[mosh-devel] Introduction: Wolfgang E. Sanyer

[Keith Winstein]

Hello Wolfgang,

Welcome, and thanks for writing! We're happy to have you involved. Let me
loop in Alex (our RPM package maintainer) who is willing to help get this
off the ground, as well as Quentin Smith (one of the Mosh authors) and Ben
Barenblat, who are also interested in helping make this happen. I know
Anders and Andrew (the other currently active stewards) would also support
this, and may want to contribute time to a release as well.

I think one good goal would be to document the release process, which
should be gleaned pretty easily from what we've done in the past: put out
an "rc" (release candidate) release (with some care with the "~" to make
sure we don't accidentally clobber our Debian/Ubuntu versioning order) and
call for the community to test it rigorously.

Since we've lost our previous maintainer, and because he had made some
commits after the last release, we're also starting from a bit of a deficit
here. Before we cut a release, I'd be most comfortable if we:

(1) look over the commits that have been made since the previous release
pretty carefully. I would be unhappy if perhaps one of the commits that
introduced truecolor support introduced (e.g.) a buffer overflow
vulnerability in the terminal emulator. Not saying I think this has
happened, but given the transition in personnel, these commits deserve some
scrutiny.

(2) wrote some fuzz targets, both pre- and post-decryption, and submitted
them to the oss-fuzz repo (
https://github.com/google/oss-fuzz/tree/master/projects/mosh), and made
sure that some fuzzing actually happened. We've been on oss-fuzz itself for
over five years but nobody has written fuzz targets for Mosh, so I don't
think any actual fuzzing has happened.

Are you interested in helping write fuzz targets, or with any other part of
this process? I am happy (honestly, I'd prefer) to stay pretty hands-off
here -- I'm sorry we lost our previous maintainer and hadn't planned on
returning to active duty. Alex, Ben, and Quentin have been around the block
here and have also been involved in Mosh basically since the beginning, and
are happy to mentor you in this. Please let me (and them) know your
interest.

Sincerely,
Keith

On Wed, Jan 26, 2022 at 7:05 AM Wolfgang E. Sanyer <
wolfgangesanyer at gmail.com> wrote:

> Hello mosh development community!
>
> My name is Wolfgang E. Sanyer. I am a long-time programmer/open-source
> contributor, and a recent (very recent, just started Jan 10th) professional
> software engineer. If you'd like to take a look at some of my work, my
> github is https://github.com/ezzieyguywuf
>
> I am very interested in contributing to the development of mosh:
> specifically, I would like to help do the work necessary to cut a new
> release. From what I can see, the last release was v1.3.2 in July 2017.
> Since then, there have been a number of commits, most interesting to me
> being 6cfa4ae which adds true color support.
>
> While I do not have a lot of experience with the "Release Engineering"
> work necessary to do this successfully, I am very motivated to get this
> done as it will greatly improve my daily workflow. Also, I feel confident
> that given the appropriate learning resources, I can get up-to-speed on
> what is needed to successfully release a new version of mosh.
>
> Please let me know your thoughts on:
>
> 1) the general thoughts around cutting a new release (there seems to be
> some discussion against doing so)
> 2) any next steps needed to move forward with cutting a new release
>
> Thank You!
>
> Wolfgang E. Sanyer
> _______________________________________________
> mosh-devel mailing list
> mosh-devel at mit.edu
> https://mailman.mit.edu/mailman/listinfo/mosh-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mit.edu/pipermail/mosh-devel/attachments/20220127/df53d19f/attachment.htm>