Walter Lozano
Debian user and contributor, one of the maintainers of Apertis and Software Engineer in Collabora's Core team, working on Apertis and Debian distributions on embedded devices. Additionally, professor at Instituto Politecnico Superior - Universidad Nacional de Rosario in Computer Architecture and Computer Networks.
Accepted Talks:
What’s new in Apertis v2026, the distro and infrastructure for the embedded devices
Apertis is a collaborative OS platform that includes an operating system, but also tools and cloud services to optimize development and increase reliability. Targeting industrial embedded devices, Apertis is used, for instance, in the Atari VCS game console and in the Bosch D-tect 200 wall scanner.
This talk is a follow up from the the one from Debconf25 which will provide an overview of the differences between Apertis and Debian, covering everything from infrastructure to available packages and testing in real hardware.
We’ll also discuss about the rebase on top of Debian Trixie which led to the latest Apertis v2026 release.
Finally, we’ll highlight how our work in Apertis contributes back to Debian, in line with its “Upstream First” policy - a full circle moment that some packages now available in Debian exist thanks to the work done in Apertis!
SBOM in Debian and sbom-toolkit
Software Bills of Materials (SBOMs) have become an increasingly important topic, especially in the embedded systems domain, where products must comply with different regulatory and market requirements depending on their target regions.
This trend has intensified in recent years, particularly with the introduction of the Cyber Resilience Act, which places greater responsibilities on product manufacturers regarding the security and transparency of the software included in their products.
In this context, providing accurate and complete information about the software running on a system is essential for several reasons:
Licensing and copyright: Software is subject to licensing obligations and copyright regulations. Manufacturers must be able to identify the licenses that apply to the software components they distribute, as well as the corresponding copyright holders.
Security: New vulnerabilities are discovered every day. Accurately identifying the exact versions of software components used in a product is critical to assessing exposure to known vulnerabilities and understanding potential security risks.
An SBOM provides the structured information required to address these concerns by listing the software components included in a system along with relevant metadata such as versions, licenses, and dependencies.
In this context, Debian already provides tooling to generate SBOMs, in particular sbom toolkit which provides a debhelper add-on and scripts to help developers to prepare such reports.