my 2cents. Debian uses secure-apt since debian etch. Therefore, as long as you start the install using a correct/trusted install cd, you should have the correct debian signing keys installed, and therefore be relatively safe from man-in-the-middle attacks while doing a network install (or a network update, for that matter).
Assuming that the install process doesn't expose any services (something which I have not verified) and that secure-apt works as designed, the remaining risks of doing a network install would be minimal (eg. if apt's http or ftp methods can be remotely exploited into doing something bad), or of a social engineering (do you really want to accept this deb package signed by an untrusted key?) or denial-of-service nature.
_______________________________________________ Slugnet mailing list [email protected] http://wiki.lugs.org.sg/LugsMailingListFaq http://www.lugs.org.sg/mailman/listinfo/slugnet
