netinst CD with OpenSSL fix?
Tzafrir Cohen wrote:
On Sun, Jun 15, 2008 at 07:35:41PM +0800, Bob wrote:
Does such a thing exist?
If you do a networked installation, you'll get the latest version at
install time anyway.
I tend to do a standard system install (remotely over ssh complete with
dodgy keys) without getting updates so it all comes off the CD, then
after the first reboot I edit /etc/sources to point to my apt-proxy, run
apt-get dist-upgrade, reboot then tasksel for whatever I'm after.
This way it all comes off my apt-proxy at very high speed.
As I said in the thread "Squid for apt."
One thing I'm thinking of doing is editing the host file on my router so
DNS requests for debian.org return the IP of my apt-proxy so that the
hardwired security apt source at install time gets redirected to my
proxy. The problem with that is then I can't browse to debian.org,
what'd be really cool is if there was a separate apt pool address 
that did load balancing and had it's address hardwired into the
installer, users of an apt proxy could over ride that address at their
router so installs would automagically pull their files from the proxy.
Another benefit is that, laptops would use the proxy when inside network
but could still update when offsite, without having to edit their
Ultimately I guess this just seems like such a fundamental security flaw
that fixing the install media, particularly the DVD images which are
often used by people with little, no or infrequent internet access, so
the problem keys don't propagate any further should be a bit of a priority.
Any way, I'm not bitching, I'm very grateful for all the work put in by
everyone to make Deian the OS it is, etch is my desktop and server OS of
choice and I love it, I'm looking forward to Lenny and from what I've
seen it'll be even better. 
 a bit like the ntp pool
 I really hope Ekiga 3 makes it for Lenny
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org