Hi Georges, I would like to welcome yourself and Freeduc to the Debian derivatives census! Would you like to take this opportunity to introduce yourself and Freeduc to us all? https://wiki.debian.org/Derivatives/Census/Freeduc It would be great if you could join our mailing list and IRC channel: https://wiki.debian.org/DerivativesFrontDesk I would encourage you to look at Debian's guidelines for derivatives: https://wiki.debian.org/Derivatives/Guidelines You may want to look at our census QA page, some of the mails from there may apply to Freeduc. https://wiki.debian.org/Derivatives/CensusQA You don't appear to be subscribed to the Freeduc census page, I've made a few changes to the Freeduc census page: https://wiki.debian.org/Derivatives/Census/Freeduc?action=info I noticed that the OFSET apt repository gives some warnings: W: Failed to fetch http://debian.ofset.org/dists/testing/main/source/Sources Hash Sum mismatch W: Failed to fetch http://debian.ofset.org/dists/testing/main/binary-amd64/Packages Hash Sum mismatch W: Failed to fetch http://debian.ofset.org/dists/stable/main/source/Sources Hash Sum mismatch W: Failed to fetch http://debian.ofset.org/dists/stable/main/binary-amd64/Packages Hash Sum mismatch Some of the Release files in the OFSET apt repository for Freeduc are missing the Valid-Until header, which allows clients to find out when active network attackers are holding back newer Release files. At minimum, rolling releases and suites containing security updates should have this header. With reprepro you can use the ValidFor config option. https://wiki.debian.org/RepositoryFormat#Date.2CValid-Until The page has an incorrect dpkg vendor field. It is important that Debian derivatives set this properly on installed systems and mention the value of the field in the derivatives census. https://wiki.debian.org/Derivatives/Guidelines#Vendor There doesn't appear to be a Freeduc blog or a blog aggregator for Freeduc developers. If these existed they would be syndicated on Planet Debian derivatives and would help the Debian community find out the things that are happening in Freeduc. http://planet.debian.org/deriv/ Since Freeduc is based in France you might be interested in joining the Debian France group. https://france.debian.net/ This year the annual Debian conference is in Cape Town, South Africa. Unfortunately it is only one month until the start of DebConf16 but it would be great if developers from Freeduc could attend DebConf. If this isn't possible, next year DebConf will be in Montreal, Canada. http://debconf16.debconf.org/ I would encourage any attendees to volunteer to ensure the continued the success of the annual Debian conference, here are some examples of things that need helpers. https://wiki.debconf.org/wiki/DebConf13/VolunteerCoordination I note that Freeduc is based on Debian stable. The Debian release team recently released a timeline for the freeze for the next Debian stable release. I would encourage you to review it and prepare your plans for rebasing on the next Debian release. https://lists.debian.org/debian-devel-announce/2016/03/msg00000.html A great way to help ensure that the next Debian release working well is to install and run the how-can-i-help tool and try to work on any issues that come up. http://www.lucas-nussbaum.net/blog/?p=837 https://packages.debian.org/unstable/how-can-i-help https://wiki.debian.org/how-can-i-help I note that Freeduc also has wheezy in the apt repository. The Debian security team recently announced an LTS effort for wheezy. I would encourage Freeduc to help out with this effort with developer time. I would encourage you to drop lenny/squeeze support too. https://bits.debian.org/2014/03/working-on-squeeze-lts.html https://lists.debian.org/debian-security-announce/2014/msg00082.html I note that Freeduc uses LXDE, I would encourage you to provide feedback and fixes to the LXQt team. https://wiki.debian.org/Teams/LXQtPackagingTeam I noticed a typo on the Freeduc website: educatioanl It would be great if you could fill out more of the Freeduc census page. You might want to consider adding DNSSEC to your domains, TLSA records and SSL to some of your domains. SSL on the repository will help Freeduc users to obscure package names and version numbers from global active adversaries. You might also want to add HSTS headers. Please feel free to circulate this mail within the Freeduc team. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part