[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: crypto support in potato

On Mon, Feb 07, 2000 at 10:52:19PM +0100, Marco d'Itri wrote:
> I think the installation process should offer users the option to
> automatically network-install with apt the packages in non-US.

Isn't this bass-ackwards?  Youre using the network to get packages to make
your system secure?  Isn't the best way to disconnect your "virgin" box
from the net, install crypto packages, and then only put it on the net
once you've checked out everything to make sure it meets your standards?
Crack attempts can start from the instant a box is put on the network.

Sure, allowing network-install with apt might be seen as a step in that
direction, and if you're going to network-install anyway, it's better
than nothing.  So I'm not throwing cold water on the idea.  I think it
would be a *better* idea to have an optional "secure" base install disk
set.  If the US ever loses its arcane crypto laws, this "optional" set
could become the default.

    nSLUG       http://www.nslug.ns.ca      synrg@sanctuary.nslug.ns.ca
    Debian      http://www.debian.org       synrg@debian.org
[ pgp key fingerprint = 7F DA 09 4B BA 2C 0D E0  1B B1 31 ED C6 A9 39 4F ]
[ gpg key fingerprint = 395C F3A4 35D3 D247 1387  2D9E 5A94 F3CA 0B27 13C8 ]

Reply to: