Package: installation-guide Severity: important Tags: security The online installation guide for Debian Stable at https://www.debian.org/releases/stable/i386/ch04s03.html.en recommends the use of the win32diskimager utility for writing images to USB in section "4.3.1. Preparing a USB stick using a hybrid CD or DVD image". This software currently has issues, might compromise the security of Debian users and probably should not be recommended by Debian:
1) User comments on the main page https://sourceforge.net/projects/win32diskimager/ report that the current version 1.0.0 contains malware, or tries to install crapware as part of the installation process. (If possible this should be investigated and if indeed the project is compromised, Debian users should be notified.) 2) Some user comments also state the tool does not work on Windows 10 while others claim it does. I installed this on a Windows 10 system and the software turned out not to function properly, indicating that 1) might also be the case, and of course majorly impacting Debian installation experience. Details below. Navigate to Files->Archive and click on win32diskimager-1.0.0-install.exe. On the following page download starts automatically. Install the tool, run it and provide administrator credentials. Try to select the file to write: the opened file browser does not display almost any directories, and when an .img file is copied to the directories available, it does not show up in the file browser. I suggest to replace the recommended tool for the time being and to investigate the trustworthiness of the utility. [https://a.fsdn.com/allura/p/win32diskimager/icon?1495137073]<https://sourceforge.net/projects/win32diskimager/> Win32 Disk Imager download | SourceForge.net<https://sourceforge.net/projects/win32diskimager/> sourceforge.net Download Win32 Disk Imager for free. A Windows tool for writing images to USB sticks or SD/CF cards . This program is designed to write a raw disk image to a removable device or backup a removable device to a raw image file. It is very useful for embedded development, namely Arm development projects (Android, Ubuntu on Arm, etc).
