Re: Debian derivatives census: Zevenet: welcome!
On Wed, Jun 28, 2017 at 12:49 PM, Paul Wise <email@example.com> wrote:
> Hi Laura,
> I would like to welcome yourself and Zevenet to the Debian derivatives
> census! Would you like to take this opportunity to introduce yourself
> and Zevenet to us all?
Thank you for the welcoming Paul, we're glad to contribute with
Debian Derivatives. Zevenet (formerly Zen Load Balancer) uses
Debian base to create a specific Application Delivery distribution.
> It would be great if you could join our mailing list and IRC channel:
Just subscribed to the mailing list.
> I would encourage you to look at Debian's guidelines for derivatives:
Thank you, we'll check it out.
> You may want to look at our census QA page, some of the mails from
> there may apply to Zevenet.
> You don't appear to be subscribed to the Zevenet census page,
> I've made a few changes to the Zevenet census page:
Just subscribed, thanks.
> The page says that Zevenet modifies Debian binary packages. It is quite
> rare that distributions modify Debian binary packages instead of
> modifying source packages and rebuilding them. Does Zevenet actually do
> this? If so could you describe what kind of modifications you are
> making? If not I guess the page needs to be fixed.
No, just install some perl modules that are not included currently
> Some of the Release files in the apt repository for Zevenet are missing
> the Valid-Until header, which allows clients to find out when active
> network attackers are holding back newer Release files. At minimum,
> rolling releases and suites containing security updates should have
> this header. With reprepro you can use the ValidFor config option.
Ok, we'll check that.
> The apt repository for Zevenet does not contain source packages. If you
> were to add source packages, Debian would be able to automatically
> create patches to be presented to Debian package maintainers.
The source code is shared through a git platform and the files are
mainly perl and configuration files, not compiled ones.
> The page is missing a dpkg vendor field. It is important that Debian
> derivatives set this properly on installed systems and mention the
> value of the field in the derivatives census.
We've to check it because there is no such command in the distro.
> The Zevenet blog doesn't appear to have an RSS or Atom feed. If these
> existed they would be syndicated on Planet Debian derivatives and would
> help Debian find out the things that are happening in Zevenet.
Ok, we'll check it out.
> I note that Zevenet is sponsoring DebConf17, much appreciated!
> This year the annual Debian conference is in Montreal, Canada. It would
> be great if developers from Zevenet could attend DebConf. If this isn't
> possible, next year DebConf will be in Hsinchu, Taiwan.
> I would encourage any attendees to volunteer to ensure the continued
> the success of the annual Debian conference, here are some examples of
> things that need helpers.
> I note that Zevenet is based on Debian jessie. The Debian release team
> recently released Debian stretch. I would encourage you to review it
> and prepare your plans for rebasing on the Debian stretch.
> At some point the Debian LTS (Long Term Support) team has taken over
> security maintenance for Debian jessie. If Zevenet is still using
> jessie by then, I would encourage you to help out with this effort
> either financially or with developer time.
Yes, it's a task that we're working on right now.
> I note that Zevenet packages some Perl modules, I would encourage your
> developers to join the Debian Perl team.
Sure, there are some perl modules not included in Debian
and they'll be quite useful to integrate.
> You might want to consider adding DNSSEC to your domains, TLSA records
> and SSL to some of your domains. SSL on the repository will help
> Zevenet users to obscure package names and version numbers from global
> active adversaries. You might also want to add HSTS headers.
Yes, we've recently obtained a Premium SSL Wildcard for our domain
so we're in the process to set it to all of our subdomains.
> Please feel free to circulate this mail within the Zevenet team.
They're in copy,
Thank you Paul!