On 21/04/17 11:25 PM, Paul Wise wrote: > Would you like to take this opportunity to introduce yourself > and Wazo to us all? About Wazo: the distribution is centered around VoIP, uses Asterisk at its core and envisions to be like the OpenStack of telecoms: a fully free-software distro allowing people to build unified communications systems. All features are or will be API-driven so that it can be integrated in various environments. Wazo is a fork of XiVO, which started about 10 years ago, and the fork happened in December 2016. We are a team of 4 developers, all french-speaking and free-software enthusiasts. More details on our blog: http://blog.wazo.community/introducing-wazo.html#introducing-wazo About myself: I'm one of the developers of Wazo, I worked on XiVO for 5 years before the fork and I'm a daily user of Debian and Archlinux. > The page says that Wazo modifies Debian binary packages. Fixed. > Some of the Release files in the apt repository for Wazo are missing > the Valid-Until header I understand this setting has no effect on caching the Release files, right? An apt-get update won't consider a still-valid Release file as already up-to-date and will still replace the already downloaded Release file, as long as the Date is more recent, is this correct? Also, I don't really know what would be a good value for ValidFor... 1 minute? 1 hour? 1 day? What about 0 minutes? Or is this a not-recommended setting? In my mind, "ValidFor: 0m" would still prevent the security issue, can you confirm this? > Some of the Release files are also missing the Label field Fixed. Thanks a lot for all the recommendations. We can't do everything you propose right now, but we'll keep them in mind. -- Sébastien Duthil
Attachment:
signature.asc
Description: OpenPGP digital signature