FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 06-15-2008, 11:35 AM
Bob
 
Default netinst CD with OpenSSL fix?

Does such a thing exist?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-15-2008, 08:23 PM
Tzafrir Cohen
 
Default netinst CD with OpenSSL fix?

On Sun, Jun 15, 2008 at 07:35:41PM +0800, Bob wrote:
> Does such a thing exist?

If you do a networked installation, you'll get the latest version at
install time anyway.

--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-15-2008, 08:35 PM
Lee Glidewell
 
Default netinst CD with OpenSSL fix?

On Sunday 15 June 2008 01:23:17 pm Tzafrir Cohen wrote:
> On Sun, Jun 15, 2008 at 07:35:41PM +0800, Bob wrote:
> > Does such a thing exist?
>
> If you do a networked installation, you'll get the latest version at
> install time anyway.

The issue here would be using the fixed random number generator to setup whole
disk encryption. Upgrading after installation won't help with that.

--
Lee Glidewell | PGP key: D5D686A7
lee.glidewell@gmail.com |


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-16-2008, 01:08 AM
Joey Hess
 
Default netinst CD with OpenSSL fix?

Lee Glidewell wrote:
> On Sunday 15 June 2008 01:23:17 pm Tzafrir Cohen wrote:
> > On Sun, Jun 15, 2008 at 07:35:41PM +0800, Bob wrote:
> > > Does such a thing exist?
> >
> > If you do a networked installation, you'll get the latest version at
> > install time anyway.
>
> The issue here would be using the fixed random number generator to setup whole
> disk encryption. Upgrading after installation won't help with that.

Per http://www.debian.org/security/key-rollover/ , the LUKS and dm-crypt
encryption that is used for disk encryption is not affected by the openssl
problem.

--
see shy jo
 
Old 06-16-2008, 03:11 AM
Bob
 
Default netinst CD with OpenSSL fix?

Tzafrir Cohen wrote:

On Sun, Jun 15, 2008 at 07:35:41PM +0800, Bob wrote:


Does such a thing exist?



If you do a networked installation, you'll get the latest version at
install time anyway.



I tend to do a standard system install (remotely over ssh complete with
dodgy keys) without getting updates so it all comes off the CD, then
after the first reboot I edit /etc/sources to point to my apt-proxy, run
apt-get dist-upgrade, reboot then tasksel for whatever I'm after.


This way it all comes off my apt-proxy at very high speed.
As I said in the thread "Squid for apt."
http://groups.google.com/group/linux.debian.user/tree/browse_frm/thread/e8bb54d0e99e8906/320639842c72d043?

One thing I'm thinking of doing is editing the host file on my router so
DNS requests for debian.org return the IP of my apt-proxy so that the
hardwired security apt source at install time gets redirected to my
proxy. The problem with that is then I can't browse to debian.org,
what'd be really cool is if there was a separate apt pool address [0]
that did load balancing and had it's address hardwired into the
installer, users of an apt proxy could over ride that address at their
router so installs would automagically pull their files from the proxy.
Another benefit is that, laptops would use the proxy when inside network
but could still update when offsite, without having to edit their
sources file.


Ultimately I guess this just seems like such a fundamental security flaw
that fixing the install media, particularly the DVD images which are
often used by people with little, no or infrequent internet access, so
the problem keys don't propagate any further should be a bit of a priority.


Any way, I'm not bitching, I'm very grateful for all the work put in by
everyone to make Deian the OS it is, etch is my desktop and server OS of
choice and I love it, I'm looking forward to Lenny and from what I've
seen it'll be even better. [1]


[0] a bit like the ntp pool
[1] I really hope Ekiga 3 makes it for Lenny


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 06:51 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org