Hi, and thanks for your report. Varanka Risto <risto.varanka@aalto.fi> (2017-06-01): > Package: installation-guide > Severity: important > Tags: security > > The online installation guide for Debian Stable at > https://www.debian.org/releases/stable/i386/ch04s03.html.en recommends > the use of the win32diskimager utility for writing images to USB in > section "4.3.1. Preparing a USB stick using a hybrid CD or DVD image". > This software currently has issues, might compromise the security of > Debian users and probably should not be recommended by Debian: > > 1) User comments on the main page > https://sourceforge.net/projects/win32diskimager/ report that the > current version 1.0.0 contains malware, or tries to install crapware > as part of the installation process. (If possible this should be > investigated and if indeed the project is compromised, Debian users > should be notified.) ISTR sf.net tends to do that for Windows binaries, and this might not be specific to win32diskimager. > 2) Some user comments also state the tool does not work on Windows 10 > while others claim it does. I installed this on a Windows 10 system > and the software turned out not to function properly, indicating that > 1) might also be the case, and of course majorly impacting Debian > installation experience. Details below. > > Navigate to Files->Archive and click on > win32diskimager-1.0.0-install.exe. On the following page download > starts automatically. Install the tool, run it and provide > administrator credentials. Try to select the file to write: the opened > file browser does not display almost any directories, and when an .img > file is copied to the directories available, it does not show up in > the file browser. > > I suggest to replace the recommended tool for the time being and to > investigate the trustworthiness of the utility. Any recommendations for alternative software? KiBi.
Attachment:
signature.asc
Description: Digital signature