Asterisk package maintainer needed?

Sat Aug 12 13:26:38 BST 2023

Hi John,

Quoting John Bright via Pkg-voip-maintainers (2023-08-11 21:58:21)
> I've read the discussions on the Debian VOIP maintainers list and the 
> Asterisk forum about needing more maintainers for Asterisk, not being 
> included in Bookworm, etc.  It sounds like some people are already 
> interested in helping out.  I'm not necessarily looking for more
> things on my "to do" list, but I thought I'd at least check in to see
> if the need has been met, or if there is still a need.

Several people have showed an interest, but none have so far offered to
help.

You are the first to act on my invitation to at least move the
conversation to the VoIP team mailinglist where those truly interested
all are expected to be subscribed.  Thanks for that!

> I have never been a Debian developer/maintainer, but I have been using 
> Debian to various degrees for at least 20 years, and know my way
> around at least some moderate programming tasks.  So, I'm sure there
> would be a decent learning curve, but I could probably learn and get
> involved to some extent if needed.  At this point I don't really know
> how much time commitment it would require and therefore whether I
> would be able to truly take on meaningful involvement.
> 
> Is there still a need at this point?  Thanks.

Yes, there is still a need.

An no, there might not be a steep learning curve, nor need for massive
time - time will tell, and you are not signing a contract here, you are
free to leave or be slow to respond or ask loads of questions.

The main skills needed is ability to compose and apple patches, to
locally build an already prepared Debian package (no need to know all
the intricate details of the files below debian/* and no need to create
Debian source packages from scratch!), and to install those local builds
and test if the server works.

The reason Asterisk was not included with current stable Debian was that
the Debian release team noticed that it is popular and complex enough to
get a steady flow of security bugs reported as CVEs, yet has too low
activity on getting those CVEs addressed not only in unstable/testing
(which is commonly done by updating to newer upstream release) but also
in stable (which is not supported upstream and therefore requires us to
dive in and compose a patch against our released code in stable.

Does that make sense?  Does that scare you off, or are you game for
looking at this more concretely?

We can continue chatting here on the mailinglist - perhaps others
following along gets inspired to also chime in and help, when they see
what the task consists of - because it is better to have a few more
people than having "just enough" because we all have other interests too
and might at any time be slow to respond.

We can also (in parallel or instead) chat at the irc channel (dubbed as
a Matrix channel) where the VoIP team hang out.  That might be more fun,
depending on your style of conversation.  See details on that at
https://wiki.debian.org/Teams/VoIP/

Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-voip-maintainers/attachments/20230812/0444fa54/attachment.sig>