On Mon, Nov 11, 2013 at 8:12 AM, Robert Nelson wrote: > I agree, there are a lot of "security" issues with the Demonstration > image, it's purpose is primary for initial board development and > testing and should never be used in the field as is..
This thread shows that people are using the images so I think you should withdraw the images, fix the issues and or issue a statement about this on the download site. > The initial image is created by "debootstrap --foreign".. then (qemu > static on x86 or a chroot on arm) is used to add other packages, to > finish the install and > generate the initrd.. You can add extra packages with --include= If you do that and can arrange for the debootstrap second stage to be run on the device after first bootup instead of in qemu, that would mitigate any security issues that might be present due maintainer-scripts stuff. > With v3.12.x final, only dtb changes are required for bbb.. > https://github.com/RobertCNelson/linux-dev/tree/am33x-v3.12/patches/omap-next-dt > (all heading to v3.13-rc0) > (minus the cape stuff as that still needs the overlay infrastructure > panto just posted as a review for on lkml this last week..) Sounds like good progress! > vs the quick 5 minute flashing script from the demonstration images.. That is the advantage of per-machine images but with so many devices out there it quickly gets non-scalable from a Debian perspective. With armmp we can possibly change that and make a few classes of useful images though. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAKTje6GTbTMsOwDHUPe=+nevulv28_qii8nnhyhn9o7z0ha...@mail.gmail.com
