Re: crypto support in potato
> > I think the installation process should offer users the option to
> > automatically network-install with apt the packages in non-US.
>
> Isn't this bass-ackwards? Youre using the network to get packages to make
> your system secure? Isn't the best way to disconnect your "virgin" box
> from the net, install crypto packages, and then only put it on the net
> once you've checked out everything to make sure it meets your standards?
> Crack attempts can start from the instant a box is put on the network.
>
> Sure, allowing network-install with apt might be seen as a step in that
> direction, and if you're going to network-install anyway, it's better
> than nothing. So I'm not throwing cold water on the idea. I think it
> would be a *better* idea to have an optional "secure" base install disk
> set. If the US ever loses its arcane crypto laws, this "optional" set
> could become the default.
If you are referring to the risk of man-in-the middle with packages that's
nonsense. The fileutils package (or any other package) can make a security
hole in your system just as well.
What we need is pgp signatures for .debs.
Reply to: