On Fri, Jun 02, 2017 at 06:45:33AM +0200, Cyril Brulebois wrote: >Hi, > >and thanks for your report. > >Varanka Risto <risto.vara...@aalto.fi> (2017-06-01): >> Package: installation-guide >> Severity: important >> Tags: security >> >> The online installation guide for Debian Stable at >> https://www.debian.org/releases/stable/i386/ch04s03.html.en recommends >> the use of the win32diskimager utility for writing images to USB in >> section "4.3.1. Preparing a USB stick using a hybrid CD or DVD image". >> This software currently has issues, might compromise the security of >> Debian users and probably should not be recommended by Debian: >> >> 1) User comments on the main page >> https://sourceforge.net/projects/win32diskimager/ report that the >> current version 1.0.0 contains malware, or tries to install crapware >> as part of the installation process. (If possible this should be >> investigated and if indeed the project is compromised, Debian users >> should be notified.) > >ISTR sf.net tends to do that for Windows binaries, and this might not be >specific to win32diskimager. > >> 2) Some user comments also state the tool does not work on Windows 10 >> while others claim it does. I installed this on a Windows 10 system >> and the software turned out not to function properly, indicating that >> 1) might also be the case, and of course majorly impacting Debian >> installation experience. Details below. >> >> Navigate to Files->Archive and click on >> win32diskimager-1.0.0-install.exe. On the following page download >> starts automatically. Install the tool, run it and provide >> administrator credentials. Try to select the file to write: the opened >> file browser does not display almost any directories, and when an .img >> file is copied to the directories available, it does not show up in >> the file browser. >> >> I suggest to replace the recommended tool for the time being and to >> investigate the trustworthiness of the utility. > >Any recommendations for alternative software?
My own recommendation now would be Rufus, in dd mode. -- Steve McIntyre, Cambridge, UK. st...@einval.com "We're the technical experts. We were hired so that management could ignore our recommendations and tell us how to do our jobs." -- Mike Andrews
