Menu
▾
▴
[turnkeylinux-users] integrity of turnkey appliances + website template + collaboration with server team (Re: Re: [ubuntu-marketing] new project builds Ubuntu based appliances )
|
From: Liraz S. <li...@tu...> - 2008-09-13 09:53:03
|
Hi Corey,
Thank you for taking the time to look at our project. I appreciate your
concerns and would like to attempt to address the points you raise.
1) Regarding the security integrity of TurnKey appliances...
(From our FAQ on the website...)
Why should I trust the security integrity of a TurnKey appliance?
In a nutshell: trust, but verify.
The long version: since TurnKey appliances are built almost entirely
from unmodified Ubuntu binaries, it is possible for anyone who wants
to keep us honest to verify the integrity of the binaries that make
up our appliances against the original package signatures from the
official Ubuntu repositories.
There are minor exceptions. When required, an appliance may contain a
few modified or new packages. All such packages are appropriately
labelled in the package management system, and full source code is
available on Launchpad and/or http://code.turnkeylinux.org/
In other words, users should be able to trust a TurnKey appliance as
much as they trust a normal general-purpose installation of Ubuntu.
2) Regarding the website template
I thought the reason the Ubuntu Drupal theme templates were released
in the first place was so they could be used by Ubuntu sister
projects (e.g., loco teams).
We're promoting Ubuntu too, just not in a geographical sense.
We intentionally monkeyed the online tools and stylings of the Ubuntu
community because we view ourselves as an extension of the Ubuntu
community and wanted to avoid reinventing the wheel.
I don't think we went as as far as trying to mislead anyone regarding
any official affiliation with Canonical/Ubuntu.
Just to be on the safe side we did our best to contact the an
official Ubuntu/Canonical representitive (Jono Bacon and Daniel
Holbach) to give them a heads up a couple of weeks before we launched
and asked them for feedback. We also asked about partnership programs
for opensource projects. Jono couldn't reply because he was on
vacation, but Daniel Holbach pretty much gave us his blessing and
offered to help us collaborate with Ubuntu developers and merge any
changes we made back into mainline Ubuntu.
3) Collaboration with the server team
That would certainly be an interesting option to explore in the
future, assuming non-Canonical developers could be given unfettered
access to the relevant Ubuntu infrastructure and tools required to
develop Ubuntu derivatives. Besides our project there are a few other
projects (e.g., gNewSense, MythBuntu) that might benefit.
On the other hand, developing by proxy through the server team
probably wouldn't be very practical. On their side it would
significantly add to their workload and on our side it would slow
down the development cycle dramatically.
Cheers,
Liraz
Corey Burger wrote:
> On Fri, Sep 12, 2008 at 8:14 AM, Liraz Siri <li...@tu...> wrote:
>> Hi guys,
>>
>> First, let me introduce myself. My name is Liraz Siri and I am one of
>> the developers behind TurnKey Linux, a new opensource project that
>> builds Ubuntu based Live CD appliances to serve specific niche roles.
>>
>> We've recently released public betas of our first three Live CD
>> appliances (TurnKey Drupal, TurnKey joomla and TurnKey LAMP).
>>
>> [ .. snip .. ]
>>
>> What do you think?
>
> I love the idea of applicances. What scares me with them is the
> security issue. You seem to have neatly solved that problem by basing
> your appliances on an actual distro, not some home-brewed stuff.
>
> However, I would be careful with your website, as Alan points out,
> uses the official template (or a close facimile of). Also, you host
> iso files on sf.net without any coressponding source. The easiest way
> to solve both these problems is to help the server team and make your
> appliances with them.
>
> Corey
>
|