Re: BeagleBone Black apt oddness

[Paul Wise <pabs@debian.org>]

On Mon, Nov 11, 2013 at 8:12 AM, Robert Nelson wrote:

> I agree, there are a lot of "security" issues with the Demonstration
> image, it's purpose is primary for initial board development and
> testing and should never be used in the field as is..

This thread shows that people are using the images so I think you
should withdraw the images, fix the issues and or issue a statement
about this on the download site.

> The initial image is created by "debootstrap --foreign".. then (qemu
> static on x86 or a chroot on arm) is used to add other packages, to
> finish the install and
> generate the initrd..

You can add extra packages with --include=

If you do that and can arrange for the debootstrap second stage to be
run on the device after first bootup instead of in qemu, that would
mitigate any security issues that might be present due
maintainer-scripts stuff.

> With v3.12.x final, only dtb changes are required for bbb..
> https://github.com/RobertCNelson/linux-dev/tree/am33x-v3.12/patches/omap-next-dt
> (all heading to v3.13-rc0)
> (minus the cape stuff as that still needs the overlay infrastructure
> panto just posted as a review for on lkml this last week..)

Sounds like good progress!

> vs the quick 5 minute flashing script from the demonstration images..

That is the advantage of per-machine images but with so many devices
out there it quickly gets non-scalable from a Debian perspective. With
armmp we can possibly change that and make a few classes of useful
images though.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise