Package: debian-installer Severity: important Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
--- Please enter the report below this line. --- Images for system installation need to be checkable against tampering, otherwise breaking any security chain. That's why Debian CD-Images come with sha*sums which are signed by Debian CD signing keys (https://www.debian.org/CD/verify). This is not the case for all "other images" (hd-media, netboot). They're official ways of installing Debian, being mentioned in the install manual: https://www.debian.org/releases/stable/amd64/ch04s02.de.html#where-files Is there a way to make sure one gets something officially released by Debian when using these install media? Bye Michael
signature.asc
Description: OpenPGP digital signature
