[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#863868: USB Memory Stick: Issues with win32diskimager

On Fri 02 Jun 2017 at 17:08:37 +0100, Steve McIntyre wrote:

> On Fri, Jun 02, 2017 at 06:45:33AM +0200, Cyril Brulebois wrote:
> >Hi,
> >
> >and thanks for your report.
> >
> >Varanka Risto <risto.varanka@aalto.fi> (2017-06-01):
> >> Package: installation-guide
> >> Severity: important
> >> Tags: security
> >> 
> >> The online installation guide for Debian Stable at
> >> https://www.debian.org/releases/stable/i386/ch04s03.html.en recommends
> >> the use of the win32diskimager utility for writing images to USB in
> >> section "4.3.1. Preparing a USB stick using a hybrid CD or DVD image".
> >> This software currently has issues, might compromise the security of
> >> Debian users and probably should not be recommended by Debian:
> >> 
> >> 1) User comments on the main page
> >> https://sourceforge.net/projects/win32diskimager/ report that the
> >> current version 1.0.0 contains malware, or tries to install crapware
> >> as part of the installation process. (If possible this should be
> >> investigated and if indeed the project is compromised, Debian users
> >> should be notified.)
> >
> >ISTR sf.net tends to do that for Windows binaries, and this might not be
> >specific to win32diskimager.
> >
> >> 2) Some user comments also state the tool does not work on Windows 10
> >> while others claim it does. I installed this on a Windows 10 system
> >> and the software turned out not to function properly, indicating that
> >> 1) might also be the case, and of course majorly impacting Debian
> >> installation experience. Details below.
> >> 
> >> Navigate to Files->Archive and click on
> >> win32diskimager-1.0.0-install.exe. On the following page download
> >> starts automatically. Install the tool, run it and provide
> >> administrator credentials. Try to select the file to write: the opened
> >> file browser does not display almost any directories, and when an .img
> >> file is copied to the directories available, it does not show up in
> >> the file browser.
> >> 
> >> I suggest to replace the recommended tool for the time being and to
> >> investigate the trustworthiness of the utility.
> >
> >Any recommendations for alternative software?
> 
> My own recommendation now would be Rufus, in dd mode.

My recommendation would be for nothing to be recommended. Changing it on                                                
a year by year is hardly inspiring. Debian should not be *recommending*                                                 
software it has no control over; especially in the Manual. The CD FAQ                                                   
seems geared up for promoting guidance for other OSs.  Why not use that?                                                
                                                                                                                        
(Some of the issues raised in the OP are probably a load of nonsense so,                                                
on the basis the devil you know is better than the one you don't, stick                                                 
with win32diskmanager if it highly desirable to promote utilities of                                                    
this nature within official documentation).
Reply to: