What about Debian graphical installer security? Isn't that in meanwhile the ideal target for exploitation for targeted attacks? Because it will take a while until the Debian point release with fixed apt.
And during the gui installer, the output of apt-get is not visible. And stuff during installer taking a long time is something users have been trained to expect. So I don't think it would raise much suspicion. If exploitation works, fine, if not, nothing was lost. Also Debian gui installer may be distinguishable over the network from already installed systems? Because first it's using debootstrap (perhaps with special options), then apt-get. The timing or something else could make it distinguishable over the network. Best regards, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/da04512e-2d4e-d96e-4b16-491b89990997%40riseup.net. For more options, visit https://groups.google.com/d/optout.
