Web lists-archives.com

Re: debian-9.5.0-amd64-xfce-CD-1.iso missing files for install without mirror




Brian wrote:
>On Sat 03 Nov 2018 at 12:29:15 -0700, David Christensen wrote:
>> On 11/3/18 8:35 AM, Brian wrote:
>> > On Fri 02 Nov 2018 at 20:01:59 -0700, David Christensen wrote:
>> > 
>> > > On 11/2/18 5:17 PM, Steve McIntyre wrote:
>> > 
>> > > My intent was to install just what was on the CD onto a machine in my LAN.
>> > > I was unaware that d-i connected to the Internet when I told it not to use a
>> > > mirror.  As security.debian.org is not a mirror in the usual sense, perhaps
>> > > this kinda sorta makes sense to the Debian developers.  For me, it violates
>> > > KISS and the Principle of Least Surprise.  I think the d-i needs to be more
>> > > clear about if/ when it intends to connect to the Internet, and obtain
>> > > explicit user approval. Which package do I file a bug report against?
>> > 
>> > You gave it explicit approval when you configured the network.
>> 
>> I gave the d-i explicit approval to connect to my LAN.  This is not the same
>> as approval to connect to the Internet.
>
>At what point in the installation did you do this? A network is a network.

And it's clearly not obvious to all users that security.d.o will be
automatically added just because the new installation can see a
network. It makes sense from a security POV, but...

>> So, I file a bug report against d-i?
>
>For what? Connecting to other machines?
>
>> > > I view the fact that the d-i couldn't obtain a security update package to be
>> > > a defect in the Debian security package distribution chain.  If 'apt-get
>> > > update' finds that a security update package is available and the d-i wants
>> > > to install that package, then 'apt-get update' must be able to download that
>> > > package.  Which package do I file a bug report against?
>> > 
>> > There is no defect in the security package distribution chain. mutt is
>> > not part of the Xfce or standard utilities tasks. The installer had no
>> > business attempting to install it.
>> 
>> So, I file a bug report against d-i?
>
>Not in my opinion.

Not against d-i, no. As I just wrote elsewhere, it looks like a bug in
the security.d.o infrastructure. I'm chasing that now.

-- 
Steve McIntyre, Cambridge, UK.                                steve@xxxxxxxxxx
"Further comment on how I feel about IBM will appear once I've worked out
 whether they're being malicious or incompetent. Capital letters are forecast."
 Matthew Garrett, http://www.livejournal.com/users/mjg59/30675.html