From: Liraz S. <li...@tu...> - 2008-09-13 09:53:03
|
Hi Corey, Thank you for taking the time to look at our project. I appreciate your concerns and would like to attempt to address the points you raise. 1) Regarding the security integrity of TurnKey appliances... (From our FAQ on the website...) Why should I trust the security integrity of a TurnKey appliance? In a nutshell: trust, but verify. The long version: since TurnKey appliances are built almost entirely from unmodified Ubuntu binaries, it is possible for anyone who wants to keep us honest to verify the integrity of the binaries that make up our appliances against the original package signatures from the official Ubuntu repositories. There are minor exceptions. When required, an appliance may contain a few modified or new packages. All such packages are appropriately labelled in the package management system, and full source code is available on Launchpad and/or http://code.turnkeylinux.org/ In other words, users should be able to trust a TurnKey appliance as much as they trust a normal general-purpose installation of Ubuntu. 2) Regarding the website template I thought the reason the Ubuntu Drupal theme templates were released in the first place was so they could be used by Ubuntu sister projects (e.g., loco teams). We're promoting Ubuntu too, just not in a geographical sense. We intentionally monkeyed the online tools and stylings of the Ubuntu community because we view ourselves as an extension of the Ubuntu community and wanted to avoid reinventing the wheel. I don't think we went as as far as trying to mislead anyone regarding any official affiliation with Canonical/Ubuntu. Just to be on the safe side we did our best to contact the an official Ubuntu/Canonical representitive (Jono Bacon and Daniel Holbach) to give them a heads up a couple of weeks before we launched and asked them for feedback. We also asked about partnership programs for opensource projects. Jono couldn't reply because he was on vacation, but Daniel Holbach pretty much gave us his blessing and offered to help us collaborate with Ubuntu developers and merge any changes we made back into mainline Ubuntu. 3) Collaboration with the server team That would certainly be an interesting option to explore in the future, assuming non-Canonical developers could be given unfettered access to the relevant Ubuntu infrastructure and tools required to develop Ubuntu derivatives. Besides our project there are a few other projects (e.g., gNewSense, MythBuntu) that might benefit. On the other hand, developing by proxy through the server team probably wouldn't be very practical. On their side it would significantly add to their workload and on our side it would slow down the development cycle dramatically. Cheers, Liraz Corey Burger wrote: > On Fri, Sep 12, 2008 at 8:14 AM, Liraz Siri <li...@tu...> wrote: >> Hi guys, >> >> First, let me introduce myself. My name is Liraz Siri and I am one of >> the developers behind TurnKey Linux, a new opensource project that >> builds Ubuntu based Live CD appliances to serve specific niche roles. >> >> We've recently released public betas of our first three Live CD >> appliances (TurnKey Drupal, TurnKey joomla and TurnKey LAMP). >> >> [ .. snip .. ] >> >> What do you think? > > I love the idea of applicances. What scares me with them is the > security issue. You seem to have neatly solved that problem by basing > your appliances on an actual distro, not some home-brewed stuff. > > However, I would be careful with your website, as Alan points out, > uses the official template (or a close facimile of). Also, you host > iso files on sf.net without any coressponding source. The easiest way > to solve both these problems is to help the server team and make your > appliances with them. > > Corey > |