On Sun, Nov 10, 2013 at 10:15 AM, Robert Nelson wrote:Your image contains SSH private keys, which means that everyone can do
> It's one of my monthly release's.. Hides.
MITM attacks against connections to machines running your image. It
also contains the dbus machine identifier and other machine-specific
things that should not be duplicated between instances.
In Debian we generally suggest people use d-i or debootstrap, for this
reason. Debian install methods don't yet support generating generic
images that can be installed on any host. Until this is solved I would
strongly suggest you point people at a script that runs debootstrap
At the very least you should generate multiple images, compare them,
remove the differing files and create a script that runs on first boot
to generate these files. Alternately, use debootstrap --foreign and
rely on how it runs all the postinst scripts on first boot.
Is this code upstreamed yet? It would be great to be able to switch to
> It's the latest release snapshot from the beagleboard.org kernel release..
To UNSUBSCRIBE, email to debian-arm-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact email@example.com
Archive: CAKTje6FUmqU0zSBTT9oLvBYkBNo8KPPE5xdnjby3yvxiPQGphQ@mail.gmail.com" target="_blank">http://lists.debian.org/CAKTje6FUmqU0zSBTT9oLvBYkBNo8KPPE5xdnjby3yvxiPQGphQ@mail.gmail.com