
Actions by date
Time
#
Actions
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
50
100
150
200
0
50
100
150
200
Debian after the OpenSSL error
Individual Results
pkg-openssl
A l i G h ( t )
8/14/2019 Debian communities after the OpenSSL error
47/111
Analysis Graphs (cont.)Actions Time Analysis
# Actions Time analysis
0
50
100
150
2
00
data
20
0
20
40
60
80
seaso
nal
20
25
30
trend
50
0
50
100
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Results
pkg-openssl
Anal sis G a hs (cont )
8/14/2019 Debian communities after the OpenSSL error
48/111
Analysis Graphs (cont.)Managed Files Over Time
Managed files by date
Time
#ManagedFiles
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
50
100
150 All files
Nondeleted files
0
50
100
150
Debian after the OpenSSL error
Individual Results
pkg-openssl
Analysis Graphs (cont )
8/14/2019 Debian communities after the OpenSSL error
49/111
Analysis Graphs (cont.)Managed Documentation Files Over Time
Managed documentation files by date
Time
#ManagedDocumentation
Files
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
2
4
6
8
0
2
4
6
8
Debian after the OpenSSL error
Individual Results
pkg-openssl
Analysis Graphs (cont )
8/14/2019 Debian communities after the OpenSSL error
50/111
Analysis Graphs (cont.)New Committers Over Time
New Committers
Time
#New
Committers
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0.0
0.2
0.4
0.6
0.8
1.0
0.0
0.2
0.4
0.6
0.8
1.0
Debian after the OpenSSL error
Individual Results
pkg-openssl
Analysis Graphs (cont )
8/14/2019 Debian communities after the OpenSSL error
51/111
Analysis Graphs (cont.)Active Committers Over Time
Active committers by date
Time
#ActiveCommitters
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0.0
0.5
1.0
1.5
2.0
2.5
3.0
0.0
0.5
1.0
1.5
2.0
2.5
3.0
8/14/2019 Debian communities after the OpenSSL error
52/111
Debian after the OpenSSL error
Individual Results
pkg-openssl
Analysis Graphs (cont )
8/14/2019 Debian communities after the OpenSSL error
53/111
Analysis Graphs (cont.)Core Committers (On Each Period) Time Analysis
# Commits By Core Committers Time analysis
0
5
10
20
30
data
5
0
5
10
seasonal
3
4
5
6
7
8
trend
10
0
5
10
15
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Results
pkg-openssl
Analysis Graphs (cont.)
8/14/2019 Debian communities after the OpenSSL error
54/111
Analysis Graphs (cont.)Period Top Committers Time Analysis
# Commits By Top 5 Committers On 20072009 Time analysis
0
5
15
25
35
data
5
0
5
10
seasonal
3
4
5
6
7
8
9
trend
15
5
0
5
10
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Results
pkg-openssl
Analysis Graphs (cont.)
8/14/2019 Debian communities after the OpenSSL error
55/111
Analysis Graphs (cont.)Top Committers Commits On 2007
1 2 3 4 5 6 7 8 9 10 11 12
Committer #1 kroeckxCommitter #2 chrismCommitter #3 keescookguestCommitter #4 keesCommitter #5 jamieguest
Committs By Top 5 Committers Evolution
Month
#Commits
0
5
10
15
20
0
5
10
15
20
Debian after the OpenSSL error
Individual Results
pkg-openssl
Analysis Graphs (cont.)
8/14/2019 Debian communities after the OpenSSL error
56/111
y p ( )Top Committers Commits On 2008
1 2 3 4 5 6 7 8 9 10 11 12
Committer #1 kroeckxCommitter #2 chrismCommitter #3 keescookguestCommitter #4 keesCommitter #5 jamieguest
Committs By Top 5 Committers Evolution
Month
#Commits
0
2
4
6
8
0
2
4
6
8
Debian after the OpenSSL error
Individual Results
pkg-openssl
Analysis Graphs (cont.)
8/14/2019 Debian communities after the OpenSSL error
57/111
y p ( )Top Committers Commits On 2009
1 2 3 4 5 6 7 8 9 10 11 12
Committer #1 kroeckxCommitter #2 chrismCommitter #3 keescookguestCommitter #4 keesCommitter #5 jamieguest
Committs By Top 5 Committers Evolution
Month
#Commits
0
5
10
15
20
25
30
0
5
10
15
20
25
30
Debian after the OpenSSL error
Individual Results
pkg-openssl
Analysis Results
8/14/2019 Debian communities after the OpenSSL error
58/111
y
It really has an only committer, Kurt Roeckx.
Kurt Roeckx didnt commit any work between November 2008 andApril 2009, but didnt find out any specific causes (maybe it wasntrelated to his work).
On May 2008 two new members started to commit code, the monthwhen the error was discovered.
Debian after the OpenSSL error
Individual Results
pkg-openssl
Analysis Results (cont.)
8/14/2019 Debian communities after the OpenSSL error
59/111
y ( )
Conclusions
This repository is a bit special, because it has an only true committer, Kurt
Roeckx. The other ones dont commit OpenSSL code, they are in charge of
what they call openssl-blacklist, a package that identifies the weak certificate
chains that were affected by the error. Obviously, it was created on May 2008
and had most of its work on that month and the immediately next ones. It hadonly a little work on 2009. Kurt Roeckx made a stop on his work on November
2008, and he returned on May 2009. It seems that he was encouraged to be in
charge of more repositories, and even to become the new Debian Secretary, so
he probably was in charge of too much work. When he returned, he continued
the work from the point he left it at, the same version of OpenSSL. He made alot of work on these months, probably because OpenSSL released a bunch of new
versions that he didnt uploaded yet, so he had a real delay. This repositorys
behavior was clearly affected by its own error, but some months later it returned
to its normal state (unless that 6 months break had some relation with it).
Debian after the OpenSSL error
Individual Results
pkg-perl
Outline
http://qa.debian.org/[email protected]://qa.debian.org/[email protected]://www.h-online.com/open/news/item/Kurt-Roeckx-is-the-new-Debian-Secretary-740219.htmlhttp://www.h-online.com/open/news/item/Kurt-Roeckx-is-the-new-Debian-Secretary-740219.htmlhttp://qa.debian.org/[email protected]://qa.debian.org/[email protected]8/14/2019 Debian communities after the OpenSSL error
60/111
1 Introduction
2 Individual Resultskernelkernel-secpkg-opensslpkg-perlpython-modulesdebian-edu
3 Global Results
4 Possible Improvements On This Study
Debian after the OpenSSL error
Individual Results
pkg-perl
General Description
8/14/2019 Debian communities after the OpenSSL error
61/111
This repository stores libraries and small programs related to
Perl.
Some Simple Data About It
Total # committers: 134Total # commits: 50781
Avg. commits/month: 735,96
Total # actions: 397818
Total # files: 1963332007 commits: 7174
2008 commits: 17080
2009 commits: 20581
Gini coefficient (2007-2009): 0.3155332 (32% work done by 20%developers)
Data collected on January 12th 2010
Debian after the OpenSSL error
Individual Results
pkg-perl
Analysis GraphsC i O Ti
8/14/2019 Debian communities after the OpenSSL error
62/111
Commits Over Time
Commits by date
Time
#Commits
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
500
1000
1500
2000
2500
0
500
1000
1500
2000
2500
Debian after the OpenSSL error
Individual Results
pkg-perl
Analysis Graphs (cont.)C i Ti A l i
8/14/2019 Debian communities after the OpenSSL error
63/111
Commits Time Analysis# Commits Time analysis
0
500
1500
2500
data
400
200
0
200
seas
onal
0
500
1500
trend
600
200
200
600
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Results
pkg-perl
Analysis Graphs (cont.)A ti O Ti
8/14/2019 Debian communities after the OpenSSL error
64/111
Actions Over Time
Actions by date
Time
#
Actions
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
5000
10000
15000
20000
25000
0
5000
10000
15000
20000
25000
Debian after the OpenSSL error
Individual Results
pkg-perl
Analysis Graphs (cont.)A ti Ti A l i
8/14/2019 Debian communities after the OpenSSL error
65/111
Actions Time Analysis# Actions Time analysis
0
5000
15000
25000
data
2000
0
2
000
6000
seas
onal
5000
10000
15000
trend
5000
0
5000
10000
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Results
pkg-perl
Analysis Graphs (cont.)Managed Files Over Time
8/14/2019 Debian communities after the OpenSSL error
66/111
Managed Files Over Time
Managed files by date
Time
#ManagedFiles
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
5000
10000
15000
20000
All files
Nondeleted files
0
5000
10000
15000
20000
Debian after the OpenSSL error
Individual Results
pkg-perl
Analysis Graphs (cont.)New Committers Over Time
8/14/2019 Debian communities after the OpenSSL error
67/111
New Committers Over Time
New Committers
Time
#New
Committers
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
Debian after the OpenSSL error
Individual Results
pkg-perl
Analysis Graphs (cont.)Active Committers Over Time
8/14/2019 Debian communities after the OpenSSL error
68/111
Active Committers Over Time
Active committers by date
Time
#ActiveCommitters
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
5
10
15
20
25
30
5
10
15
20
25
30
Debian after the OpenSSL error
Individual Results
pkg-perl
Analysis Graphs (cont.)Active Committers Time Analysis
8/14/2019 Debian communities after the OpenSSL error
69/111
Active Committers Time Analysis# Active Committers Time analysis
5
10
15
20
25
30
data
2
0
1
2
3
4
seasonal
5
10
15
20
25
trend
6
4
2
0
2
4
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Results
pkg-perl
Analysis Graphs (cont.)Core Committers (On Each Period) Time Analysis
8/14/2019 Debian communities after the OpenSSL error
70/111
Core Committers (On Each Period) Time Analysis# Commits By Core Committers Time analysis
0
500
1000
2000
data
400
200
0
100
seasonal
0
500
1000
1500
trend
400
0
200
600
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
8/14/2019 Debian communities after the OpenSSL error
71/111
Debian after the OpenSSL error
Individual Results
pkg-perl
Analysis Graphs (cont.)Period Non Top Committers Time Analysis
8/14/2019 Debian communities after the OpenSSL error
72/111
p y# Commits By Non Top Committers On 20072009 Time analysis
200
600
1000
data
200
0
100
200
seasonal
0
200
400
600
trend
200
0
200
400
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Results
pkg-perl
Analysis Results
8/14/2019 Debian communities after the OpenSSL error
73/111
It has an amazing continuous flow of new committers.
Along with this flow of commiters, its number of commits andactions is always growing.
There is a small drop on its growing speed on 2008s summer, butits not so important and it soon grows again at an incredible pace.
Debian after the OpenSSL error
Individual Resultspkg-perl
Analysis Results (cont.)
8/14/2019 Debian communities after the OpenSSL error
74/111
Conclusions
This repository has a continuous growth, on both commits and com-mitters, which doesnt seem to have been affected in any way by theOpenSSL error. We can also see that there was no massive work near
the September 2009 release, so it seems they didnt have any delaywith that huge number of committers (or they didnt care about therelease) and there were no critical bugs submitted immediately afterthe release (on the mailing lista we can see that the number of bugssubmitted on October and November is no much bigger than on any
other month).
ahttp://lists.debian.org/debian-perl/
Debian after the OpenSSL error
Individual Resultspython-modules
Outline
http://lists.debian.org/debian-perl/http://lists.debian.org/debian-perl/8/14/2019 Debian communities after the OpenSSL error
75/111
1 Introduction
2 Individual Resultskernelkernel-sec
pkg-opensslpkg-perlpython-modulesdebian-edu
3 Global Results
4 Possible Improvements On This Study
8/14/2019 Debian communities after the OpenSSL error
76/111
Debian after the OpenSSL error
Individual Resultspython-modules
Analysis GraphsCommits Over Time
8/14/2019 Debian communities after the OpenSSL error
77/111
Commits by date
Time
#Commits
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
100
150
200
250
300
350
400
100
150
200
250
300
350
400
Debian after the OpenSSL error
Individual Resultspython-modules
Analysis Graphs (cont.)Commits Time Analysis
8/14/2019 Debian communities after the OpenSSL error
78/111
# Commits Time analysis
100
200
300
400
data
40
0
20
40
sea
sonal
150
200
250
300
350
trend
100
50
0
50
100
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Resultspython-modules
Analysis Graphs (cont.)Actions Over Time
8/14/2019 Debian communities after the OpenSSL error
79/111
Actions by date
Time
#
Actions
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
500
1000
1500
500
1000
1500
Debian after the OpenSSL error
Individual Resultspython-modules
Analysis Graphs (cont.)Actions Time Analysis
8/14/2019 Debian communities after the OpenSSL error
80/111
# Actions Time analysis
500
1000
1500
data
200
0
100
300
sea
sonal
650
700
750
800
trend
400
0
200
600
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Resultspython-modules
Analysis Graphs (cont.)Managed Files Over Time
8/14/2019 Debian communities after the OpenSSL error
81/111
Managed files by date
Time
#ManagedFiles
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
200
400
600
800
1000
1200
All files
Nondeleted files
200
400
600
800
1000
1200
Debian after the OpenSSL error
Individual Resultspython-modules
Analysis Graphs (cont.)New Committers Over Time
8/14/2019 Debian communities after the OpenSSL error
82/111
New Committers
Time
#New
Committers
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
2
4
6
8
0
2
4
6
8
Debian after the OpenSSL error
Individual Resultspython-modules
Analysis Graphs (cont.)Active Committers Over Time
8/14/2019 Debian communities after the OpenSSL error
83/111
Active committers by date
Time
#ActiveCommitters
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
10
15
20
25
30
35
10
15
20
25
30
35
Debian after the OpenSSL error
Individual Resultspython-modules
Analysis Graphs (cont.)Active Committers Time Analysis
# Active Committers Time analysis
8/14/2019 Debian communities after the OpenSSL error
84/111
# Active Committers Time analysis
10
15
20
25
3
0
35
data
3
1
0
1
2
3
seasonal
15
20
25
30
trend
4
2
0
2
4
6
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Resultspython-modules
Analysis Graphs (cont.)Core Committers (On Each Period) Time Analysis
# Commits By Core Committers Time analysis
8/14/2019 Debian communities after the OpenSSL error
85/111
# Commits By Core Committers Time analysis
50
100
200
300
data
30
1
0
10
30
seasonal
100
150
200
trend
50
0
50
100
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Resultspython-modules
Analysis Graphs (cont.)Period Top Committers Time Analysis
# Commits By Top 5 Committers On 20072009 Time analysis
8/14/2019 Debian communities after the OpenSSL error
86/111
# Commits By Top 5 Committers On 2007 2009 Time analysis
0
50
100
150
200
data
20
0
10
20
seasonal
0
20
40
60
80
trend
40
0
20
60
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Resultspython-modules
Analysis Graphs (cont.)Period Non Top Committers Time Analysis
# Commits By Non Top Committers On 20072009 Time analysis
8/14/2019 Debian communities after the OpenSSL error
87/111
y p y
50
100
200
300
data
20
0
20
40
seasonal
150
200
250
trend
50
0
50
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Resultspython-modules
Analysis Results
Thi i h i fl f i
8/14/2019 Debian communities after the OpenSSL error
88/111
This repository has again a great flow of new committers.
Along with this flow of commiters, its number of commits andactions is always growing.
There is again an unimportant drop on its growing speed on 2008ssummer.
ConclusionsAgain this repository is continuously growing, being unaffected bythe OpenSSL error. On 2009 latest months many people becamenew committers (and active ones), so the work done by non-corecommitters grew even more. This time there was an importantwork right after the release, probably due to new bugs or requests(the mailing list shows many bugs on October 2009a)
ahttp://lists.alioth.debian.org/pipermail/python-apps-team/
2009-October/thread.html
http://lists.alioth.debian.org/pipermail/python-apps-team/2009-October/thread.htmlhttp://lists.alioth.debian.org/pipermail/python-apps-team/2009-October/thread.htmlhttp://lists.alioth.debian.org/pipermail/python-apps-team/2009-October/thread.htmlhttp://lists.alioth.debian.org/pipermail/python-apps-team/2009-October/thread.html8/14/2019 Debian communities after the OpenSSL error
89/111
Debian after the OpenSSL error
Individual Resultsdebian-edu
General Description
This repository stores a Debian project to make the best
8/14/2019 Debian communities after the OpenSSL error
90/111
This repository stores a Debian project to make the best
distribution for educational purposes.
Some Simple Data About It
Total # committers: 96
Total # commits: 61163
Avg. commits/month: 703,23
Total # actions: 111905
Total # files: 11417
2007 commits: 10114
2008 commits: 16335
2009 commits: 4272
Gini coefficient (2007-2009): 0.5194205 (52% work done by 20%developers)
Data collected on January 13th 2010
Debian after the OpenSSL error
Individual Resultsdebian-edu
Analysis GraphsCommits Over Time
Commits by date
8/14/2019 Debian communities after the OpenSSL error
91/111
Commits by date
Time
#Commits
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
1000
2000
3000
4000
5000
6000
0
1000
2000
3000
4000
5000
6000
Debian after the OpenSSL error
Individual Resultsdebian-edu
Analysis Graphs (cont.)Commits Time Analysis
# Commits Time analysis
8/14/2019 Debian communities after the OpenSSL error
92/111
0
2000
4000
6000
data
500
0
500
1000
se
asonal
0
500
1000
1500
trend
1000
1000
300
0
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Resultsdebian-edu
Analysis Graphs (cont.)Actions Over Time
Actions by date
8/14/2019 Debian communities after the OpenSSL error
93/111
Actions by date
Time
#
Actions
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0
1000
2000
3000
4000
5000
6000
7000
0
1000
2000
3000
4000
5000
6000
7000
Debian after the OpenSSL error
Individual Resultsdebian-edu
Analysis Graphs (cont.)Actions Time Analysis
# Actions Time analysis
8/14/2019 Debian communities after the OpenSSL error
94/111
0
2000
4000
6000
data
500
0
500
1500
se
asonal
500
1000
1500
2000
trend
2000
0
2000
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Resultsdebian-edu
Analysis Graphs (cont.)Managed Files Over Time
Managed files by date
8/14/2019 Debian communities after the OpenSSL error
95/111
Managed files by date
Time
#ManagedFiles
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
100
200
300
400
500
600
All files
Nondeleted files
100
200
300
400
500
600
Debian after the OpenSSL error
Individual Resultsdebian-edu
Analysis Graphs (cont.)New Committers Over Time
New Committers
8/14/2019 Debian communities after the OpenSSL error
96/111
New Committers
Time
#New
Committers
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
0.0
0.5
1.0
1.5
2.0
2.5
3.0
0.0
0.5
1.0
1.5
2.0
2.5
3.0
Debian after the OpenSSL error
Individual Resultsdebian-edu
Analysis Graphs (cont.)Active Committers Over Time
Active committers by date
8/14/2019 Debian communities after the OpenSSL error
97/111
y
Time
#ActiveCommitte
rs
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
4
6
8
10
12
14
4
6
8
10
12
14
Debian after the OpenSSL error
Individual Resultsdebian-edu
Analysis Graphs (cont.)Active Committers Time Analysis
# Active Committers Time analysis
8/14/2019 Debian communities after the OpenSSL error
98/111
4
6
8
10
12
14
data
3
2
1
0
1
2
se
asonal
7.5
8.5
9.5
10.5
trend
3
1
0
1
2
3
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
8/14/2019 Debian communities after the OpenSSL error
99/111
Debian after the OpenSSL error
Individual Results
debian-edu
Analysis Graphs (cont.)Period Top Committers Time Analysis
# Commits By Top 5 Committers On 20072009 Time analysis
000
8/14/2019 Debian communities after the OpenSSL error
100/111
0
2000
4000
60
data
500
0
500
1000
se
asonal
0
500
1000
1500
trend
1000
1000
3000
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Results
debian-edu
Analysis Graphs (cont.)Period Non Top Committers Time Analysis
# Commits By Non Top Committers On 20072009 Time analysis
8/14/2019 Debian communities after the OpenSSL error
101/111
0
20
40
60
80
data
15
5
0
5
10
se
asonal
15
25
35
45
trend
20
0
10
20
30
2007.0 2007.5 2008.0 2008.5 2009.0 2009.5 2010.0
remainder
time
Debian after the OpenSSL error
Individual Results
debian-edu
Analysis Results
8/14/2019 Debian communities after the OpenSSL error
102/111
This is a community with small growth, a little more near itsreleases1.
Its activity volume is quite important, with peaks near the releases(the peak on August 2008 is a bit false, so it will be discussed later).
1More info: http://wiki.debian.org/DebianEdu
Debian after the OpenSSL error
Individual Results
debian-edu
Analysis Results (cont.)
Conclusions
http://wiki.debian.org/DebianEduhttp://wiki.debian.org/DebianEdu8/14/2019 Debian communities after the OpenSSL error
103/111
Conclusions
This repository is a very consistent one, with lots of work by its corecommitters, a slight growth of the number of committers, irregularwork by the non-core committers and peaks near the releases. Thereis an important detail about that peak on August 2009: almost all
the commits were made by a bot (numbers are on the next page).The developers had many troubles with the installation system ofthe upcoming release, so they decided to update logs and files witha list of installed files after each builda. It becomes obvious whenwe look at the number of managed files and we compare it with the
number of actions or commits. Anyway, we can conclude that thisrepository was unaffected by the OpenSSL error.
ahttp://lists.debian.org/debian-edu/2008/08/msg00000.html
Debian after the OpenSSL error
Individual Results
debian-edu
Analysis Results (cont.)Additional Data
http://lists.debian.org/debian-edu/2008/08/msg00000.htmlhttp://lists.debian.org/debian-edu/2008/08/msg00000.html8/14/2019 Debian communities after the OpenSSL error
104/111
Commits by committer on August 2008:
Committer # Commitsde-build-guest 6831
pere 95
karbon-guest 1
Debian after the OpenSSL error
Individual Results
debian-edu
Analysis Results (cont.)
Managed Files
8/14/2019 Debian communities after the OpenSSL error
105/111
overview.log
missingpkglist-etch-
test.txt
wantedpkglist-etch-
test.txt
pkgdeblist-etch-
test.txt
filelist-etch-test.txt
cdspacelist-etch-
test.txt
sort-by-popcon-etch-
test.txt
cd-build-etch-
test.log
cdspacelist-lenny-
test.txt
filelist-lenny-test.txt
missingpkglist-lenny-
test.txt
pkgdeblist-lenny-
test.txt
sort-by-popcon-
lenny-test.txt
wantedpkglist-lenny-
test.txt
filelist-lenny-test-
dvd.txt
sort-by-popcon-
lenny-test-dvd.txt
wantedpkglist-lenny-test-dvd.txt
cdspacelist-lenny-
test-dvd.txt
missingpkglist-lenny-test-dvd.txt
pkgdeblist-lenny-
test-dvd.txt
Debian after the OpenSSL error
Global Results
Outline
8/14/2019 Debian communities after the OpenSSL error
106/111
1 Introduction
2 Individual Resultskernelkernel-sec
pkg-opensslpkg-perlpython-modulesdebian-edu
3 Global Results
4 Possible Improvements On This Study
Debian after the OpenSSL error
Global Results
Major Points
8/14/2019 Debian communities after the OpenSSL error
107/111
All repositories have the usual drops on working on summer everyyear.
Gini coefficient isnt specially accurate on most repositories becausethey have a very small number of committers.
Repositories with a wider range of files and applications have muchmore committers (pkg-perl, python-modules, debian-edu).
Bugs and requests documentation repositories have lots of workimmediately after the releases, whilst code ones have it before thereleases.
A new major release usually needs more work, so the number ofcommits by non-core committers grows quite a lot.
Debian after the OpenSSL error
Global Results
Global Conclusions
8/14/2019 Debian communities after the OpenSSL error
108/111
Conclusions
We have seen that only the OpenSSL repository had a special be-havior due to the OpenSSL error. All other repositories continued
with their previous trends, usually lots of work near the releases andslight drops on summer.
With all this data we can conclude that the OpenSSL error didntchange the Debian global community dynamics.
Debian after the OpenSSL error
Possible Improvements On This Study
Outline
1
8/14/2019 Debian communities after the OpenSSL error
109/111
1
Introduction
2 Individual Resultskernelkernel-sec
pkg-opensslpkg-perlpython-modulesdebian-edu
3 Global Results
4 Possible Improvements On This Study
Debian after the OpenSSL error
Possible Improvements On This Study
Other Possible Studies On This Repositories
8/14/2019 Debian communities after the OpenSSL error
110/111
Check the number of commented lines on the OpenSSLrepository, to see if after the error Kurt decided to add morecomments explaining his changes, or if, on the opposite, hedecided to make less changes on the original code. It could
also be checked on other repositories managed by him.Check if some users decided to leave Debian and develop forother distros (this would be achieved by tracking their usernames or mails, what doesnt seem easy).
Check if the new committers focused on adding more
developers documentation for detecting and preventing thosekind of errors.
Debian after the OpenSSL error
Possible Improvements On This Study
Possible Studies Out From This Repositories
8/14/2019 Debian communities after the OpenSSL error
111/111
Check the number of bugs discovered after the OpenSSL errordiscovery.
Check the mailing lists global activity to see if there was some
kind of special behavior near the error discovery, or evenchecking if the people talked about it, and in that case whatthey thought about it.
Obtain Kurt Roeckxs activity on all of his repos from thosemonths when he didnt work on OpenSSL, to see if that was
its real cause.