Re: feedback wanted alternative Debian installation system

[Mark Eichin <eichin@thok.org>]

> It's not really reasonable for Debian to do this over the Internet,
> though, is it? (scalability issues with too many people doing it and few
> mirrors, and security issues where it's hard to validate an NFS site is
> what you expect in advance and "easy" to hijack them once they exist)

mmm, if PGI is solid enough in other ways, crypto-in-main implies that
it's worth looking at tossing a simple signature-verifier into it;
then you just need an initial signed path to PGI (floppies or bizcard
cd's at shows, hashes of gpg sigs or ssl certs published in usenix
papers, that sort of thing :-)  Once there's a hook to get initial
trust, doing "crypto all the way down" is a lot more interesting.

scaling/mirroring is a harder problem.  On the other hand, once the
crypto part works (which you want even for "college campus" installs,
since they'll have a higher density of threats anyway -- after all,
that's *why* kerberos was invented...) then a system that uses DNS in
an "interesting way" (think about tpc.int, and the new ipv6 in-addr
approaches, toss in a response-time measuring tool) and you've got a
start on a volunteer *hugely* distributed install net, which just
might work.  (once you've got a trust path done right, it doesn't
matter who you get the bits from, after all...)

yes, yes, none of this is "easy".  but enough pieces are coming
together to start thinking about it again :-)

			_Mark_ <eichin@thok.org>
			The Herd of Kittens
			Debian Package Maintainer