Hi Steven, I would like to welcome yourself and Clonezilla to the Debian derivatives census! Would you like to take this opportunity to introduce yourself and Clonezilla to us all? https://wiki.debian.org/Derivatives/Census/Clonezilla It would be great if you could join our mailing list and IRC channel: https://wiki.debian.org/DerivativesFrontDesk I would encourage you to look at Debian's guidelines for derivatives: https://wiki.debian.org/Derivatives/Guidelines You may want to look at our census QA page, some of the mails from there may apply to Clonezilla. https://wiki.debian.org/Derivatives/CensusQA You don't appear to be subscribed to the Clonezilla census page, I've made a few changes to the Clonezilla census page: https://wiki.debian.org/Derivatives/Census/Clonezilla?action=info The page says that Clonezilla modifies Debian binary packages. It is quite rare that distributions modify Debian binary packages instead of modifying source packages and rebuilding them. Does Clonezilla actually do this? If so could you describe what kind of modifications you are making? If not I guess the page needs to be fixed. Some of the Release files in the apt repository for Clonezilla are missing the Valid-Until header, which allows clients to find out when active network attackers are holding back newer Release files. At minimum, rolling releases and suites containing security updates should have this header. With reprepro you can use the ValidFor config option. https://wiki.debian.org/RepositoryFormat#Date.2CValid-Until Some of the packages in the Clonezilla apt repository only have MD5 hashes associated with them. I would encourage you to add SHA-1 and SHA-256 hashes for them. http://deriv.debian.net/Clonezilla/check-package-list I noticed some of the Release files in the apt repository have multiple Date/etc headers in them. You might want to check why that is. The page is missing a dpkg vendor field. It is important that Debian derivatives set this properly on installed systems and mention the value of the field in the derivatives census. https://wiki.debian.org/Derivatives/Guidelines#Vendor I've added the Clonezilla news page to Planet Debian derivatives, which helps the Debian community find out the things that are happening in the world of Debian derivatives. http://planet.debian.org/deriv/ Since Clonezilla is based in Taiwan you might be interested in joining the Debian Taiwan group. https://wiki.debian.org/LocalGroups/Debian-TW This year the annual Debian conference is in Cape Town, South Africa, it would be great if developers from Clonezilla could attend DebConf, unfortunately it is only one month until the conference starts. If this isn't possible, next year DebConf will be in Montreal, Canada. http://debconf16.debconf.org/ I would encourage the Taiwanese government and NCHC (the Clonezilla corporate sponsor) to contribute financially to ensure the continued survival of Debian and the success of the annual Debian conference. https://www.debian.org/donations http://debconf.org/sponsors/ http://media.debconf.org/dc16/fundraising/debconf16_sponsorship_brochure.pdf I would encourage any attendees to volunteer to ensure the continued the success of the annual Debian conference, here are some examples of things that need helpers. https://wiki.debconf.org/wiki/DebConf13/VolunteerCoordination A great way to help ensure that Debian unstable is working well is to install and run the how-can-i-help tool and try to work on any issues that come up. http://www.lucas-nussbaum.net/blog/?p=837 https://packages.debian.org/unstable/how-can-i-help https://wiki.debian.org/how-can-i-help I note that Clonezilla uses Debian Live, I would encourage you to provide feedback and fixes to the Debian Live team. https://wiki.debian.org/DebianLive I note that there are partclone and clonezilla packages in Debian but that they are outdated. You might want to talk to the maintainer about these packages and consider helping out with their maintenance. Georges Khaznadar <georgesk@debian.org> https://mentors.debian.net/intro-maintainers https://tracker.debian.org/pkg/clonezilla https://tracker.debian.org/pkg/partclone You might want to consider adding DNSSEC to your domains, TLSA records and SSL to some of your domains. SSL on the repository will help Clonezilla users to obscure package names and version numbers from global active adversaries. You might also want to add HSTS headers. Please feel free to circulate this mail within the Clonezilla team. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part