Hi Daniil, I would like to welcome yourself and VyOS to the Debian derivatives census! Would you like to take this opportunity to introduce yourself and VyOS to us all? https://wiki.debian.org/Derivatives/Census/VyOS It would be great if you could join our mailing list and IRC channel: https://wiki.debian.org/DerivativesFrontDesk I would encourage you to look at Debian's guidelines for derivatives: https://wiki.debian.org/Derivatives/Guidelines You may want to look at our census QA page, some of the mails from there may apply to VyOS. https://wiki.debian.org/Derivatives/CensusQA You don't appear to be subscribed to the VyOS census page, I've made a change to the VyOS census page: https://wiki.debian.org/Derivatives/Census/VyOS?action=info Some of the Release files in the apt repository for VyOS are missing the Valid-Until header, which allows clients to find out when active network attackers are holding back newer Release files. At minimum, rolling releases and suites containing security updates should have this header. With reprepro you can use the ValidFor config option. https://wiki.debian.org/RepositoryFormat#Date.2CValid-Until The apt repository for VyOS does not contain source packages, including for packages licensed under the GNU GPL. This may or may not be a copyright violation depending on whether our not you distribute those elsewhere. In any case, please add source packages to your repository so that Debian can automatically create patches to be presented to Debian package maintainers. https://wiki.debian.org/Derivatives/CensusQA#No_source_packages https://wiki.debian.org/Derivatives/Integration#Patches I get a couple of errors when updating apt using the sources.list: W: Failed to fetch http://packages.vyos.net/vyos/dists/stable/main/binary-amd64/Packages 404 Not Found [IP: 2a03:ca80:8001:2c:abcd::ef 80] W: Failed to fetch http://packages.vyos.net/vyos/dists/stable/main/binary-i386/Packages 404 Not Found [IP: 2a03:ca80:8001:2c:abcd::ef 80] The page is missing a dpkg vendor field. It is important that Debian derivatives set this properly on installed systems and mention the value of the field in the derivatives census. https://wiki.debian.org/Derivatives/Guidelines#Vendor I've added the VyOS blog to Planet Debian derivatives which helps the Debian community find out the things that are happening in the world of Debian derivatives. http://planet.debian.org/deriv/ I would encourage individual VyOS developers to get involved in or start local Debian groups near them. https://wiki.debian.org/LocalGroups You mentioned on IRC that some of the developers are from the UK, they might like to attend the upcoming BSP in Cambridge: https://lists.debian.org/msgid-search/20160108162201.GX28784@einval.com This year the annual Debian conference is in South Africa. It would be great if developers from VyOS could attend DebConf but I understand you are all in Europe so it would be understandable if you couldn't. If this isn't possible, the year after DebConf will be in Cambridge UK, Prague or Montreal. http://debconf16.debconf.org/ https://wiki.debconf.org/wiki/DebConf17 I would encourage any attendees to volunteer to ensure the continued the success of the annual Debian conference, here are some examples of things that need helpers. https://wiki.debconf.org/wiki/DebConf13/VolunteerCoordination The Debian release team recently released a timeline for the freeze for the next Debian stable release. I would encourage you to review it and prepare your plans for rebasing on the next Debian release (stretch). https://nthykier.wordpress.com/2016/01/01/debian-please-plan-for-stretch/ I note that VyOS is based on Debian wheezy. The Debian security team will soon be ending normal security support and moving wheezy to the LTS team. I would encourage VyOS to help out with this effort with developer time if possible, or move up to Debian jessie. https://wiki.debian.org/LTS I note that VyOS does Debian backports, you might also like to contribute your backporting efforts to Debian. http://backports.debian.org/Contribute/ You might want to consider adding DNSSEC to your domains, TLSA records and SSL to some of your domains. SSL on the repository will help VyOS users to obscure package names and version numbers from global active adversaries. You might also want to add HSTS headers. Please feel free to circulate this mail within the VyOS team. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part