On Sun, Jul 20, 2014 at 01:19:58PM +0200, Thijs Kinkhorst wrote: > On Sun, July 20, 2014 08:15, Wouter Verhelst wrote: > > Op zaterdag 19 juli 2014 22:54:47 schreef u: > >> > Please note that there remain cases where accessing HTTPS is difficult > >> > or impossible. One of these (but by no means the only one) is the > >> > current release of debian-installer: the wget implementation inside > >> > stable d-i does not support https, so downloading files from > >> > people.d.o (e.g., for preseeding) will become impossible if this is > >> > implemented as stated.
> >> Hopefully you're not preseeding from a HTTP source, since that means > >> you're quite vulnerable to trivial MITM attacks > > True, but debian-installer simply does not support any signed/encrypted > > preseeding. > If you insist on using http, you can also just host your preseed files on > http://grep.be. I don't see why DSA should wait to implement improvements > to Debian services while there are perfect alternatives available to suit > your use case. Because it's not an improvement to the service; it's a change that makes the *service* to Debian developers worse, for political reasons. Telling DDs "you can just host the files on your own server" is missing the point of why people.debian.org exists in the first place. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature