Hi Steve, I would like to welcome yourself and Open Network Linux to the Debian derivatives census! Would you like to take this opportunity to introduce yourself and Open Network Linux to us all? https://wiki.debian.org/Derivatives/Census/OpenNetworkLinux It would be great if you could join our mailing list and IRC channel: https://wiki.debian.org/DerivativesFrontDesk I would encourage you to look at Debian's guidelines for derivatives: https://wiki.debian.org/Derivatives/Guidelines You may want to look at our census QA page, some of the mails from there may apply to Open Network Linux. https://wiki.debian.org/Derivatives/CensusQA I've made a few changes to the Open Network Linux census page: https://wiki.debian.org/Derivatives/Census/Open Network Linux?action=info The page says that Open Network Linux modifies Debian binary packages. It is quite rare that distributions modify Debian binary packages instead of modifying source packages and rebuilding them. Does Open Network Linux actually do this? If so could you describe what kind of modifications you are making? If not I guess the page needs fixing. The apt repository for Open Network Linux doesn't appear to contain a Release file, which is how apt usually provides secure updates. I would encourage you to switch to a tool that creates these files by default, such as reprepro or aptly. https://wiki.debian.org/SecureApt https://wiki.debian.org/HowToSetupADebianRepository As far as I can tell the apt repository for Open Network Linux does not contain source packages, including for packages licensed under the GNU GPL. This may or may not be a copyright violation depending on whether our not you distribute those elsewhere. In any case, please add source packages to your repository so that Debian can automatically create patches to be presented to Debian package maintainers. https://wiki.debian.org/Derivatives/CensusQA#No_source_packages https://wiki.debian.org/Derivatives/Integration#Patches I noticed the armel Packages file in the apt repository is empty, you might want to check what happened there. The page is missing a dpkg vendor field. It is important that Debian derivatives set this properly on installed systems and mention the value of the field in the derivatives census. https://wiki.debian.org/Derivatives/Guidelines#Vendor There doesn't appear to be a Open Network Linux blog or a blog aggregator for Open Network Linux developers. If these existed they would be syndicated on Planet Debian derivatives and would help the Debian community find out the things that are happening in ONL. http://planet.debian.org/deriv/ Since Open Network Linux is based in California you might be interested in joining one of the Debian California groups. https://wiki.debian.org/LocalGroups#CA_-_California This year the annual Debian conference is in South Africa. It would be great if developers from Open Network Linux could attend DebConf. If this isn't possible, next year DebConf will be in Montreal. http://debconf16.debconf.org/ I would encourage Big Switch Networks (the Open Network Linux corporate sponsor) to contribute financially to ensure the continued survival of Debian and the success of the annual Debian conference. https://www.debian.org/donations http://debconf.org/sponsors/ http://media.debconf.org/dc16/fundraising/debconf16_sponsorship_brochure.pdf I would encourage any attendees to volunteer to ensure the continued the success of the annual Debian conference, here are some examples of things that need helpers. https://wiki.debconf.org/wiki/DebConf13/VolunteerCoordination https://wiki.debconf.org/wiki/DebConf16/Videoteam I note that Open Network Linux is based on Debian stable. The Debian release team recently released a timeline for the freeze for the next Debian stable release. I would encourage you to review it and prepare your plans for rebasing on the next Debian release (stretch). https://lists.debian.org/debian-devel-announce/2016/03/msg00000.html A great way to help ensure that the next Debian release working well is to install and run the how-can-i-help tool and try to work on any issues that come up. http://www.lucas-nussbaum.net/blog/?p=837 https://packages.debian.org/unstable/how-can-i-help https://wiki.debian.org/how-can-i-help I note that Open Network Linux is also based on Debian wheezy. Normal Debian security/release team support for Debian wheezy will soon end and the Debian long term security team will take over. I would encourage Open Network Linux to help out with this effort either financially or with developer time. https://www.debian.org/News/2016/20160212 https://wiki.debian.org/LTS I note there is are a couple of other networking related Debian derivatives (VyOS, Cumulus Linux), have you considered collaborating or merging with them? https://wiki.debian.org/Derivatives/Census/VyOS https://wiki.debian.org/Derivatives/Census/CumulusLinux You might want to consider adding DNSSEC to your domains, TLSA records and SSL to some of your domains. SSL on the repository will help Open Network Linux users to obscure package names and version numbers from global active adversaries. You might also want to add HSTS headers. Please feel free to circulate this mail within the ONL team. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part