On 2016-11-20 12:10, Julien Cristau wrote:
I think until there's a ca-certificates-udeb, adding wget for https in
all images isn't reasonable, vs google rebuilding d-i with added wget
and the PEM bits you need. I guess ca-certificates-udeb would need
some
way to preseed a list of trusted CAs.
I have no problem working on that. Given that today ca-certificates only
contains Mozilla's set I don't think it's necessarily required to
provide that preseeding option (i.e. it could be added by someone who
cared enough later).
The problem with rebuilding d-i is that you can't really do it from the
source package in unstable, you need to do it from the VCS.
It boils down to the question if it's useful beyond just us. :)
Kind regards
Philipp Kern