On 2016-11-20 12:10, Julien Cristau wrote:
I think until there's a ca-certificates-udeb, adding wget for https in all images isn't reasonable, vs google rebuilding d-i with added wgetand the PEM bits you need. I guess ca-certificates-udeb would need someway to preseed a list of trusted CAs.
I have no problem working on that. Given that today ca-certificates only contains Mozilla's set I don't think it's necessarily required to provide that preseeding option (i.e. it could be added by someone who cared enough later).
The problem with rebuilding d-i is that you can't really do it from the source package in unstable, you need to do it from the VCS.
It boils down to the question if it's useful beyond just us. :) Kind regards Philipp Kern