[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian derivatives census: OpenNetLinux: welcome!

Hi Steve,

I would like to welcome yourself and Open Network Linux to the Debian
derivatives census! Would you like to take this opportunity to
introduce yourself and Open Network Linux to us all? 


It would be great if you could join our mailing list and IRC channel:


I would encourage you to look at Debian's guidelines for derivatives:


You may want to look at our census QA page, some of the mails from
there may apply to Open Network Linux.


I've made a few changes to the Open Network Linux census page:

https://wiki.debian.org/Derivatives/Census/Open Network Linux?action=info

The page says that Open Network Linux modifies Debian binary packages.
It is quite rare that distributions modify Debian binary packages
instead of modifying source packages and rebuilding them. Does Open
Network Linux actually do this? If so could you describe what kind of
modifications you are making? If not I guess the page needs fixing.

The apt repository for Open Network Linux doesn't appear to contain a
Release file, which is how apt usually provides secure updates. I would
encourage you to switch to a tool that creates these files by default,
such as reprepro or aptly.


As far as I can tell the apt repository for Open Network Linux does not
contain source packages, including for packages licensed under the GNU
GPL. This may or may not be a copyright violation depending on whether
our not you distribute those elsewhere. In any case, please add source
packages to your repository so that Debian can automatically create
patches to be presented to Debian package maintainers.


I noticed the armel Packages file in the apt repository is empty, you
might want to check what happened there.

The page is missing a dpkg vendor field. It is important that Debian
derivatives set this properly on installed systems and mention the
value of the field in the derivatives census.


There doesn't appear to be a Open Network Linux blog or a blog
aggregator for Open Network Linux developers. If these existed they
would be syndicated on Planet Debian derivatives and would help the
Debian community find out the things that are happening in ONL.


Since Open Network Linux is based in California you might be interested
in joining one of the Debian California groups.


This year the annual Debian conference is in South Africa. It would be
great if developers from Open Network Linux could attend DebConf. If
this isn't possible, next year DebConf will be in Montreal.


I would encourage Big Switch Networks (the Open Network Linux corporate
sponsor) to contribute financially to ensure the continued survival of
Debian and the success of the annual Debian conference.


I would encourage any attendees to volunteer to ensure the continued
the success of the annual Debian conference, here are some examples of
things that need helpers.


I note that Open Network Linux is based on Debian stable. The Debian
release team recently released a timeline for the freeze for the next
Debian stable release. I would encourage you to review it and prepare
your plans for rebasing on the next Debian release (stretch).


A great way to help ensure that the next Debian release working well is
to install and run the how-can-i-help tool and try to work on any
issues that come up.


I note that Open Network Linux is also based on Debian wheezy. Normal
Debian security/release team support for Debian wheezy will soon end
and the Debian long term security team will take over. I would
encourage Open Network Linux to help out with this effort either
financially or with developer time.


I note there is are a couple of other networking related Debian
derivatives (VyOS, Cumulus Linux), have you considered collaborating or
merging with them?


You might want to consider adding DNSSEC to your domains, TLSA records
and SSL to some of your domains. SSL on the repository will help Open
Network Linux users to obscure package names and version numbers from
global active adversaries. You might also want to add HSTS headers.

Please feel free to circulate this mail within the ONL team.



Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: