[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian derivatives census: Lernstick: welcome!

Hi Gaudenz,

I would like to welcome Lernstick to the Debian derivatives census!
Would you like to take this opportunity to introduce Lernstick to us


It would be great if you could join our mailing list and IRC channel:


I would encourage you to look at Debian's guidelines for derivatives:


You may want to look at our census QA page, some of the mails from
there may apply to Lernstick.


I've made a few changes to the Lernstick census page:


The page says that Lernstick modifies Debian binary packages. It is
quite rare that distributions modify Debian binary packages instead of
modifying source packages and rebuilding them. Does Lernstick actually
do this? If so could you describe what kind of modifications you are
making? If not I guess the page needs to be fixed.

Some of the Release files in the apt repository for Lernstick are
missing the Valid-Until header, which allows clients to find out when
active network attackers are holding back newer Release files. At
minimum, rolling releases and suites containing security updates should
have this header. With reprepro you can use the ValidFor config option.


It is important that Debian derivatives set the dpkg vendor field
properly on installed systems and mention the value of the field in the
derivatives census. More information about setting it is here:


There doesn't appear to be a Lernstick blog or a blog aggregator for
Lernstick developers. If these existed they would be syndicated on
Planet Debian derivatives and would help the Debian community find out
the things that are happening in Lernstick.


I note there is a Lernstick event at DebConf15, great to see :)


I would encourage FNHW (the Lernstick government sponsor) to contribute
financially to ensure the continued survival of Debian and the success
of the annual Debian conference.


I would encourage any attendees to volunteer to ensure the continued
the success of the annual Debian conference, here are some examples of
things that need helpers.


I note that Lernstick is based on Debian stable. A great way to help
ensure that the next Debian release is working well is to install and
run the how-can-i-help tool and try to work on any issues that come up.


I note that Lernstick uses Debian backports, you might also like to
contribute your backporting efforts to Debian if you don't already.


Is there any collaboration between Lernstick and DebianEdu?


You might want to consider adding TLSA records and SSL to some of your
domains. SSL on the repository will help Lernstick users to obscure
package names and version numbers from global active adversaries. You
might also want to add HSTS headers.

Please feel free to circulate this mail within the Lernstick team.



Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: