Re: [D-I] Preparing for update in stable
* Frans Pop (firstname.lastname@example.org) [060429 12:36]:
> > Or, a totally different idea: Why do we (technically) need to
> > rebuild the installer at all? Could we try to avoid that need in
> > future?
> The main reason (AIUI) we want to have a new installer with new kernel
> udebs is that the kernel udebs are directly derived from the kernel
> images, so if the kernel images disappear from stable, the kernel udebs
> derived from it should also disappear and be replaced with new kernel
> udebs derived from the current kernel images. Otherwise Debian would no
> longer be shipping the full source for the installer.
well, if we would keep the old kernel images somewhere, we would still
ship the full source. That might be a way to go?
> The second reason is security. Although the risk of an attack during
> installation is relatively small, it can't be completely excluded.
Hm, AFAICS we have at maximum local root exploits - but who runs the
installer is root anyways. So this shouldn't be an issue in this case?