[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OLPC & Debian?

(Context for OLPC; the derivatives census shows delta between our
packages and what is in Debian, which is what may eventually be in
Ubuntu.  It will reduce software maintenance effort, so I joined.)

On Wed, Jul 08, 2015 at 04:09:30PM +0800, Paul Wise wrote:
> On Wed, 2015-07-08 at 16:48 +1000, James Cameron wrote:
> > Yes, OLPC is also an RPM distribution based on Fedora.
> > 
> > We are also packaging Sugar and activities using Debian.
> > 
> > I'm not aware of any announcement.
> Hmm, OK. In that case, welcome to the derivatives census!


> https://wiki.debian.org/Derivatives/Census/OLPC
> It would be great if you could join our mailing list and IRC
> channel:
> https://wiki.debian.org/DerivativesFrontDesk


> I would encourage you to look at Debian's guidelines for derivatives:
> https://wiki.debian.org/Derivatives/Guidelines


> You may want to look at our census QA page, some of the mails from
> there may apply to OLPC.
> https://wiki.debian.org/Derivatives/CensusQA


> You don't appear to be subscribed to the OLPC census page,
> I've made a few changes to the OLPC census page:
> https://wiki.debian.org/Derivatives/Census/OLPC?action=info


> I note that the page says that OLPC is based on Ubuntu but there is a
> stretch suite in the repo. Are you planning on a transition to being
> based on Debian?

No plans.

We maintain our Debian stretch suite for (a) Sugar Labs testers and
users, and (b) our developers to test on before engaging Debian

When the packages pass tests on Debian stretch they are moved into the
stretch suite, but without rebuilding them.  So I'm not sure how
useful this is to you.

> The page says that OLPC modifies Debian binary packages. It is quite
> rare that distributions modify Debian binary packages instead of
> modifying source packages and rebuilding them. Does OLPC actually do
> this? If so could you describe what kind of modifications you are
> making? If not I guess the page needs to be fixed.

Fixed, a misunderstanding of the options available.

> Some of the Release files in the apt repository for OLPC are missing
> the Valid-Until header, which allows clients to find out when active
> network attackers are holding back newer Release files. At minimum,
> rolling releases and suites containing security updates should have
> this header. With reprepro you can use the ValidFor config option.
> https://wiki.debian.org/RepositoryFormat#Date.2CValid-Until

Logged as #12906, for the moment set to one year, no regular updates
are planned.

> The page has a dpkg vendor field of 'Ubuntu', we would suggest that
> systems running the OLPC Debian/Ubuntu packages should use OLPC as the
> vendor instead.
> https://wiki.debian.org/Derivatives/Guidelines#Vendor

Logged as #12907, to fix our master metapackage.

> I've added the OLPC blog to Planet Debian derivatives which helps the
> Debian community find out the things that are happening in the world of
> Debian derivatives. It would be interesting to have a post on the OLPC
> blog about OLPC's experiences with Debian.
> http://planet.debian.org/deriv/

Sorry for the noise, but I didn't look for the purpose of the blog
before answering.  Removed.

> This year the annual Debian conference is in Germany. It would be
> great if developers from OLPC could attend DebConf. If this isn't
> possible, next year DebConf will be in South Africa.
> http://debconf15.debconf.org/
> I would encourage any attendees to volunteer to ensure the continued
> the success of the annual Debian conference, here are some examples of
> things that need helpers.
> https://wiki.debconf.org/wiki/DebConf13/VolunteerCoordination

Unlikely.  But thanks.

> I note that OLPC has a stretch suite in the repository. A great way to
> help ensure that the next Debian release working well is to install and
> run the how-can-i-help tool and try to work on any issues that come up.
> http://www.lucas-nussbaum.net/blog/?p=837
> https://packages.debian.org/unstable/how-can-i-help
> https://wiki.debian.org/how-can-i-help

Interesting, thanks.

> I would encourage OLPC folks to join the Debian sugar team:
> https://wiki.debian.org/SugarTeam

Has been done.

> You might want to consider adding DNSSEC to your domains, TLSA records
> and SSL to some of your domains. SSL on the repository will help OLPC
> users to obscure package names and version numbers from global active
> adversaries. You might also want to add HSTS headers.

DNS is outside my direct control.

We can use SSL on the repository, https://dev.laptop.org/pub/us/ works
okay, but our certificate expires in September.

> Please feel free to circulate this mail within the OLPC team.


> -- 
> bye,
> pabs
> https://wiki.debian.org/PaulWise

James Cameron

Reply to: