On Sat 03 Nov 2018 at 12:29:15 -0700, David Christensen wrote: > On 11/3/18 8:35 AM, Brian wrote: > > On Fri 02 Nov 2018 at 20:01:59 -0700, David Christensen wrote: > > > > > On 11/2/18 5:17 PM, Steve McIntyre wrote: > > > > > My intent was to install just what was on the CD onto a machine in my LAN. > > > I was unaware that d-i connected to the Internet when I told it not to > > > use a > > > mirror. As security.debian.org is not a mirror in the usual sense, > > > perhaps > > > this kinda sorta makes sense to the Debian developers. For me, it > > > violates > > > KISS and the Principle of Least Surprise. I think the d-i needs to be > > > more > > > clear about if/ when it intends to connect to the Internet, and obtain > > > explicit user approval. Which package do I file a bug report against? > > > > You gave it explicit approval when you configured the network. > > I gave the d-i explicit approval to connect to my LAN. This is not the same > as approval to connect to the Internet.
At what point in the installation did you do this? A network is a network. > So, I file a bug report against d-i? For what? Connecting to other machines? > > > I view the fact that the d-i couldn't obtain a security update package to > > > be > > > a defect in the Debian security package distribution chain. If 'apt-get > > > update' finds that a security update package is available and the d-i > > > wants > > > to install that package, then 'apt-get update' must be able to download > > > that > > > package. Which package do I file a bug report against? > > > > There is no defect in the security package distribution chain. mutt is > > not part of the Xfce or standard utilities tasks. The installer had no > > business attempting to install it. > > So, I file a bug report against d-i? Not in my opinion. -- Brian.