Hi Gaudenz, I would like to welcome Lernstick to the Debian derivatives census! Would you like to take this opportunity to introduce Lernstick to us all? https://wiki.debian.org/Derivatives/Census/Lernstick It would be great if you could join our mailing list and IRC channel: https://wiki.debian.org/DerivativesFrontDesk I would encourage you to look at Debian's guidelines for derivatives: https://wiki.debian.org/Derivatives/Guidelines You may want to look at our census QA page, some of the mails from there may apply to Lernstick. https://wiki.debian.org/Derivatives/CensusQA I've made a few changes to the Lernstick census page: https://wiki.debian.org/Derivatives/Census/Lernstick?action=info The page says that Lernstick modifies Debian binary packages. It is quite rare that distributions modify Debian binary packages instead of modifying source packages and rebuilding them. Does Lernstick actually do this? If so could you describe what kind of modifications you are making? If not I guess the page needs to be fixed. Some of the Release files in the apt repository for Lernstick are missing the Valid-Until header, which allows clients to find out when active network attackers are holding back newer Release files. At minimum, rolling releases and suites containing security updates should have this header. With reprepro you can use the ValidFor config option. https://wiki.debian.org/RepositoryFormat#Date.2CValid-Until It is important that Debian derivatives set the dpkg vendor field properly on installed systems and mention the value of the field in the derivatives census. More information about setting it is here: https://wiki.debian.org/Derivatives/Guidelines#Vendor There doesn't appear to be a Lernstick blog or a blog aggregator for Lernstick developers. If these existed they would be syndicated on Planet Debian derivatives and would help the Debian community find out the things that are happening in Lernstick. http://planet.debian.org/deriv/ I note there is a Lernstick event at DebConf15, great to see :) https://summit.debconf.org/debconf15/meeting/277/lernstick-a-debian-derivative-for-schools-in-switerland/ I would encourage FNHW (the Lernstick government sponsor) to contribute financially to ensure the continued survival of Debian and the success of the annual Debian conference. https://www.debian.org/donations http://debconf.org/sponsors/ http://debconf15.debconf.org/become-sponsor.xhtml I would encourage any attendees to volunteer to ensure the continued the success of the annual Debian conference, here are some examples of things that need helpers. https://wiki.debconf.org/wiki/Teams I note that Lernstick is based on Debian stable. A great way to help ensure that the next Debian release is working well is to install and run the how-can-i-help tool and try to work on any issues that come up. http://www.lucas-nussbaum.net/blog/?p=837 https://packages.debian.org/unstable/how-can-i-help https://wiki.debian.org/how-can-i-help I note that Lernstick uses Debian backports, you might also like to contribute your backporting efforts to Debian if you don't already. http://backports.debian.org/Contribute/ Is there any collaboration between Lernstick and DebianEdu? https://wiki.debian.org/DebianEdu You might want to consider adding TLSA records and SSL to some of your domains. SSL on the repository will help Lernstick users to obscure package names and version numbers from global active adversaries. You might also want to add HSTS headers. Please feel free to circulate this mail within the Lernstick team. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part