Hi, Varanka Risto <risto.vara...@aalto.fi> wrote: > Package: installation-guide > Severity: important > Tags: security > > The online installation guide for Debian Stable at > https://www.debian.org/releases/stable/i386/ch04s03.html.en recommends the > use > of the win32diskimager utility for writing images to USB in section > "4.3.1. Preparing a USB stick using a hybrid CD or DVD image". This software > currently has issues, might compromise the security of Debian users and > probably > should not be recommended by Debian: > > 1) User comments on the main page > https://sourceforge.net/projects/win32diskimager/ report that the current > version 1.0.0 contains malware, or tries to install crapware as part of the > installation process. (If possible this should be investigated and if indeed > the project is compromised, Debian users should be notified.) > > 2) Some user comments also state the tool does not work on Windows 10 while > others claim it does. I installed this on a Windows 10 system and the > software > turned out not to function properly, indicating that 1) might also be the > case, > and of course majorly impacting Debian installation experience. Details below. > > Navigate to Files->Archive and click on win32diskimager-1.0.0-install.exe. > On the following page download starts automatically. Install the tool, run it > and provide administrator credentials. Try to select the file to write: the > opened file browser does not display almost any directories, and when an .img > file is copied to the directories available, it does not show up in the file > browser. > > I suggest to replace the recommended tool for the time being and to > investigate the trustworthiness of the utility.
I would like to change it this way, if noone objects: diff --git a/en/install-methods/boot-usb-files.xml b/en/install-methods/boot-usb-files.xml index 7f59939d9..13b6e175a 100644 --- a/en/install-methods/boot-usb-files.xml +++ b/en/install-methods/boot-usb-files.xml @@ -55,10 +55,9 @@ as follows, after having made sure that the stick is unmounted: <prompt>#</prompt> <userinput>sync</userinput> </screen></informalexample> -The -<ulink url="http://sf.net/projects/win32diskimager/"> -win32diskimager</ulink> -utility can be used under other operating systems to copy the image. +There are also utilities for other operating systems to copy the image, like +<ulink url="https://rufus.akeo.ie/">Rufus</ulink> or +<ulink url="http://sf.net/projects/win32diskimager/">win32diskimager</ulink>. </para><important><para> -- ============================================================ Created with Sylpheed 3.5.1 under D E B I A N L I N U X 9 " S T R E T C H " . Registered Linux User #311290 - https://linuxcounter.net/ ============================================================