Hi Roopa, all, Roopa Prabhu has taken over maintenance of the Cumulus Linux page in the Debian derivatives census. Thanks and welcome to the census! Roopa, would you like to take this opportunity to introduce yourself and your role within Cumulus to us all? https://wiki.debian.org/Derivatives/Census/CumulusLinux?action=diff&rev1=15&rev2=16 It would be great if you could bring your census page into sync with the template and fill in as many of the fields as you have data for. https://wiki.debian.org/Derivatives/CensusTemplate It would be great if you could join our mailing list and IRC channel: https://wiki.debian.org/DerivativesFrontDesk I would encourage you to look at Debian's guidelines for derivatives: https://wiki.debian.org/Derivatives/Guidelines You may want to look at our census QA page, some of the mails from there may apply to Cumulus. https://wiki.debian.org/Derivatives/CensusQA You don't appear to be subscribed to the Cumulus census page, I've made a few changes to the Cumulus census page: https://wiki.debian.org/Derivatives/Census/CumulusLinux?action=info The page says that Cumulus modifies Debian binary packages. Nolan explained a while ago that this situation was temporary, is that still the case? If not I guess the page needs to be fixed. https://lists.debian.org/53BEFC2B.3010700@cumulusnetworks.com Some of the Release files in the apt repository for Cumulus are missing the Valid-Until header, which allows clients to find out when active network attackers are holding back newer Release files. At minimum, rolling releases and suites containing security updates should have this header. With reprepro you can use the ValidFor config option. http://deriv.debian.net/CumulusLinux/check-package-list https://wiki.debian.org/DebianRepository/Format#Date.2C_Valid-Until The apt repository for Cumulus does not contain source packages. Nolan explained a while ago that this situation was being worked on. Do you know if any progress has been made on that issue? http://deriv.debian.net/CumulusLinux/check-sources-list https://lists.debian.org/53BEFC2B.3010700@cumulusnetworks.com The page is missing a dpkg vendor field. It is important that Debian derivatives set this properly on installed systems and mention the value of the field in the derivatives census. https://wiki.debian.org/Derivatives/Guidelines#Vendor The Cumulus blog is aggregated on Planet Debian derivatives which helps the Debian community find out the things that are happening in the world of Debian derivatives. http://planet.debian.org/deriv/ This year the annual Debian conference is in Montreal, Canada. It would be great if developers from Cumulus could attend DebConf. If this isn't possible, next year DebConf will be in Hsinchu, Taiwan. https://debconf17.debconf.org/ https://wiki.debconf.org/wiki/DebConf18 I would encourage Cumulus Networks (the Cumulus Linux corporate sponsor) to contribute financially to ensure the continued survival of Debian and the success of the annual Debian conference. https://debconf17.debconf.org/sponsors/become-a-sponsor/ https://debconf.org/sponsors/ https://www.debian.org/donations https://www.debian.org/partners/ I would encourage any attendees to volunteer to ensure the continued the success of the annual Debian conference, here are some examples of things that need helpers. https://wiki.debconf.org/wiki/DebConf13/VolunteerCoordination I note that Cumulus is based on Debian stable. The Debian release team recently released a timeline for the freeze for the next Debian stable release. I would encourage you to review it and prepare your plans for rebasing on the next Debian release (stretch). https://release.debian.org/#updates A great way to help ensure that the next Debian release working well is to install and run the how-can-i-help tool and try to work on any issues that come up. https://www.lucas-nussbaum.net/blog/?p=837 https://packages.debian.org/unstable/how-can-i-help https://wiki.debian.org/how-can-i-help You might want to consider adding DNSSEC to your domains, TLSA records and SSL to some of your domains. SSL on repo.cumulusnetworks.com will help Cumulus users to obscure package names and version numbers from global active adversaries. You might also want to add HSTS headers. http://dnsviz.net/d/cumulusnetworks.com/ https://wiki.mozilla.org/Security/Guidelines/Web_Security Please feel free to circulate this mail within the Cumulus team. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part