Subject: Debian derivatives census: Abalar: welcome!
Hi,
I would like to welcome Abalar to the Debian derivatives census! Would
you like to take this opportunity to introduce Abalar to us all?
https://wiki.debian.org/Derivatives/Census/Abalar
It would be great if you could join our mailing list and IRC channel:
https://wiki.debian.org/DerivativesFrontDesk
I would encourage you to look at Debian's guidelines for derivatives:
https://wiki.debian.org/Derivatives/Guidelines
You may want to look at our census QA page, some of the mails from
there may apply to Abalar.
https://wiki.debian.org/Derivatives/CensusQA
You don't appear to be subscribed to the Abalar census page, we've
made a few changes:
https://wiki.debian.org/Derivatives/Census/Abalar?action=info
The page says that Abalar modifies Debian binary packages. It is quite
rare that distributions modify Debian binary packages instead of
modifying source packages and rebuilding them. Does Abalar actually do
this? If so could you describe what kind of modifications you are
making? If not I guess the page needs to be fixed.
Some of the Release files in the apt repository for Abalar are missing
the Valid-Until header, which allows clients to find out when active
network attackers are holding back newer Release files. At minimum,
rolling releases and suites containing security updates should have
this
header. With reprepro you can use the ValidFor config option.
https://wiki.debian.org/DebianRepository/Format#Date.2C_Valid-Until
The page is missing a dpkg vendor field. It is important that Debian
derivatives set this properly on installed systems and mention the
value of the field in the derivatives census.
https://wiki.debian.org/Derivatives/Guidelines#Vendor
There doesn't appear to be an Abalar blog or a blog aggregator for
Abalar developers. If these existed they would be syndicated on Planet
Debian derivatives and would help the Debian community find out the
things that are happening in Abalar.
https://planet.debian.org/deriv/
This year the annual Debian conference is in Curitiba, Brazil. It
would be great if developers from Abalar could attend DebConf.
https://debconf19.debconf.org/
I would encourage any attendees to volunteer to ensure the continued
the success of the annual Debian conference, here are some examples of
things that need helpers.
https://wiki.debconf.org/wiki/DebConf13/VolunteerCoordination
A great way to help ensure that the next Debian release is working well
is to install and run the how-can-i-help tool and try to work on any
issues that come up.
https://wiki.debian.org/how-can-i-help
https://www.lucas-nussbaum.net/blog/?p=837
https://packages.debian.org/unstable/how-can-i-help
I note that Abalar also has wheezy and jessie in the apt repository.
The Debian LTS (Long Term Support) team has taken over security
maintenance for these releases. I would encourage Abalar to help out
with this effort either financially or with developer time.
https://wiki.debian.org/LTS/
https://lists.debian.org/debian-lts-announce/2016/04/msg00000.html
I note that Abalar uses Debian backports, you might also like to
contribute your backporting efforts to Debian.
https://backports.debian.org/Contribute/
You might want to consider adding DNSSEC to your domains, TLSA records
and SSL to some of your domains. SSL on the repository will help Abalar
users to obscure package names and version numbers from global active
adversaries. You might also want to add HSTS headers.
http://oktan.ls.fi.upm.es/deb-multimedia/
http://www.edu.xunta.gal/centros/abalar/aulavirtual2/
https://wiki.mozilla.org/Security/Guidelines/Web_Security
Please feel free to circulate this mail within the Abalar team.
--
Anastasia Tsikoza (moonkin)
Debian Derivatives Team Intern
Reply to: