Why should I trust the integrity of a TurnKey virtual appliance?

In a nutshell: trust, but verify.

Since a TurnKey Linux virtual appliance is built almost entirely from unmodified Ubuntu binaries, it is possible for anyone to verify the integrity of the binaries that make up a virtual appliance against the original package signatures from the official Ubuntu repositories.

There are minor exceptions. When required, a virtual appliance may contain a few custom packages which are updated from our cryptographically signed package repository. Full source code for all custom components is available in our code repository. Some components are also hosted on github.

To prevent tampering, we sign all releases so that users can cryptographically verify the integrity of their downloads. Also, our virtual appliances are configured to automatically verify the cryptographic integrity of any package (including custom components) that is installed through the package management system (e.g., automatic security updates).

In other words, users should be able to trust a TurnKey Linux virtual appliance as much as they trust a normal general-purpose installation of Ubuntu.

If there is anything else we can do to satisfy our more paranoid users, please let us know.

Who are you guys?

TurnKey Linux is a community-oriented open source project started by Alon Swartz and Liraz Siri, with the generous support of their employer Sterile Security, a stealth-stage startup dedicated to bringing innovative Linux-based solutions to the masses (don't tell anyone - SHH!). All of us benefit enormously from open source every day. This is our way of giving back!

Why is the TurnKey virtual appliance library based on Ubuntu ... ?

(and not Redhat/CentOS or Novell SUSE, or Gentoo, or Slackware, rPath, or Linux from Scratch, etc.)

The short answer is that like millions of other Linux enthusiasts we have grown to love Ubuntu.

It's no accident that Ubuntu has quickly grown to be the largest and most popular Linux distribution in the world by a significant margin.

Ubuntu embodies "humanity towards others" in a way that inspires a deep passion amongst its users.

By following the Ubuntu Code of Conduct, the Ubuntu community has developed into a friendly oasis in which everyone is invited and treated with respect, whether they are technical gurus or uninformed newcomers.

At a technical level, Ubuntu is by far the most transparent of any distribution with major financial backing. All development happens out in the open. There are so few boundaries between part-time community volunteers and full-time employees that it can be hard to tell them apart. This makes Ubuntu much easier to work and collaborate with if you're a developer.

Finally, unlike other commercial Linux distributors, Ubuntu isn't distracted by the inherent conflicts of interest in maintaining a premium for-pay product and a free community edition. Ubuntu is all free, including updates!

What about Debian?

We couldn't love Ubuntu without loving Debian too, and in the future we'd like to work on building the TurnKey virtual appliance library on top of Debian as well.

Note that behind the scenes Ubuntu is based on Debian, one of the oldest and by far the largest of the non-commercial Linux distributions, with over a thousand dedicated voluteer developers, and more than 23,000 packages in its software repositories. Debian does much of the heavy lifting for Ubuntu behind the scenes, but Ubuntu certainly deserves credit for taking Debian the last mile and delivering its technical excellence to such a wide audience.

Ultimately, whether or not most Ubuntu users realize it Debian is a long term insurance policy in the remote case that something ever goes terribly wrong with Ubuntu's commercial sponsor Canonical. One of Debian's greatest strengths is that it has no single point of failure. In a worst case scenario, Debian will be able to offer a safe and free migration path for former Ubuntu users.

Should I use Ubuntu Server or a TurnKey virtual appliance?

Ubuntu Server is a general purpose platform which a system administrator can use to integrate his or her own custom Linux server. If that is what you want then we recommend Ubuntu Server highly.

By contrast, a TurnKey Linux virtual appliance is designed to fill a specific niche role as efficiently and easily as possible. If that is what you want you could save yourself or your organization valuable time and energy by using an existing TurnKey virtual  appliance (I.e., assuming one exists for that role).

There are also a few secondary advantages you might find attractive:

  • Leaner footprint: A TurnKey virtual appliance is only as large as it has to be, so instead of downloading 600MB installation ISO full of packages you will never use, a typical TurnKey virtual appliance would be around 160MB.

  • Faster, easier install: Installing a TurnKey virtual appliance usually takes around one minute and is typically much easier than installing a comparable system (e.g., LAMP stack) via Ubuntu Server's standard installer.

Why does this site look so much like the official Ubuntu site?

We're using the Drupal theme Canonical (Ubuntu's commercial sponsor) publicly released to make it easy for Ubuntu-related sites to share a common visual theme.

Rather than trying to reinvent the wheel (poorly), we've shamelessly copied the online tools and stylings of the Ubuntu community as a way of communicating that we view TurnKey Linux as a specialized extension of the community that focuses on creating a virtual appliance library while sharing a common technical base and very similar goals and values.

Just to be on the safe side we gave Canonical a heads up before we launched and asked for feedback to make sure we weren't doing anything inappropriate. Quite to the contrary, our contribution to the community received a friendly, encouraging welcome.