Hi Lorenzo, I would like to welcome yourself and Parrot Security to the Debian derivatives census! Would you like to take this opportunity to introduce yourself and Parrot Security to us all? https://wiki.debian.org/Derivatives/Census/ParrotSecurity It would be great if you could join our mailing list and IRC channel: https://wiki.debian.org/DerivativesFrontDesk I would encourage you to look at Debian's guidelines for derivatives: https://wiki.debian.org/Derivatives/Guidelines You may want to look at our census QA page, some of the mails from there may apply to Parrot Security. https://wiki.debian.org/Derivatives/CensusQA You don't appear to be subscribed to the Parrot Security census page, I've made a few changes to the Parrot Security census page: https://wiki.debian.org/Derivatives/Census/ParrotSecurity?action=info The page says that Parrot Security modifies Debian binary packages. It is quite rare that distributions modify Debian binary packages instead of modifying source packages and rebuilding them. Does Parrot Security actually do this? If so could you describe what kind of modifications you are making? If not I guess the page needs to be fixed. Some of the Release files in the apt repository for Parrot Security are missing the Valid-Until header, which allows clients to find out when active network attackers are holding back newer Release files. At minimum, rolling releases and suites containing security updates should have this header. With reprepro you can use the ValidFor config option. https://wiki.debian.org/RepositoryFormat#Date.2CValid-Until The page is missing a dpkg vendor field. It is important that Debian derivatives set this properly on installed systems and mention the value of the field in the derivatives census. https://wiki.debian.org/Derivatives/Guidelines#Vendor There doesn't appear to be a Parrot Security blog or a blog aggregator for Parrot Security developers. If these existed they would be syndicated on Planet Debian derivatives and would help the Debian community find out the things that are happening in Parrot Security. If your Facebook page were public we could use that. http://planet.debian.org/deriv/ Since Parrot Security is based in Italy, you might be interested in joining the Debianizzati or Bologna groups: https://wiki.debian.org/LocalGroups#Italy This year the annual Debian conference is in Cape Town, South Africa. It would be great if developers from Parrot Security could attend DebConf. Unfortunately it is very very close to the event. If this isn't possible, next year DebConf will be in Montreal, Canada. http://debconf16.debconf.org/ I would encourage any attendees to volunteer to ensure the continued the success of the annual Debian conference, here are some examples of things that need helpers. https://wiki.debconf.org/wiki/DebConf13/VolunteerCoordination I note that Parrot Security is based on Debian testing. A great way to help ensure that Debian is working well for you is to install and run the how-can-i-help tool and try to work on any issues that come up. http://www.lucas-nussbaum.net/blog/?p=837 https://packages.debian.org/unstable/how-can-i-help https://wiki.debian.org/how-can-i-help I note there are several another security, penetration testing and privacy related Debian derivatives, have you considered collaborating or merging with them? There are also Debian teams for forensics and security related tools: https://alioth.debian.org/projects/pkg-security https://wiki.debian.org/Teams/DebianForensics https://wiki.debian.org/Derivatives/Census/CyborgLinux https://wiki.debian.org/Derivatives/Census/Kali https://wiki.debian.org/Derivatives/Census/Matriux https://wiki.debian.org/Derivatives/Census/Tails https://wiki.debian.org/Derivatives/Census/Whonix I note that Parrot Security uses several desktops, I would encourage you to provide feedback and fixes to the Debian teams. https://wiki.debian.org/Teams/pkg-mate https://pkg-kde.alioth.debian.org/ https://wiki.debian.org/Teams/LXQtPackagingTeam Please consider disabling the CloudFlare Captcha for Tor users. You might want to consider adding DNSSEC and TLSA records to your domains. SSL on the repository will help Parrot Security users to obscure package names and version numbers from global active adversaries. You might also want to add HSTS headers. Please feel free to circulate this mail within the Parrot Security team. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part