Hi Steph, I would like to welcome yourself and PrimTux to the Debian derivatives census! Would you like to take this opportunity to introduce yourself and PrimTux to us all? https://wiki.debian.org/Derivatives/Census/PrimTux It would be great if you could join our mailing list and IRC channel: https://wiki.debian.org/DerivativesFrontDesk I would encourage you to look at Debian's guidelines for derivatives: https://wiki.debian.org/Derivatives/Guidelines You may want to look at our census QA page, some of the mails from there may apply to PrimTux. https://wiki.debian.org/Derivatives/CensusQA You may want to subscribe to the PrimTux census page: https://wiki.debian.org/Derivatives/Census/PrimTux?action=subscribe The page says that PrimTux modifies Debian binary packages. It is quite rare that distributions modify Debian binary packages instead of modifying source packages and rebuilding them. Does PrimTux actually do this? If so could you describe what kind of modifications you are making? If not I guess the page needs to be fixed. Some of the Release files in the apt repository for PrimTux are missing the Valid-Until header, which allows clients to find out when active network attackers are holding back newer Release files. At minimum, rolling releases and suites containing security updates should have this header. With reprepro you can use the ValidFor config option. https://wiki.debian.org/RepositoryFormat#Date.2CValid-Until The apt repository for PrimTux does not contain source packages, including for packages licensed under the GNU GPL. This may or may not be a copyright violation depending on whether or not you distribute those elsewhere. In any case, please add source packages to your repository so that Debian can automatically create patches to be presented to Debian package maintainers. https://wiki.debian.org/Derivatives/CensusQA#No_source_packages https://wiki.debian.org/Derivatives/Integration#Patches The page is missing a dpkg vendor field. It is important that Debian derivatives set this properly on installed systems and mention the value of the field in the derivatives census. https://wiki.debian.org/Derivatives/Guidelines#Vendor There doesn't appear to be a PrimTux blog or a blog aggregator for PrimTux developers. If these existed they would be syndicated on Planet Debian derivatives and would help the Debian community find out the things that are happening in PrimTux. http://planet.debian.org/deriv/ I noticed that the VCS and bug tracker links need a login to view, you might want to open those to the public. Since PrimTux is based in France you might be interested in joining the Debian France group if you haven't already. https://wiki.debian.org/LocalGroups#France https://france.debian.net/ This year the annual Debian conference is in Cape Town, South Africa. It would be great if developers from PrimTux could attend DebConf. If this isn't possible, next year DebConf will be in Montreal, Canada. http://debconf16.debconf.org/ I would encourage any attendees to volunteer to ensure the continued success of the annual Debian conference, here are some examples of things that need helpers. https://wiki.debconf.org/wiki/DebConf13/VolunteerCoordination https://wiki.debconf.org/wiki/DebConf16/LocalTeamRoles I note that PrimTux is based on Debian stable. The Debian release team semi-recently released a timeline for the freeze for the next Debian stable release. I would encourage you to review it and prepare your plans for rebasing on the next Debian release (stretch). https://lists.debian.org/debian-devel-announce/2016/03/msg00000.html A great way to help ensure that the next Debian release working well is to install and run the how-can-i-help tool and try to work on any issues that come up. http://www.lucas-nussbaum.net/blog/?p=837 https://packages.debian.org/unstable/how-can-i-help https://wiki.debian.org/how-can-i-help I note there is another Debian derivative for children called DoudouLinux, have you considered collaborating or merging with them? https://wiki.debian.org/Derivatives/Census/DoudouLinux I note that PrimTux uses live-build, which has been orphaned. I would encourage you to join the Debian Live team to help out with it. https://www.debian.org/devel/debian-live/ You might want to consider adding DNSSEC to your domains, TLSA records and SSL to some of your domains. SSL on the repository will help PrimTux users to obscure package names and version numbers from global active adversaries. You might also want to add HSTS headers. Please feel free to circulate this mail within the PrimTux team. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part