Halfwaysandwich

Speaker: Gunnar Wolf Track: Security Type: Short talk (20 minutes) Room: Somin Time: Jul 30 (Tue): 15:00 Duration: 0:20 At DebConf22, I presented my PhD project proposal, «OpenPGP Web-of-Trust: A way forward?». The main issue I decided to tackle was the prevention of certificate flooding attacks. Two years later, I researched, implemented and experimented, and want to share the results of my work with one of the largest OpenPGP user community in the world, the Debian project. The talk I will present brings forward the possibility of changing the protocol under which OpenPGP key certifications is performed, by requiring new signatures to be added to public keys (certificate chains) only by their owner, proving this by the means of an attestation. etherpad Protecting OpenPGP keyservers from certificate flooding

Speaker: Justus Winter Track: Security Type: Long talk (45 minutes) Room: Somin Time: Jul 30 (Tue): 11:00 Duration: 0:45 It has been two years since my last DebConf talk on Sequoia, and two years being a small eternity in our fast-paced world, I want to revisit where we are, and where we are going to. Notably, work on our main command-line frontend sq has picked up pace and we are polishing it for a 1.0 release; the IETF OpenPGP working group has concluded with RFC 9580 about to be published (hopefully in time for this talk), has been re-chartered, and is considering new work (notably post-quantum cryptography); you can apt install gpg-from-sq to seamlessly replace GnuPG with Sequoia’s reimplementation; and a lot of the packaging and software-supply-chain infrastructure in various distributions (including, but not limited to Debian) is being converted to (also be able) use Sequoia. If you work on Debian or any other Linux distribution, are a software developer integrating or looking to integrate OpenPGP into their applications, are a digital security trainer, or are simply curious about the state of the OpenPGP ecosystem, this talk is for you! etherpad https://pad.dc24.debconf.org/p/127-sequoia-pgp-sq-gpg-from-sq-v6-openpgp-and-deb

Speakers: Carlos Henrique Lima Melara & Lucas Kanashiro Track: Community, diversity, local outreach and social context Type: Long talk (45 minutes) Room: Bada Time: Jul 30 (Tue): 14:30 Duration: 0:40 Attracting and retaining new contributors for the Debian project is no easy task. One must learn a handful of new tools, deal with mailing lists, irc, salsa, communicate mainly in a foreign language, and all this just to be able to start contributing to some part of the project. In Brazil, we have developed some process and techniques to ease the introduction of newcomers to the project and lower the barrier for contributions. We would like to share some of our experience introducing people to packaging via Debian Brasília community and to localization via l10n-portuguese team. etherpad https://pad.dc24.debconf.org/p/74-attracting-and-retaining-new-contributors-ins

Speaker: Samuel Henrique Track: Security Type: Long talk (45 minutes) Room: Bada Time: Jul 29 (Mon): 15:30 Duration: 0:45 This talk is aimed at people new to fixing CVEs, but I’m also showing a few examples which could be interesting for experienced developers. I’ll present an introduction to CVEs, how Debian deals with CVEs, how to avoid mistakes and my recommendations for a better patch backporting process (which allows for better reviews). A CVE is an identifier for security vulnerabilities, so in other words this is about fixing security issues for Debian. etherpad https://pad.dc24.debconf.org/p/93-fixing-cves-on-debian-everything-you-probably

Speakers: Stefano Rivera & Gunnar Wolf & Sruthi Chandran & Nattie Mayer-Hutchings Track: Community, diversity, local outreach and social context Type: BoF (45 minutes) Room: Bada Time: Aug 03 (Sat): 15:30 Duration: 0:45 Session to discuss possible locations for DebConf26! DebConf 25 is planned to be held in Brest, France. But we have no plans for DebConf26, yet. etherpad https://pad.dc24.debconf.org/p/33-debconf-26-in-your-city

Speaker: Noah Meyerhans Track: Cloud and containers Type: BoF (45 minutes) Room: Pado Time: Aug 02 (Fri): 17:00 Duration: 0:40 There is no cloud, it’s just someone else’s computer… But it can still run Debian. Are you using Debian in the cloud? Are you using Debian to host a private cloud? Come talk about it, share your experiences, learn more about the cloud team and how you can contribute. Topics will vary and there won’t be a predefined agenda. Suggestions for discussion include Status of Debian with respect to common open and commercial cloud environments Cloud deployment and management best practice Cloud service feature support – agents, SDKs, etc. Cloud image availability for different environments Future plans for cloud integration The use of cloud resources for Debian development etherpad https://pad.dc24.debconf.org/p/133-cloud-team-bof

Speaker: Thomas Lange Track: Systems administration, automation and orchestration Type: Short talk (20 minutes) Room: Bada Time: Aug 02 (Fri): 15:00 Duration: 0:20 I will instroduce a new web based service for building customized Debian live images. You can easily select a desktop environment, the language and keyboard layout and add additional packages that are added to the live environment. After a few minutes your own live image is ready for download and can be copied onto an USB stick. Then, just boot from this device and enjoy. Because this is a web service, you don’t need any technical knowledge about Linux commands for using this service. etherpad https://pad.dc24.debconf.org/p/136-a-web-service-for-building-your-own-customize

Speaker: Tianyu Chen Track: Debian Blends and Debian derived distributions Type: Short talk (20 minutes) Room: Bada Time: Aug 02 (Fri): 14:30 Duration: 0:20 deepin Linux is a distribution designed to offer an elegant, user-friendly, and reliable operating system. This talk will explore the development of deepin, providing attendees with insights into the processes and methodologies we use to maintain the system. Maintaining deepin involves unique challenges and workflows. This presentation will delve into the technical aspects of maintaining deepin packages, including our GitHub-based workflow, integration with the Open Build Service (OBS), and the role of automation tools. The session aims to provide a comprehensive overview of deepin’s development process and foster discussions on enhancing collaboration within the Debian community. etherpad https://pad.dc24.debconf.org/p/118-deepin-linux-a-journey-through-development-an

Full title: Fostering collaboration for academic teaching and research on, in, with and around our distribution Speakers: Gunnar Wolf & Tássia Camões Araújo Track: Introduction to Free Software & Debian Type: BoF (45 minutes) Room: Pado Time: Aug 01 (Thu): 10:00 Duration: 0:45 This is the mashup of two related sessions, both trying to push Debian in academic settings — one for teaching, one for research. Their abstracts follow: Teaching Debian-based courses have the potential to create Debian users in “batches”, and from those, a few might even become Debian contributors! Teachers, students, parents, everyone is welcome to discuss how Debian is being used in educational programs. Come and share experiences and strategies to make Debian known and be chosen by those who decide which distro will be installed in school computers. Research While reviewing the talks for DebConf, I noticed we have several people presenting advances (or gathering further data) on the research we are doing for our postgraduate studies. There are several academic researchers of different fields active in our community. In this talk, I would like to gather us all, roughly present each other our interests, and possibly help weave international collaboration networks that will benefit our various research projects, and of course, each of us as an academic. etherpad https://pad.dc24.debconf.org/p/114-fostering-collaboration-for-academic-research

Speaker: Sergio Durigan Junior Track: Packaging, policy, and Debian infrastructure Type: Long talk (45 minutes) Room: Somin Time: Aug 01 (Thu): 14:30 Duration: 0:40 Debian’s debuginfod instance (https://debuginfod.debian.net) was initially set up in 2021. There were minor hiccups in the beginning, but it has been a long time since anything noteworthy had to be done there. For better or worse… Nowadays, among the many GNU/Linux distributions who offer a debuginfod service, ours the is simplest, least useful one. We don’t support source code indexing, don’t have an official debian.org address, and could do better overall when it comes to having a welcoming debugging environment in our system. I would like to present my plan to address one of the most important issues affecting the service now: lack of indexed source code. Yes, it is possible to serve source code (and exectuables) with debuginfod! Let’s discuss (and hopefully reach a consensus) on how to best adjust our build system to make source code more discoverable. etherpad https://pad.dc24.debconf.org/p/132-a-plan-to-support-source-code-indexing-on-deb

Speaker: Leesoo Ahn Track: Cloud and containers Type: Short talk (20 minutes) Room: Bada Time: Aug 01 (Thu): 15:00 Duration: 0:20 This section describes Linux Containers with AppArmor Policy Namespaces, wherein each container can be assigned its own policy namespace, ensuring that the security policy of one container does not affect others. Attendees should know about the basis of Container and AppArmor. etherpad https://pad.dc24.debconf.org/p/106-linux-containers-with-apparmor-policy-namespa

Speaker: Arthur Diniz Track: Systems administration, automation and orchestration Type: Short talk (20 minutes) Room: Bada Time: Aug 01 (Thu): 16:00 Duration: 0:20 Kubernetes is a big deal in cloud computing, helping manage lots of containers efficiently. But fitting it into Debian, a key part of the open-source world, takes some work. This talk looks at how Debian is stepping up to support Kubernetes. We’ll talk about how Debian is making sure its packages work well with Kubernetes. This includes forming the Debian Kubernetes Team, a group dedicated to making Kubernetes work smoothly in Debian. We’ll also discuss what the team is working on and what’s coming up next. And we’ll ask for your help! If you’re into Kubernetes and Debian, we need your input to make things better. Come join us as we explore how Kubernetes and Debian are coming together, and how you can be part of the journey. etherpad https://pad.dc24.debconf.org/p/47-exploring-kubernetes-in-debian-a-call-to-supp

Speaker: Samuel Henrique Track: Packaging, policy, and Debian infrastructure Type: Long talk (45 minutes) Room: Bada Time: Aug 01 (Thu): 11:00 Duration: 0:40 Have you ever wondered what makes Debian so stable (even Debian testing)? Find out what tools and processes are put in place to ensure that everything we ship is of the highest quality and how Debian ends up being the first one to find and report issues to external projects. There’s a lot to talk about, so we are sticking to the high level and to covering as many items as possible. The main topics are the release process and the QA/CI/testing mechanisms. etherpad https://pad.dc24.debconf.org/p/96-the-secret-sauce-of-debian

Speakers: Paulo Henrique de Lima Santana & Daniel Lenharo & Sérgio de Almeida Cipriano Júnior & Andre Correa & Guilherme Puida & Aquila Macedo Costa Track: Introduction to Free Software & Debian Type: Long talk (45 minutes) Room: Bada Time: Aug 01 (Thu): 10:00 Duration: 0:45 A brief report about what Debian community has done in Brazil during 2023/2024: The organization of events such as MiniDebConf Belo Horizonte, Debian Day, and others. We will show some numbers from Brazilian Localization Team and activities organized by us, as well as the plans for 2024/2025. Brasília is the capital of Brazil, and Debian Brasília Community will also talk about the hardships creating a local Debian community, maintaining it and keeping track of what such a community has done in the previous year. Debian Brasília has grown from 2 persons to a bright and vibrant community of more than 15 regular contributors not counting other irregular participants. The question remains: what was accomplished since last year’s DebConf? What is being done to keep track of our accomplishments? What are the main projects we have started, and what are the projects we have improved? When will Brasília be ready to host a DebConf? etherpad https://pad.dc24.debconf.org/p/9-bits-from-brazil

Speaker: Carlos Henrique Lima Melara Track: Embedded & Kernel Type: Short talk (20 minutes) Room: Bada Time: Aug 01 (Thu): 15:30 Duration: 0:20 Developing applications for embedded systems is no easy task. One must know how to use very specific toolchains and tools like Buildroot or Yocto, how cross-compilation works, how the inner-workings of embedded systems operates, etc. What if I told you there is a much simpler way of doing things using Debian containers? Let’s go over how this is possible and how Debian is a key ingredient for it at Toradex. Also let’s see how Toradex can help to improve Debian altogether. etherpad https://pad.dc24.debconf.org/p/128-debiantoradex-or-how-we-use-debian-containers

Speaker: Holger Levsen Track: Security Type: Short talk (20 minutes) Room: Somin Time: Jul 30 (Tue): 14:30 Duration: 0:20 This short talk will explain to you how (when) to run: apt install gpg-from-sq apt install gpg-sq and similar with s#gpg#gpgv#. src:rust-sequoia-chameleon-gnupg is available in trixie and in this short talk I will explain how you can use it (almost) as a full drop-in replacement today. Under the hood, the chameleon is sequoia and while you can use OpenPGP like you’ve done it “forever”, there’s more. etherpad https://pad.dc24.debconf.org/p/16-chameleon-the-easy-way-to-try-out-sequoia-ope

Speaker: Alper Nebi Yasak Track: Embedded & Kernel Type: Short talk (20 minutes) Room: Somin Time: Jul 29 (Mon): 11:30 Duration: 0:20 At DebConf22 I’ve presented a talk about running Debian and Debian Installer on Chromebooks. A lot happened since then – I’ve become a Debian Maintainer and got the core of that work into Debian and Debian Installer, but some critical parts are still missing. Installing and running Debian on Chromebooks is still not as smooth as I’d like it to be. In this talk I’d like to go over what progress happened in the last two years on this front, what works and what doesn’t, and what still remains to be done. etherpad https://pad.dc24.debconf.org/p/73-debian-on-chromebooks-whats-new-and-whats-nex

Speakers: Maulik Shah & Noah Meyerhans & Koshy John Track: Security Type: Long talk (45 minutes) Room: Bada Time: Jul 29 (Mon): 14:30 Duration: 0:45 Every change to a production system carries risk, and this risk is magnified when applications are distributed across hundreds or thousands of hosts. Security updates to Debian are published on an as-needed basis with no ability to predict in advance what package will change at any given moment, which means that an update from the repositories is nondeterministic over time. The apt update/apt upgrade operation performed today may behave differently from the one performed yesterday. In this talk we present a deterministic update strategy based on snapshot support introduced with apt 2.7.0. Using apt snapshots, administrators can lock their systems to a specific point-in-time view of the Debian package repositories backed by snapshot.debian.org. This approach provides repeatable and deterministic update behavior with a number of safety benefits that the administrator can incorporate into their infrastructure testing and deployment strategy in a variety of ways: Pre-production testing that reflects what’s subsequently going to be deployed to production The ability to execute phased updates following a ring-based deployment pattern Building on this foundation, Microsoft has added support for Debian within Microsoft Azure Guest Patching Service. We describe this service and how it can be used to safely and reliably manage fleets of any size within the Microsoft Azure cloud computing environment; while providing the capabilities listed above. Azure’s Safe Deployment Principles monitor the rollout of an update on VMs. Azure pauses a rollout and pushes a new update if a regression is detected on a VM. The same safety mechanism will be in place with Debian Snapshots. By pinning an update for a customer’s fleet across regions, Azure is simplifying the way customers keep their assets secure through Debian Snapshots. etherpad https://pad.dc24.debconf.org/p/131-leveraging-deterministic-updates-to-improve-t

Speaker: Holger Levsen Track: Introduction to Free Software & Debian Type: Long talk (45 minutes) Room: Bada Time: Jul 29 (Mon): 11:00 Duration: 0:40 In this talk Holger “h01ger” Levsen will give an overview about Reproducible Builds: How it started with a small BoF at DebConf13 (and before), then grew from being a Debian effort to something many projects work on together, until in 2021 it was mentioned in an executive order of the president of the United States. And of course, the talk will not end there, but rather outline where we are today and where we still need to be going, until Debian stable (and other distros!) will be 100% reproducible, verified by many. h01ger has been involved in reproducible builds since 2014 and so far has set up automated reproducibility testing for Debian, Fedora, Arch Linux, FreeBSD, NetBSD and coreboot. etherpad Speaker: Holger Levsen Track: Introduction to Free Software & Debian Type: Long talk (45 minutes) Room: Bada Time: Jul 29 (Mon): 11:00 Duration: 0:40 In this talk Holger “h01ger” Levsen will give an overview about Reproducible Builds: How it started with a small BoF at DebConf13 (and before), then grew from being a Debian effort to something many projects work on together, until in 2021 it was mentioned in an executive order of the president of the United States. And of course, the talk will not end there, but rather outline where we are today and where we still need to be going, until Debian stable (and other distros!) will be 100% reproducible, verified by many. h01ger has been involved in reproducible builds since 2014 and so far has set up automated reproducibility testing for Debian, Fedora, Arch Linux, FreeBSD, NetBSD and coreboot.

Speaker: Andreas Tille Track: Debian Blends and Debian derived distributions Type: BoF (45 minutes) Room: Pado Time: Jul 29 (Mon): 15:30 Duration: 0:45 This is the yearly BoF session for people interested in the work of the Debian Med team to meet and discuss about ongoing tasks and also future development work. The discussion will be preceded by a short introduction to Debian Med for newcomers and/or other interested folks. etherpad https://pad.dc24.debconf.org/p/21-debian-med-bof

Speakers: Carlos Henrique Lima Melara & Daniel Lenharo & Paulo Henrique de Lima Santana Track: Community, diversity, local outreach and social context Type: BoF (45 minutes) Room: Pado Time: Jul 29 (Mon): 10:00 Duration: 0:45 A meeting for Brazilian contributors to make plans for the next year regarding Debian in our country. Discuss what we have done since Debconf 23, assess our successes and where we can improve. As a bonus topic, we will select the city where next year’s MiniDebConf will take place. This BoF will be held in Portuguese. etherpad https://pad.dc24.debconf.org/p/22-debian-brasil-bof

https://www.debian.org/ Continuous Key-Signing Party introduction Speaker: Gunnar Wolf Track: Other Type: Short talk (20 minutes) Room: Bada Time: Jul 28 (Sun): 10:30 Duration: 0:20 One of DebConf’s recurring activities is the Key Signing Party. It helps Debian strengthen and expand its web of trust. This session will: Explain how keysigning is done in a DebConf setting Validate the SHA256 hash of the KSP coordination document Explain how to participate to people who did not send their keys in time Once DebConf is closer, we will link from this talk proposal to the relevant documents you should have in hand for the keysigning party. etherpad https://pad.dc24.debconf.org/p/11-continuous-key-signing-party-introduction

https://www.debian.org/ Speakers: Tássia Camões Araújo & Thaís Rebouças Track: Introduction to Free Software & Debian Type: Long talk (45 minutes) Room: Bada Time: Jul 28 (Sun): 11:00 Duration: 0:45 This is aimed to be an ice-breaker session and introduction to the DebConf culture. Especially put together for newcomers to DebConf, but will (hopefully) make longterm participants laugh and enjoy good memories of the old days when they were the newbies. For first-timers, this should be a good opportunity to get to know a few faces, and for the oldies, come and share what you wish you had known before your first DebConf that no one told you! etherpad https://pad.dc24.debconf.org/p/59-debconf-101

https://www.debian.org/ Welcome to DebConf24! Speakers: Jongmin Kim & Changwoo Ryu Track: Other Type: Short talk (20 minutes) Room: Bada Time: Jul 28 (Sun): 10:00 Duration: 0:20 Welcome to Busan! Welcome to DebConf! etherpad https://pad.dc24.debconf.org/p/139-welcome-to-debconf24