Re: [D-I] Preparing for update in stable
Andreas Barth wrote:
> * Frans Pop (elendil@planet.nl) [060429 12:36]:
> > > Or, a totally different idea: Why do we (technically) need to
> > > rebuild the installer at all? Could we try to avoid that need in
> > > future?
>
> > The main reason (AIUI) we want to have a new installer with new kernel
> > udebs is that the kernel udebs are directly derived from the kernel
> > images, so if the kernel images disappear from stable, the kernel udebs
> > derived from it should also disappear and be replaced with new kernel
> > udebs derived from the current kernel images. Otherwise Debian would no
> > longer be shipping the full source for the installer.
>
> well, if we would keep the old kernel images somewhere, we would still
> ship the full source. That might be a way to go?
>
> > The second reason is security. Although the risk of an attack during
> > installation is relatively small, it can't be completely excluded.
>
> Hm, AFAICS we have at maximum local root exploits - but who runs the
> installer is root anyways. So this shouldn't be an issue in this case?
FWIW, I agree that source distribution has an (seemingly?) obvious
solution, and I don't buy the security argument since it is less
important than it was for boot-floppies, where the installer could
be installed on the system.
The most important reason for a installer kernel update is IMHO to keep
the installer useful for modern hardware.
Thiemo
Reply to: