On 2014-07-20 08:15, Wouter Verhelst wrote:
True, but debian-installer simply does not support any signed/encrypted preseeding.
[…]
Granted, these are probably bugs, and IIRC Colin was working on providing HTTPS support for jessie. Still, I while I support enabling HTTPS for people.d.o, I think disabling HTTP is overdoing it.
FWIW, Ubuntu trusty and precise both support HTTPS now (support was backported from trusty). wget would need to build a udeb in Debian and be able to take over /usr/bin/wget from busybox in d-i. I think the other changes are all in d-i parts. Basically you append trusted certs to the initramfs by specifying two initrds in the bootloader that are concatenated.
Somebody™ would need to do the work, though. Kind regards Philipp Kern