RE: Developing on Debian
Hello, I have a few more questions that were pushed my direction from our Board of Directors. Before the questions though I would like to thank you for the fast response to my inquiry! It will make you proud to know that you were the first response to the questions that I had out of Red Hat, Suse, Xandros, Slackware, and Mandriva. Here are the 2 additional questions that I need some assistance with: 1. Security features, current and planned? 2. Why is distribution better than others available? Again thanks for your input, and help in our search for a Linux platform. You guys are great! Jason Mock Sales Engineer High Touch, Inc. [EMAIL PROTECTED] Reaching higher for our clients everyday... -Original Message- From: Philip Hands [mailto:[EMAIL PROTECTED] Sent: Thursday, October 13, 2005 6:30 AM To: Baruch Even Cc: Jason Mock; debian-project@lists.debian.org Subject: Re: Developing on Debian Baruch Even wrote: Hi, Debian GNU/Linux is a volunteer organization that develops a world-class operating system based on the Linux kernel and GNU project. I'll go point by point to answer your questions. Jason Mock wrote: I had some questions on your ISV program. We're a retail point of sale software company that is seeking out a Linux platform to distribute our software on. A few of the questions that I have are concerning the Corporate Server version of your software. I need the following information: *_Original purchase cost_* - Currently we use SCO Unix. The way this process works with them is we buy a development kit, produce a tape that contains the OS and our software. We assign the end user a license for the server, and pay SCO on that license. How does your process work when it comes to distribution? What are the license costs associated with this process? Debian GNU/Linux is free-software, as long as you base your system on our official components (the 'main' archive) you are free to distribute the system and have our blessing to use and distribute it with no license costs whatsoever. Yes, we _are_ that generous. While what Baruch says is true, you should be aware that with Debian GNU/Linux, as with all versions of GNU/Linux (some people call that just Linux BTW, they're talking about the same thing) much of the operating system is covered by a license called the GNU GPL (General Public License). As a distributor of GPLed software, you would be obliged to offer your clients copies of the source of those programs, or a written offer to provide it on request, and you should probably mention that you are using GPLed software in your manuals somewhere. I'm sure that this obligation could be handled by including an extra CD/DVD in the packaging, with the relevant for of words on it's cover -- it might be worth checking the details on the debian-legal mailing list if you decide to use Debian as your base. There are other licenses we use that have similar conditions, but a single page of small-print and an extra CD should deal with the lot in one go. N.B. The GPL does not in any way affect programs that you simply aggregate onto the same distribution media. As long as you don't start modifying already GPLed code, or taking snippets of GPLed code and including them in your own programs, there is no obligation for you to distribute the source of your own copyrighted works -- that's a silly rumour that Microsoft were trying to spread at one point. As evidenced by the multiple replies, we're not a company, we're a volunteer organisation. As such we're not going to be signing heads of agreement letters with you, or part funding one another's marketing campaigns or many of the other things that you might expect from a company. That said, there are compelling reasons to choose Debian as your base, rather than the alternatives. Since there is no company, there is no motive on our part to release cosmetic upgrades just to be able to charge you an upgrade fee. Historically, we release less often than other distributions, at least partly because we do not release until the software is really stable -- having no marketing department means that we don't have a deadline to hit, so we don't just release whatever we've got on the assigned release date, we work on the code until it works properly, then release. As an ISV that means that you will not need to be retesting everything every six months. The flip-side of that is of course that new features tend to take a while to percolate into our stable release, but we also have an up to the minute unstable distribution, and a half-way house testing distribution. I'd imagine that all your needs (if you were happy with SCO) will be more than satisfied by our stable release, but if there's one or two packages that offer features that you need from later than that, the normal approach is to grab the newer source and build them for the stable system -- we provide tolls to make this easy. So, the bottom line is, you can grab
Re: Developing on Debian
Jason Mock wrote: Hello, I have a few more questions that were pushed my direction from our Board of Directors. Before the questions though I would like to thank you for the fast response to my inquiry! It will make you proud to know that you were the first response to the questions that I had out of Red Hat, Suse, Xandros, Slackware, and Mandriva. Here are the 2 additional questions that I need some assistance with: 1. Security features, current and planned? I assume you mean security updates and features related to security such as firewalls, SELinux and such. The Debian project provides security updates to the stable version (currently sarge) and for a short while to oldstable (the version that predates that, currently woody). The security service is provided via the security.debian.org servers and you simply use apt-get to upgrade the needed packages. Some peoples simply script their machines to do that nightly in an unattended fashion. The service is provided free-of-charge and the time between releases is long so you are assured that your current platform will be stable for quite some time, and as discussed before, upgrading to a newer version is usually done with little trouble when the time comes and doesn't require a full reinstall. This is by design. 2. Why is distribution better than others available? That would be something that you need to evaluate for your own needs based on your requirements and how the various distributions fulfill them. IMO, Your best bet is to search for the data points that would affect each point of your needs from the Linux system. Baruch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Developing on Debian
Jason Mock wrote: Hello, I have a few more questions that were pushed my direction from our Board of Directors. Before the questions though I would like to thank you for the fast response to my inquiry! It will make you proud to know that you were the first response to the questions that I had out of Red Hat, Suse, Xandros, Slackware, and Mandriva. Here are the 2 additional questions that I need some assistance with: 1. Security features, current and planned? We have a highly responsive security team who address issues as they arise: http://www.debian.org/security/ This combined with the fact that our packaging system allows for continuous upgrades means that when an alert happens, you will have developed a level of confidence in the system that will allow you to actually perform the upgrade. Other systems, where one is not able to develop that confidence, tend to gently rot to the point where nobody is brave enough to upgrade anything, regardless of how grave the security flaws that are being left open by not doing so. The reason our upgrade system works so well is in part due to the chaotic nature of our organisation. Because we have vast numbers of developers, and users, running all sorts of odd combinations of versions of software, upgrading them in different orders, and generally doing bizarre things, pretty much every conflict or dependency problem you were ever going to run into has been found by someone else months ago -- that means that you won't get bitten by those bugs. If we only tested packages against the other software in a particular release, and only attempted to build it for one or two architectures, many of those packaging issues would go undetected, and so would still be available to bite you. So we have effective security updates, on a system where you will be brave enough to actually apply them in a timely manner. 2. Why is distribution better than others available? I think I covered a lot of the points I the previous mail. probably few things that should be of particular interest are: The fact that we positively encourage people to do spin-off distributions for specialist purposes, to the extent that we have mailing lists, and tools to make that easier -- as an ISV, selling turn-key solutions, you are in effect doing a specialised version of the OS you distribute, so having the tools and experience of others to build that with is likely to make the final result much more robust than if you're just standing there passively waiting for the distribution vendor to slop whatever they felt like serving up this time round into your bowl. We don't expect you to pay is any sort of fee. Not up-front, and not per server. Of course, you may chose to spend the money you've saved on support from one of the many offering commercial support on Debian, but that will be up to you, and if you don't like the support you get, you'll have the chance to go elsewhere without needing to change the distribution you're using. There is absolutely no possibility of us going bust, changing business strategy, deciding to sue the known universe or any of the other annoying things that software vendors are prone to do, because we're not doing this for the money, and I doubt there is anything anybody could do to stop most of the people involved in Debian from doing what they're doing. Again thanks for your input, and help in our search for a Linux platform. You guys are great! Have fun, whatever you decide. Cheers, Phil. signature.asc Description: OpenPGP digital signature
RE: Developing on Debian
Philip, Thank you again for your timely response. On the security question, what we are looking for is the built in security within the system. Does debian have a built in firewall, Antivirus, or any other security features that help create a secure work environment? Thanks, Jason Mock Sales Engineer High Touch, Inc. Phone: 316.831.8106 Fax: 316.831.8306 [EMAIL PROTECTED] Reaching higher for our clients everyday... -Original Message- From: Philip Hands [mailto:[EMAIL PROTECTED] Sent: Friday, October 14, 2005 12:46 PM To: Jason Mock Cc: Baruch Even; debian-project@lists.debian.org Subject: Re: Developing on Debian Jason Mock wrote: Hello, I have a few more questions that were pushed my direction from our Board of Directors. Before the questions though I would like to thank you for the fast response to my inquiry! It will make you proud to know that you were the first response to the questions that I had out of Red Hat, Suse, Xandros, Slackware, and Mandriva. Here are the 2 additional questions that I need some assistance with: 1. Security features, current and planned? We have a highly responsive security team who address issues as they arise: http://www.debian.org/security/ This combined with the fact that our packaging system allows for continuous upgrades means that when an alert happens, you will have developed a level of confidence in the system that will allow you to actually perform the upgrade. Other systems, where one is not able to develop that confidence, tend to gently rot to the point where nobody is brave enough to upgrade anything, regardless of how grave the security flaws that are being left open by not doing so. The reason our upgrade system works so well is in part due to the chaotic nature of our organisation. Because we have vast numbers of developers, and users, running all sorts of odd combinations of versions of software, upgrading them in different orders, and generally doing bizarre things, pretty much every conflict or dependency problem you were ever going to run into has been found by someone else months ago -- that means that you won't get bitten by those bugs. If we only tested packages against the other software in a particular release, and only attempted to build it for one or two architectures, many of those packaging issues would go undetected, and so would still be available to bite you. So we have effective security updates, on a system where you will be brave enough to actually apply them in a timely manner. 2. Why is distribution better than others available? I think I covered a lot of the points I the previous mail. probably few things that should be of particular interest are: The fact that we positively encourage people to do spin-off distributions for specialist purposes, to the extent that we have mailing lists, and tools to make that easier -- as an ISV, selling turn-key solutions, you are in effect doing a specialised version of the OS you distribute, so having the tools and experience of others to build that with is likely to make the final result much more robust than if you're just standing there passively waiting for the distribution vendor to slop whatever they felt like serving up this time round into your bowl. We don't expect you to pay is any sort of fee. Not up-front, and not per server. Of course, you may chose to spend the money you've saved on support from one of the many offering commercial support on Debian, but that will be up to you, and if you don't like the support you get, you'll have the chance to go elsewhere without needing to change the distribution you're using. There is absolutely no possibility of us going bust, changing business strategy, deciding to sue the known universe or any of the other annoying things that software vendors are prone to do, because we're not doing this for the money, and I doubt there is anything anybody could do to stop most of the people involved in Debian from doing what they're doing. Again thanks for your input, and help in our search for a Linux platform. You guys are great! Have fun, whatever you decide. Cheers, Phil.
Re: Developing on Debian
Jason Mock wrote: Philip, Thank you again for your timely response. On the security question, what we are looking for is the built in security within the system. Does debian have a built in firewall, Antivirus, or any other security features that help create a secure work environment? Of course. Here's an intro: http://www.debian.org/doc/manuals/securing-debian-howto/ For examples of relevant packages, one can do a few searches: http://packages.debian.org/cgi-bin/search_packages.pl?searchon=allkeywords=virus http://packages.debian.org/cgi-bin/search_packages.pl?searchon=allkeywords=firewall http://packages.debian.org/cgi-bin/search_packages.pl?searchon=allkeywords=selinux I'm sure you can come up with a few of your own -- have a play here: http://packages.debian.org/ Debian's current stable release contains a little over 15,000 packages, which means we include pretty much every mildly useful Free Software package in existence, including the security related ones. Debian generally takes the approach that if you don't want a service, the software that provides that service is not even installed on your system. Since installing and removing packages is trivially easy, that's the fastest way of turning services on and off -- it's difficult to exploit a program that is not there. The problems you're likely to face are mostly going to be things like deciding which of the many available virus scanning frameworks is the one that suits you best. (I'd go for MailScanner clamav on that particular question, but tastes differ) I suggest you have a look around the various documents available on the web site, and perhaps try putting any further questions you might have into google -- the howto above, for example, is the first hit on google for a search on securing debian (it's also in some way related to most of the next 100 hits and beyond -- Debian material is widely available on the net) Cheers, Phil. signature.asc Description: OpenPGP digital signature
Re: Developing on Debian
Hi, Debian GNU/Linux is a volunteer organization that develops a world-class operating system based on the Linux kernel and GNU project. I'll go point by point to answer your questions. Jason Mock wrote: I had some questions on your ISV program. We’re a retail point of sale software company that is seeking out a Linux platform to distribute our software on. A few of the questions that I have are concerning the “Corporate Server” version of your software. I need the following information: *_Original purchase cost_* – Currently we use SCO Unix. The way this process works with them is we buy a development kit, produce a tape that contains the OS and our software. We assign the end user a license for the server, and pay SCO on that license. How does your process work when it comes to distribution? What are the license costs associated with this process? Debian GNU/Linux is free-software, as long as you base your system on our official components (the 'main' archive) you are free to distribute the system and have our blessing to use and distribute it with no license costs whatsoever. Yes, we _are_ that generous. *_Upgrades_* – With SCO we currently buy an upgrade license on a per system basis as we determine that an OS upgrade is in order. How does your upgrade process work? What are the costs associated with this process? How is the upgrade distributed? Upgrade is performed using our upgrade tools on a live system, the base tool is apt-get with various wrappers on top of that. If your systems are connected to the internet it can be done from our servers directly. Otherwise you can simple distribute the updated packages and upgrade from a CD. Adaptation to that is possible and is up to you, there are many companies and consultants in the Debian eco-system that can help with your exact needs. *_Support_* – As an ISV with SCO we have an account rep that works with us to ensure that we are kept up to speed on new versions, end of life, etc. We also have access to an ISV level support via a 1-800 telephone number. How does your company handle the sales and technical support? What are the fees/costs associated with this type of support? We are not a company, we are a volunteer organization, as such our support is provided by mailing lists, IRC channels and web-based forums by many volunteers. You can however solicit help and support from the many Debian consultants and there are quite a few companies that will be willing to take money for support. The exact costs depend on the consultant or company and you'll have to negotiate that with them directly. More information on our support can be found at http://www.us.debian.org/support and a list of consultants is at http://www.debian.org/consultants/index.en.html Thank you for your input, You are welcome. You can find more information on our website at http://www.debian.org/ Hope this helps, Baruch Even Debian Developer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Developing on Debian
Baruch Even wrote: Hi, Debian GNU/Linux is a volunteer organization that develops a world-class operating system based on the Linux kernel and GNU project. I'll go point by point to answer your questions. Jason Mock wrote: I had some questions on your ISV program. We’re a retail point of sale software company that is seeking out a Linux platform to distribute our software on. A few of the questions that I have are concerning the “Corporate Server” version of your software. I need the following information: *_Original purchase cost_* – Currently we use SCO Unix. The way this process works with them is we buy a development kit, produce a tape that contains the OS and our software. We assign the end user a license for the server, and pay SCO on that license. How does your process work when it comes to distribution? What are the license costs associated with this process? Debian GNU/Linux is free-software, as long as you base your system on our official components (the 'main' archive) you are free to distribute the system and have our blessing to use and distribute it with no license costs whatsoever. Yes, we _are_ that generous. While what Baruch says is true, you should be aware that with Debian GNU/Linux, as with all versions of GNU/Linux (some people call that just Linux BTW, they're talking about the same thing) much of the operating system is covered by a license called the GNU GPL (General Public License). As a distributor of GPLed software, you would be obliged to offer your clients copies of the source of those programs, or a written offer to provide it on request, and you should probably mention that you are using GPLed software in your manuals somewhere. I'm sure that this obligation could be handled by including an extra CD/DVD in the packaging, with the relevant for of words on it's cover -- it might be worth checking the details on the debian-legal mailing list if you decide to use Debian as your base. There are other licenses we use that have similar conditions, but a single page of small-print and an extra CD should deal with the lot in one go. N.B. The GPL does not in any way affect programs that you simply aggregate onto the same distribution media. As long as you don't start modifying already GPLed code, or taking snippets of GPLed code and including them in your own programs, there is no obligation for you to distribute the source of your own copyrighted works -- that's a silly rumour that Microsoft were trying to spread at one point. As evidenced by the multiple replies, we're not a company, we're a volunteer organisation. As such we're not going to be signing heads of agreement letters with you, or part funding one another's marketing campaigns or many of the other things that you might expect from a company. That said, there are compelling reasons to choose Debian as your base, rather than the alternatives. Since there is no company, there is no motive on our part to release cosmetic upgrades just to be able to charge you an upgrade fee. Historically, we release less often than other distributions, at least partly because we do not release until the software is really stable -- having no marketing department means that we don't have a deadline to hit, so we don't just release whatever we've got on the assigned release date, we work on the code until it works properly, then release. As an ISV that means that you will not need to be retesting everything every six months. The flip-side of that is of course that new features tend to take a while to percolate into our stable release, but we also have an up to the minute unstable distribution, and a half-way house testing distribution. I'd imagine that all your needs (if you were happy with SCO) will be more than satisfied by our stable release, but if there's one or two packages that offer features that you need from later than that, the normal approach is to grab the newer source and build them for the stable system -- we provide tolls to make this easy. So, the bottom line is, you can grab a copy for free, distribute it as widely as you like without fee (as long as you supply your clients with the source of our bits) and we're positively happy for you to do so. *_Upgrades_* – With SCO we currently buy an upgrade license on a per system basis as we determine that an OS upgrade is in order. How does your upgrade process work? What are the costs associated with this process? How is the upgrade distributed? Upgrade is performed using our upgrade tools on a live system, the base tool is apt-get with various wrappers on top of that. If your systems are connected to the internet it can be done from our servers directly. Otherwise you can simple distribute the updated packages and upgrade from a CD. Adaptation to that is possible and is up to you, there are many companies and consultants in the Debian eco-system that can help with your exact needs. Just to emphasise the point, Debian
RE: Developing on Debian
Thank you all for your help. Very good information to have! Jason Mock Sales Engineer High Touch, Inc. Phone: 316.831.8106 Fax: 316.831.8306 [EMAIL PROTECTED] Reaching higher for our clients everyday... -Original Message- From: Philip Hands [mailto:[EMAIL PROTECTED] Sent: Thursday, October 13, 2005 6:30 AM To: Baruch Even Cc: Jason Mock; debian-project@lists.debian.org Subject: Re: Developing on Debian Baruch Even wrote: Hi, Debian GNU/Linux is a volunteer organization that develops a world-class operating system based on the Linux kernel and GNU project. I'll go point by point to answer your questions. Jason Mock wrote: I had some questions on your ISV program. We're a retail point of sale software company that is seeking out a Linux platform to distribute our software on. A few of the questions that I have are concerning the Corporate Server version of your software. I need the following information: *_Original purchase cost_* - Currently we use SCO Unix. The way this process works with them is we buy a development kit, produce a tape that contains the OS and our software. We assign the end user a license for the server, and pay SCO on that license. How does your process work when it comes to distribution? What are the license costs associated with this process? Debian GNU/Linux is free-software, as long as you base your system on our official components (the 'main' archive) you are free to distribute the system and have our blessing to use and distribute it with no license costs whatsoever. Yes, we _are_ that generous. While what Baruch says is true, you should be aware that with Debian GNU/Linux, as with all versions of GNU/Linux (some people call that just Linux BTW, they're talking about the same thing) much of the operating system is covered by a license called the GNU GPL (General Public License). As a distributor of GPLed software, you would be obliged to offer your clients copies of the source of those programs, or a written offer to provide it on request, and you should probably mention that you are using GPLed software in your manuals somewhere. I'm sure that this obligation could be handled by including an extra CD/DVD in the packaging, with the relevant for of words on it's cover -- it might be worth checking the details on the debian-legal mailing list if you decide to use Debian as your base. There are other licenses we use that have similar conditions, but a single page of small-print and an extra CD should deal with the lot in one go. N.B. The GPL does not in any way affect programs that you simply aggregate onto the same distribution media. As long as you don't start modifying already GPLed code, or taking snippets of GPLed code and including them in your own programs, there is no obligation for you to distribute the source of your own copyrighted works -- that's a silly rumour that Microsoft were trying to spread at one point. As evidenced by the multiple replies, we're not a company, we're a volunteer organisation. As such we're not going to be signing heads of agreement letters with you, or part funding one another's marketing campaigns or many of the other things that you might expect from a company. That said, there are compelling reasons to choose Debian as your base, rather than the alternatives. Since there is no company, there is no motive on our part to release cosmetic upgrades just to be able to charge you an upgrade fee. Historically, we release less often than other distributions, at least partly because we do not release until the software is really stable -- having no marketing department means that we don't have a deadline to hit, so we don't just release whatever we've got on the assigned release date, we work on the code until it works properly, then release. As an ISV that means that you will not need to be retesting everything every six months. The flip-side of that is of course that new features tend to take a while to percolate into our stable release, but we also have an up to the minute unstable distribution, and a half-way house testing distribution. I'd imagine that all your needs (if you were happy with SCO) will be more than satisfied by our stable release, but if there's one or two packages that offer features that you need from later than that, the normal approach is to grab the newer source and build them for the stable system -- we provide tolls to make this easy. So, the bottom line is, you can grab a copy for free, distribute it as widely as you like without fee (as long as you supply your clients with the source of our bits) and we're positively happy for you to do so. *_Upgrades_* - With SCO we currently buy an upgrade license on a per system basis as we determine that an OS upgrade is in order. How does your upgrade process work? What are the costs associated with this process? How is the upgrade distributed? Upgrade is performed using our upgrade tools on a live system
Re: Developing on Debian
ke, 2005-10-12 kello 16:42 -0500, Jason Mock kirjoitti: I had some questions on your ISV program. We’re a retail point of sale software company that is seeking out a Linux platform to distribute our software on. A few of the questions that I have are concerning the “Corporate Server” version of your software. I need the following information: I suspect that you mistake the Debian project for a company. We're not a company, we're a volunteer project. See http://www.us.debian.org/intro/about for more information. -- Never underestimate the power of a small tactical Lisp interpreter.