[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian derivatives census: BlackWeb: welcome!

Hi BlackWeb team,

I would like to welcome yourself and BlackWeb to the Debian derivatives
census! Would you like to take this opportunity to introduce yourself
and BlackWeb to us all? 


Please fill in the "Debian derivatives census maintainer" field with
the name and email address of a team member nominated to maintain the
derivatives census page for BlackWeb.

It would be great if you could join our mailing list and IRC channel:


I would encourage you to look at Debian's guidelines for derivatives:


You may want to look at our census QA page, some of the mails from
there may apply to BlackWeb.


You don't appear to be subscribed to the BlackWeb census page,
I've made a few changes to the BlackWeb census page:


The page says that BlackWeb modifies Debian binary packages. It is
quite rare that distributions modify Debian binary packages instead of
modifying source packages and rebuilding them. Does BlackWeb actually
do this? If so could you describe what kind of modifications you are
making? If not I guess the page needs to be fixed.

The apt repository for BlackWeb does not contain source packages,
including for packages licensed under the GNU GPL like wireshark.
This may or may not be a copyright violation depending on whether or
not you distribute those elsewhere. In any case, please add source
packages to your repository so that Debian can automatically create
patches to be presented to Debian package maintainers.


The Release files in the apt repository for BlackWeb are missing the
Valid-Until header, which allows clients to find out when active
network attackers are holding back newer Release files. At minimum,
rolling releases and suites containing security updates should have
this header. With reprepro you can use the ValidFor config option.


The Release files in the apt repository are also missing the Origin,
Label and Description headers.


I note that BlackWeb is based on Debian stable. The Debian release team
recently released a timeline for the freeze for the next Debian stable
release. I would encourage you to review it and prepare your plans for
rebasing on the next Debian release (buster).


A great way to help ensure that the next Debian release is working well
is to install and run the how-can-i-help tool and try to work on any
issues that come up.


The page is missing a dpkg vendor field. It is important that Debian
derivatives set this properly on installed systems and mention the
value of the field in the derivatives census.


I've added the BlackWeb blog to Planet Debian derivatives which helps
the Debian community find out the things that are happening in the
world of Debian derivatives.


Since BlackWeb is based in Romania you might be interested in meeting
some of the Debian contributors from Romania.


This year the annual Debian conference is in Curitiba, Brasil. It would
be great if developers from BlackWeb could attend DebConf. If this
isn't possible, next year DebConf will be in Haifa, Israel.


I would encourage any attendees to volunteer to ensure the continued
the success of the annual Debian conference, here are some examples of
things that need helpers.


I note there are other security related Debian derivatives called Kali
and Parrot Security, have you considered collaborating with them?


I note that BlackWeb uses LXDE, I would encourage you to
provide feedback and fixes to the LXQt team.


Please feel free to circulate this mail within the BlackWeb team.



Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: