Bug#863868: USB Memory Stick: Issues with win32diskimager

[Steve McIntyre]

On Tue, Jun 06, 2017 at 12:38:40PM +0200, Jonathan Carter (highvoltage) wrote:
>On 06/06/2017 12:07, Steve McIntyre wrote:
 My own recommendation now would be Rufus, in dd mode.
>>>
>>> My recommendation would be for nothing to be recommended. Changing it
>>> on a year by year is hardly inspiring. Debian should not be
>>> *recommending* software it has no control over; especially in the
>>> Manual. The CD FAQ seems geared up for promoting guidance for other
>>> OSs.  Why not use that?
>> 
>> ACK, that's a fair point too.
>
>Rufus is free software, and can compile under MinGW, but it seems like
>there is a problem currently causing it from compiling on Linux systems.
>But that's a bug that might be fixed in the future and then rufus could
>be just another source package in Debian, right?

AIUI it's totally Win32 only, so I don't really see much point in us
carrying the source. It *is* Free Software and the author is clueful
and friendly, which is why I'm happy to recommend it.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"I can't ever sleep on planes ... call it irrational if you like, but I'm
 afraid I'll miss my stop" -- Vivek Das Mohapatra

Bug#863868: USB Memory Stick: Issues with win32diskimager

[Jonathan Carter (highvoltage)]

On 06/06/2017 12:07, Steve McIntyre wrote:
>>> My own recommendation now would be Rufus, in dd mode.
>>
>> My recommendation would be for nothing to be recommended. Changing it
>> on a year by year is hardly inspiring. Debian should not be
>> *recommending* software it has no control over; especially in the
>> Manual. The CD FAQ seems geared up for promoting guidance for other
>> OSs.  Why not use that?
> 
> ACK, that's a fair point too.

Rufus is free software, and can compile under MinGW, but it seems like
there is a problem currently causing it from compiling on Linux systems.
But that's a bug that might be fixed in the future and then rufus could
be just another source package in Debian, right?

-Jonathan

Bug#863868: USB Memory Stick: Issues with win32diskimager

[Steve McIntyre]

On Mon, Jun 05, 2017 at 09:53:13PM +0100, Brian Potkin wrote:
>On Fri 02 Jun 2017 at 17:08:37 +0100, Steve McIntyre wrote:
>> >
>> >Any recommendations for alternative software?
>> 
>> My own recommendation now would be Rufus, in dd mode.
>
>My recommendation would be for nothing to be recommended. Changing it
>on a year by year is hardly inspiring. Debian should not be
>*recommending* software it has no control over; especially in the
>Manual. The CD FAQ seems geared up for promoting guidance for other
>OSs.  Why not use that?

ACK, that's a fair point too.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"Managing a volunteer open source project is a lot like herding
 kittens, except the kittens randomly appear and disappear because they
 have day jobs." -- Matt Mackall

Bug#863868: USB Memory Stick: Issues with win32diskimager

[Brian Potkin]

On Fri 02 Jun 2017 at 17:08:37 +0100, Steve McIntyre wrote:

> On Fri, Jun 02, 2017 at 06:45:33AM +0200, Cyril Brulebois wrote:
> >Hi,
> >
> >and thanks for your report.
> >
> >Varanka Risto  (2017-06-01):
> >> Package: installation-guide
> >> Severity: important
> >> Tags: security
> >> 
> >> The online installation guide for Debian Stable at
> >> https://www.debian.org/releases/stable/i386/ch04s03.html.en recommends
> >> the use of the win32diskimager utility for writing images to USB in
> >> section "4.3.1. Preparing a USB stick using a hybrid CD or DVD image".
> >> This software currently has issues, might compromise the security of
> >> Debian users and probably should not be recommended by Debian:
> >> 
> >> 1) User comments on the main page
> >> https://sourceforge.net/projects/win32diskimager/ report that the
> >> current version 1.0.0 contains malware, or tries to install crapware
> >> as part of the installation process. (If possible this should be
> >> investigated and if indeed the project is compromised, Debian users
> >> should be notified.)
> >
> >ISTR sf.net tends to do that for Windows binaries, and this might not be
> >specific to win32diskimager.
> >
> >> 2) Some user comments also state the tool does not work on Windows 10
> >> while others claim it does. I installed this on a Windows 10 system
> >> and the software turned out not to function properly, indicating that
> >> 1) might also be the case, and of course majorly impacting Debian
> >> installation experience. Details below.
> >> 
> >> Navigate to Files->Archive and click on
> >> win32diskimager-1.0.0-install.exe. On the following page download
> >> starts automatically. Install the tool, run it and provide
> >> administrator credentials. Try to select the file to write: the opened
> >> file browser does not display almost any directories, and when an .img
> >> file is copied to the directories available, it does not show up in
> >> the file browser.
> >> 
> >> I suggest to replace the recommended tool for the time being and to
> >> investigate the trustworthiness of the utility.
> >
> >Any recommendations for alternative software?
> 
> My own recommendation now would be Rufus, in dd mode.

My recommendation would be for nothing to be recommended. Changing it on

a year by year is hardly inspiring. Debian should not be *recommending* 

software it has no control over; especially in the Manual. The CD FAQ   

seems geared up for promoting guidance for other OSs.  Why not use that?



(Some of the issues raised in the OP are probably a load of nonsense so,

on the basis the devil you know is better than the one you don't, stick 

with win32diskmanager if it highly desirable to promote utilities of

this nature within official documentation).

Bug#863868: USB Memory Stick: Issues with win32diskimager

[Steve McIntyre]

On Fri, Jun 02, 2017 at 06:45:33AM +0200, Cyril Brulebois wrote:
>Hi,
>
>and thanks for your report.
>
>Varanka Risto  (2017-06-01):
>> Package: installation-guide
>> Severity: important
>> Tags: security
>> 
>> The online installation guide for Debian Stable at
>> https://www.debian.org/releases/stable/i386/ch04s03.html.en recommends
>> the use of the win32diskimager utility for writing images to USB in
>> section "4.3.1. Preparing a USB stick using a hybrid CD or DVD image".
>> This software currently has issues, might compromise the security of
>> Debian users and probably should not be recommended by Debian:
>> 
>> 1) User comments on the main page
>> https://sourceforge.net/projects/win32diskimager/ report that the
>> current version 1.0.0 contains malware, or tries to install crapware
>> as part of the installation process. (If possible this should be
>> investigated and if indeed the project is compromised, Debian users
>> should be notified.)
>
>ISTR sf.net tends to do that for Windows binaries, and this might not be
>specific to win32diskimager.
>
>> 2) Some user comments also state the tool does not work on Windows 10
>> while others claim it does. I installed this on a Windows 10 system
>> and the software turned out not to function properly, indicating that
>> 1) might also be the case, and of course majorly impacting Debian
>> installation experience. Details below.
>> 
>> Navigate to Files->Archive and click on
>> win32diskimager-1.0.0-install.exe. On the following page download
>> starts automatically. Install the tool, run it and provide
>> administrator credentials. Try to select the file to write: the opened
>> file browser does not display almost any directories, and when an .img
>> file is copied to the directories available, it does not show up in
>> the file browser.
>> 
>> I suggest to replace the recommended tool for the time being and to
>> investigate the trustworthiness of the utility.
>
>Any recommendations for alternative software?

My own recommendation now would be Rufus, in dd mode.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"We're the technical experts.  We were hired so that management could
 ignore our recommendations and tell us how to do our jobs."  -- Mike Andrews

Bug#863868: USB Memory Stick: Issues with win32diskimager

[Cyril Brulebois]

Hi,

and thanks for your report.

Varanka Risto  (2017-06-01):
> Package: installation-guide
> Severity: important
> Tags: security
> 
> The online installation guide for Debian Stable at
> https://www.debian.org/releases/stable/i386/ch04s03.html.en recommends
> the use of the win32diskimager utility for writing images to USB in
> section "4.3.1. Preparing a USB stick using a hybrid CD or DVD image".
> This software currently has issues, might compromise the security of
> Debian users and probably should not be recommended by Debian:
> 
> 1) User comments on the main page
> https://sourceforge.net/projects/win32diskimager/ report that the
> current version 1.0.0 contains malware, or tries to install crapware
> as part of the installation process. (If possible this should be
> investigated and if indeed the project is compromised, Debian users
> should be notified.)

ISTR sf.net tends to do that for Windows binaries, and this might not be
specific to win32diskimager.

> 2) Some user comments also state the tool does not work on Windows 10
> while others claim it does. I installed this on a Windows 10 system
> and the software turned out not to function properly, indicating that
> 1) might also be the case, and of course majorly impacting Debian
> installation experience. Details below.
> 
> Navigate to Files->Archive and click on
> win32diskimager-1.0.0-install.exe. On the following page download
> starts automatically. Install the tool, run it and provide
> administrator credentials. Try to select the file to write: the opened
> file browser does not display almost any directories, and when an .img
> file is copied to the directories available, it does not show up in
> the file browser.
> 
> I suggest to replace the recommended tool for the time being and to
> investigate the trustworthiness of the utility.

Any recommendations for alternative software?


KiBi.


signature.asc
Description: Digital signature

Bug#863868: USB Memory Stick: Issues with win32diskimager

[Varanka Risto]

Package: installation-guide
Severity: important
Tags: security

The online installation guide for Debian Stable at 
https://www.debian.org/releases/stable/i386/ch04s03.html.en recommends the use 
of the win32diskimager utility for writing images to USB in section "4.3.1. 
Preparing a USB stick using a hybrid CD or DVD image". This software currently 
has issues, might compromise the security of Debian users and probably should 
not be recommended by Debian:

1) User comments on the main page 
https://sourceforge.net/projects/win32diskimager/ report that the current 
version 1.0.0 contains malware, or tries to install crapware as part of the 
installation process. (If possible this should be investigated and if indeed 
the project is compromised, Debian users should be notified.)

2) Some user comments also state the tool does not work on Windows 10 while 
others claim it does. I installed this on a Windows 10 system and the software 
turned out not to function properly, indicating that 1) might also be the case, 
and of course majorly impacting Debian installation experience. Details below.

Navigate to Files->Archive and click on win32diskimager-1.0.0-install.exe. On 
the following page download starts automatically. Install the tool, run it and 
provide administrator credentials. Try to select the file to write: the opened 
file browser does not display almost any directories, and when an .img file is 
copied to the directories available, it does not show up in the file browser.

I suggest to replace the recommended tool for the time being and to investigate 
the trustworthiness of the utility.


[https://a.fsdn.com/allura/p/win32diskimager/icon?1495137073]

Win32 Disk Imager download | 
SourceForge.net
sourceforge.net
Download Win32 Disk Imager for free. A Windows tool for writing images to USB 
sticks or SD/CF cards . This program is designed to write a raw disk image to a 
removable device or backup a removable device to a raw image file. It is very 
useful for embedded development, namely Arm development projects (Android, 
Ubuntu on Arm, etc).