Hi BlackWeb team, I would like to welcome yourself and BlackWeb to the Debian derivatives census! Would you like to take this opportunity to introduce yourself and BlackWeb to us all? https://wiki.debian.org/Derivatives/Census/BlackWeb Please fill in the "Debian derivatives census maintainer" field with the name and email address of a team member nominated to maintain the derivatives census page for BlackWeb. It would be great if you could join our mailing list and IRC channel: https://wiki.debian.org/DerivativesFrontDesk I would encourage you to look at Debian's guidelines for derivatives: https://wiki.debian.org/Derivatives/Guidelines You may want to look at our census QA page, some of the mails from there may apply to BlackWeb. https://wiki.debian.org/Derivatives/CensusQA You don't appear to be subscribed to the BlackWeb census page, I've made a few changes to the BlackWeb census page: https://wiki.debian.org/Derivatives/Census/BlackWeb?action=info The page says that BlackWeb modifies Debian binary packages. It is quite rare that distributions modify Debian binary packages instead of modifying source packages and rebuilding them. Does BlackWeb actually do this? If so could you describe what kind of modifications you are making? If not I guess the page needs to be fixed. The apt repository for BlackWeb does not contain source packages, including for packages licensed under the GNU GPL like wireshark. This may or may not be a copyright violation depending on whether or not you distribute those elsewhere. In any case, please add source packages to your repository so that Debian can automatically create patches to be presented to Debian package maintainers. https://wiki.debian.org/Derivatives/CensusQA#No_source_packages https://wiki.debian.org/Derivatives/Integration#Patches The Release files in the apt repository for BlackWeb are missing the Valid-Until header, which allows clients to find out when active network attackers are holding back newer Release files. At minimum, rolling releases and suites containing security updates should have this header. With reprepro you can use the ValidFor config option. https://wiki.debian.org/DebianRepository/Format#Date.2C_Valid-Until The Release files in the apt repository are also missing the Origin, Label and Description headers. http://deriv.debian.net/BlackWeb/check-package-list I note that BlackWeb is based on Debian stable. The Debian release team recently released a timeline for the freeze for the next Debian stable release. I would encourage you to review it and prepare your plans for rebasing on the next Debian release (buster). https://lists.debian.org/debian-devel-announce/2019/03/msg00003.html https://release.debian.org/#updates A great way to help ensure that the next Debian release is working well is to install and run the how-can-i-help tool and try to work on any issues that come up. https://wiki.debian.org/how-can-i-help https://www.lucas-nussbaum.net/blog/?p=837 https://packages.debian.org/unstable/how-can-i-help The page is missing a dpkg vendor field. It is important that Debian derivatives set this properly on installed systems and mention the value of the field in the derivatives census. https://wiki.debian.org/Derivatives/Guidelines#Vendor I've added the BlackWeb blog to Planet Debian derivatives which helps the Debian community find out the things that are happening in the world of Debian derivatives. https://planet.debian.org/deriv/ Since BlackWeb is based in Romania you might be interested in meeting some of the Debian contributors from Romania. https://wiki.debian.org/Keysigning/Offers#RO https://wiki.debian.org/Keysigning/Need#RO_-_Romania This year the annual Debian conference is in Curitiba, Brasil. It would be great if developers from BlackWeb could attend DebConf. If this isn't possible, next year DebConf will be in Haifa, Israel. https://debconf19.debconf.org/ I would encourage any attendees to volunteer to ensure the continued the success of the annual Debian conference, here are some examples of things that need helpers. https://wiki.debian.org/DebConf/19/Volunteer https://debconf-video-team.pages.debian.net/docs/volunteer_roles.html I note there are other security related Debian derivatives called Kali and Parrot Security, have you considered collaborating with them? https://wiki.debian.org/Derivatives/Census/Kali https://wiki.debian.org/Derivatives/Census/ParrotSecurity I note that BlackWeb uses LXDE, I would encourage you to provide feedback and fixes to the LXQt team. https://wiki.debian.org/Teams/LXQtPackagingTeam Please feel free to circulate this mail within the BlackWeb team. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part