Hi, Brian Potkin <claremont...@gmail.com> wrote: > I read the mail in -boot and responded to the list and not to the bug. > Rectifying. Apologies. > > > > On Wed 25 Jul 2018 at 22:55:04 +0000, Holger Wansing wrote: > > > Hi, > > > > Am Mittwoch, 25. Juli 2018 schrieb Brian Potkin: > > > On Wed 25 Jul 2018 at 21:06:23 +0200, Holger Wansing wrote: > > > > > > > Hi, > > > > > > > > Varanka Risto <risto.vara...@aalto.fi> wrote: > > > > > Package: installation-guide > > > > > Severity: important > > > > > Tags: security > > > > > > > > > > The online installation guide for Debian Stable at > > > > > https://www.debian.org/releases/stable/i386/ch04s03.html.en > > > > > recommends the use > > > > > of the win32diskimager utility for writing images to USB in section > > > > > "4.3.1. Preparing a USB stick using a hybrid CD or DVD image". This > > > > > software > > > > > currently has issues, might compromise the security of Debian users > > > > > and probably > > > > > should not be recommended by Debian: > > > > > > > > > > 1) User comments on the main page > > > > > https://sourceforge.net/projects/win32diskimager/ report that the > > > > > current > > > > > version 1.0.0 contains malware, or tries to install crapware as part > > > > > of the > > > > > installation process. (If possible this should be investigated and if > > > > > indeed > > > > > the project is compromised, Debian users should be notified.) > > > > > > > > > > 2) Some user comments also state the tool does not work on Windows 10 > > > > > while > > > > > others claim it does. I installed this on a Windows 10 system and the > > > > > software > > > > > turned out not to function properly, indicating that 1) might also be > > > > > the case, > > > > > and of course majorly impacting Debian installation experience. > > > > > Details below. > > > > > > > > > > Navigate to Files->Archive and click on > > > > > win32diskimager-1.0.0-install.exe. > > > > > On the following page download starts automatically. Install the > > > > > tool, run it > > > > > and provide administrator credentials. Try to select the file to > > > > > write: the > > > > > opened file browser does not display almost any directories, and when > > > > > an .img > > > > > file is copied to the directories available, it does not show up in > > > > > the file > > > > > browser. > > > > > > > > > > I suggest to replace the recommended tool for the time being and to > > > > > investigate the trustworthiness of the utility. > > > > > > > > > > > > I would like to change it this way, if noone objects: > > > > > > > > > > > > diff --git a/en/install-methods/boot-usb-files.xml > > > > b/en/install-methods/boot-usb-files.xml > > > > index 7f59939d9..13b6e175a 100644 > > > > --- a/en/install-methods/boot-usb-files.xml > > > > +++ b/en/install-methods/boot-usb-files.xml > > > > @@ -55,10 +55,9 @@ as follows, after having made sure that the stick is > > > > unmounted: > > > > <prompt>#</prompt> <userinput>sync</userinput> > > > > </screen></informalexample> > > > > > > > > -The > > > > -<ulink url="http://sf.net/projects/win32diskimager/";> > > > > -win32diskimager</ulink> > > > > -utility can be used under other operating systems to copy the image. > > > > +There are also utilities for other operating systems to copy the > > > > image, like > > > > +<ulink url="https://rufus.akeo.ie/";>Rufus</ulink> or > > > > +<ulink > > > > url="http://sf.net/projects/win32diskimager/";>win32diskimager</ulink>. > > > > > > > > </para><important><para> > > > > > > So, now we recommend two tools Debian does not control in the > > > Installation Guide. When another post like Varanka Risto's > > > (quoted above) comes along, do we look for a third one? Then a > > > fourth? > > > > > > Mentioning such software in a core document implies we support > > > it. (Your response is actually a gesture of support for a non- > > > working Debian recommendation). > > > > > > > +There are also utilities for other operating systems to copy the image. > > > > > > is factual and covers the situation. Why not go with that? It > > > is neutral and does not commit us to anything, unlike adding > > > a second suggestion. > > > > > > Specifics can be dealt with at https://www.debian.org/CD/faq/ > > > or in the wiki. The Installation Guide is not the place for > > > promoting non-Debian utilities. > > > > Sorry, I don't get your point: > > Perhaps my previous mail of Mon, 5 Jun 2017 to the report helps. > > > the CD faq your mention above contains exactly the same > > recommendations like we have NOW in the installation-guide: > > Indeed it does. Why not link to it? It is a fuller account and gives > a single place to manage. > > > it has recommendations for Linux machines, and for Windows > > it recommends win32diskimager. > > The proposed wording for the Guide is not quite correct: > > > There are also utilities for other operating systems.... > > The recommendations are for Windows - not "other operating systems". > > > So, if you say that the CD faq is ok, we can leave everything as it is > > and we are done. > > But - wait: you also say, that recommending third-party tools > > is not good, so you should also prompt to change the CD faq! > > If you point first-time Debian users to the CD faq, it is also > > an official document/manual, and so it should honor > > the same rules as the installation-guide, IMO. > > However, you promote the CD faq as a good example... > > All my comments were all in the context of what the Guide should > > contain. The CD FAQ has a long tradition of supporting non-Debian > software and I have no problem with that; why not link to it? > I suspect it is not the responsibility of the same people who write > the Guide. If there is an issue with the FAQ contents it needs to > be taken up with the relevant team; my focus is the Guide. > > > So I don't get your point ... > > > > Long story short: recommending a second (good) tool, is IMO > > an improvement (at least in the light of user reports, which claim > > about win32diskimager not being usable under Windows 10). > > And claims that it is usable exist. Do we really want to get involved > with this issue? Best thing to do is ignore it, just like the claims > that it contains malware.
So I changed my patch into the following; committing shortly, if noone objects: diff --git a/en/install-methods/boot-usb-files.xml b/en/install-methods/boot-usb-files.xml index 7f59939d9..66bddf200 100644 --- a/en/install-methods/boot-usb-files.xml +++ b/en/install-methods/boot-usb-files.xml @@ -55,10 +55,8 @@ as follows, after having made sure that the stick is unmounted: <prompt>#</prompt> <userinput>sync</userinput> </screen></informalexample> -The -<ulink url="http://sf.net/projects/win32diskimager/";> -win32diskimager</ulink> -utility can be used under other operating systems to copy the image. +Information about how to do this on other operating systems can be found in +the <ulink url="&url-debian-cd-faq-write-usb;">Debian CD FAQ</ulink>. </para><important><para> diff --git a/build/entities/urls.ent b/build/entities/urls.ent index a3efa22bf..ce1d3971f 100644 --- a/build/entities/urls.ent +++ b/build/entities/urls.ent @@ -77,6 +77,9 @@ <!-- Debian CD FAQ --> <!ENTITY url-debian-cd-faq "http://&www-debian-org;/CD/faq/";> +<!-- Debian CD FAQ - write bootable USB sticks --> +<!ENTITY url-debian-cd-faq-write-usb "https://www.debian.org/CD/faq/index.en.html#write-usb";> + <!-- vendors that sell Debian CDs --> <!ENTITY url-debian-cd-vendors "http://&www-debian-org;/CD/vendors/";> -- ============================================================ Created with Sylpheed 3.5.1 under D E B I A N L I N U X 9 " S T R E T C H " . Registered Linux User #311290 - https://linuxcounter.net/ ============================================================
