Daniel Lange & Debian, aggression and hypocrisy in focus
This blog follows up on the earlier report about Daniel Lange, who was accused of aggression but accepted into Debian anyway at almost the same time Jacob Appelbaum was expelled.
We quote the following two emails from the debian-private (leaked) gossip network, little comment is needed to see the hypocrisy at work inside Debian.
This one was sent in August 2016, a discussion of Appelbaum's code contributions to Debian. This is a distraction: it is important to remember that people also make contributions when they spend time preparing a speech, mentoring other volunteers or writing bug reports. The contributors report for Appelbaum gives a much bigger history of his contributions, although that is tangential to the point of this blog post. The key point in this email is not the contributions, rather, it is the assertion that contributions should not be a factor when evaluating accusations of abuse:
Subject: Re: What is true and what is false in accusations against Jacob Appelbaum
Date: Wed, 17 Aug 2016 17:19:11 +0200
From: Jérémy Bobbio <email@example.com>
> > We know for sure that his contributions to Debian are non-existent.>
> Very quick and incomplete research:
> udd=# select count(*) from upload_history where maintainer = 'Jacob Appelbaum <firstname.lastname@example.org>' ;
> 20 Uploads are definitely not much but do not fit my definittion
> for "non-existent".
Please, stop using contributions as a criteria when discussing abusers. We should not tolerate abuses, even when done by “very important people”.
I feel the need to restate that to create a healthy community, it's likely more useful to focus on preventing abuses and empowering victims than judging abusers.
This one had been sent a few weeks before that. It emphasizes Daniel Lange's contributions to DebConf, a substantial effort that many people don't have time for.
Subject: [Daniel Lange] Do some public considerations for newmaint application, good way to proceed?
Date: Sun, 26 Jun 2016 19:42:26 -0400
From: Tiago Bortoletto Vaz <email@example.com>
... snip ...
I witnessed aggressive and disrespectful behavior from Daniel (Lange) against a person very close to me, both written and in person, during Debconf15. As he was not a member/whatever of the Debian community I decided to let it go. Besides that, I think he was quite harmful during the storm against the Debconf chairs. But it may be more a personal opinion.
I'm aware that he's doing a lot of work for Debconf and I'm not objecting to his application. But I'll just feel bad if I say nothing at this time.
Lange's work for DebConf was emphasized and it appears that it was more important to Debian than the accusations of aggression. This contradicts the attitude to Appelbaum. As far as we know, neither Daniel Lange or Jacob Appelbaum has been investigated by police, charged or convicted of any crime.
We previously disclosed that Erinn Clark was one of the outspoken women pushing for Debian to make a public attack on Jacob Appelbaum. During the discussion of Daniel Lange, there was radio silence from Clark. Was her strong stance on aggression based on principles, or mere politics?
For justice to be fair, it must be the same system of justice for everybody. Some people in Debian make an enormous effort on the Reproducible Builds project, to ensure two builds of the same source file will always produce the same binary. They express concern that if every build produces a slightly different binary, there is a risk that an attacker could place hidden code in a binary and it would be harder to detect. Why don't we see the same adherence to reproducibility in Debian membership processes?