Matt Taggart <m...@lackof.org> (2018-03-13): > In the package provided di-sources.list file, in the daily section, > there are the following comments, > > ## Daily netboot DI images (not signed?!?). Read: > # https://d-i.debian.org/daily-images/build-logs.html > # http://wiki.debian.org/DebianInstaller/Today
https://d-i.debian.org/daily-images/daily-build-overview.html is what should be advertised. The other one was broken in the first place, and is only kept for the debian-cd part which wasn't integrated in the “new” view yet. The web server serving the cdimage logs has been shut down anyway IIRC from a few weeks ago. And yeah, nobody maintains /Today… > It would be nice if the d-i daily's were signed, even if they had to > use a different key that I would then need to install on the system so > that this di-netboot-assistant check could use. Is there already a bug > open requesting daily image signing? If not then maybe this one can be > cloned and reassigned to the right place. I don't think that's a reasonable thing to do. Images are built on porterboxes, centralized on dillon, which is used for quite a number of other things. What extra security would signing images bring here? Cheers, -- Cyril Brulebois (k...@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
signature.asc
Description: PGP signature
