[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian derivatives census: Pardus: welcome Muhammet Kara!



Hi Muhammet, all,

Muhammet Kara has taken over maintenance of the Pardus page in
the Debian derivatives census. Thanks and welcome to the census!
Muhammet, would you like to take this opportunity to introduce yourself
and your role within Pardus to us all?

https://wiki.debian.org/Derivatives/Census/Pardus?action=diff&rev1=10&rev2=11

Could you say something about the new Pardus Topluluk distribution and
the relationship between Pardus and Pardus Topluluk?

http://pardustopluluk.org/
https://distrowatch.com/pardustopluluk

It would be great if you could bring your census page into sync with
the template and fill in as many of the fields as you have data for.

https://wiki.debian.org/Derivatives/CensusTemplate

It would be great if you could join our mailing list and IRC channel:

https://wiki.debian.org/DerivativesFrontDesk

I would encourage you to look at Debian's guidelines for derivatives:

https://wiki.debian.org/Derivatives/Guidelines

You may want to look at our census QA page, some of the mails from there
may apply to Pardus.

https://wiki.debian.org/Derivatives/CensusQA

Some of the Release files in the apt repository for Pardus are missing
the Valid-Until header, which allows clients to find out when active
network attackers are holding back newer Release files. At minimum,
rolling releases and suites containing security updates should have this
header. With reprepro you can use the ValidFor config option.

http://deriv.debian.net/Pardus/check-package-list
https://wiki.debian.org/DebianRepository/Format#Date.2C_Valid-Until

The page is missing a dpkg vendor field. It is important that Debian
derivatives set this properly on installed systems and mention the value
of the field in the derivatives census.

https://wiki.debian.org/Derivatives/Guidelines#Vendor

I've added the Pardus blog to Planet Debian derivatives which helps the
Debian community find out the things that are happening in the world of
Debian derivatives.

http://planet.debian.org/deriv/

Next year the annual Debian conference is in Hsinchu, Taiwan. It would be
great if developers from Pardus could attend DebConf. If this isn't possible,
the year after DebConf will be in Greece, Brasil, Israel or Slovakia.

https://wiki.debconf.org/wiki/DebConf18
https://wiki.debconf.org/wiki/DebConf19

I would encourage TÜBİTAK (the Pardus government sponsor) to contribute
financially to ensure the continued survival of Debian and the success of
the annual Debian conference.

https://debconf.org/sponsors/
https://www.debian.org/donations

I would encourage any attendees to volunteer to ensure the continued the
success of the annual Debian conference, here are some examples of
things that need helpers.

https://wiki.debconf.org/wiki/DebConf13/VolunteerCoordination

I note that Pardus is based on Debian stable. A great way to help
ensure that the next Debian release working well is to install and run
the how-can-i-help tool and try to work on any issues that come up.

https://www.lucas-nussbaum.net/blog/?p=837
https://packages.debian.org/unstable/how-can-i-help
https://wiki.debian.org/how-can-i-help

I note that Pardus uses Xfce, I would encourage you to
provide feedback and fixes to the Debian Xfce Group:

https://wiki.debian.org/Teams/DebianXfceGroup

You might want to consider adding DNSSEC to your domains, TLSA records
and SSL to some of your domains. SSL on the repository will help Pardus
users to obscure package names and version numbers from global active
adversaries. You might also want to add HSTS headers.

http://dnsviz.net/d/pardus.org.tr/
https://www.ssllabs.com/ssltest/analyze.html?d=www.pardus.org.tr&latest
https://securityheaders.io/?q=http%3A%2F%2Fwww.pardus.org.tr%2F&followRedirects=on
https://wiki.mozilla.org/Security/Guidelines/Web_Security

Please feel free to circulate this mail within the Pardus team.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: