On 10/13/2017 10:43 PM, Cyril Brulebois wrote: > Michael Stapelberg <stapelberg@debian.org> (2017-10-13): >> Index: en/install-methods/boot-usb-files.xml >> =================================================================== >> --- en/install-methods/boot-usb-files.xml (revision 70855) >> +++ en/install-methods/boot-usb-files.xml (working copy) >> @@ -41,8 +41,12 @@ >> Alternatively, >> for very small USB sticks, only a few megabytes in size, you can download >> the <filename>mini.iso</filename> image from the <filename>netboot</filename> >> -directory (at the location mentioned in <xref linkend="where-files"/>). >> +directory: >> >> +<informalexample><screen> >> +<prompt>#</prompt> <userinput>wget http://deb.debian.org/debian/dists/stretch/main/installer-amd64/current/images/netboot/mini.iso</userinput> >> +</screen></informalexample> >> + > > Please don't encourage people to download installation images over HTTP, > especially not when HTTPS is available… Note: https://www.debian.org/releases/stretch/amd64/ch04s02.html.en is the canonical link the "where-files" xref links to. That points to a HTTP-only http.us.debian.org, which is internally composed from "&url-debian-installer;". From urls.ent that's because &disturl; embeds &url-archive; which embeds &archive-mirror;, which is http.us.debian.org. There are also various HTTP-only links in there. Should we go and just replace that with deb.debian.org, which presumably has all architectures, and convert (most of) the links to HTTPS? We could then still apply Michael's patch, as long as we use &url-debian-installer; properly for the URL. (The link wouldn't work as-is anyway because it should use &releasename; instead of hard-coding "stretch".) Kind regards and thanks Philipp Kern
Attachment:
signature.asc
Description: OpenPGP digital signature