Re: [SECURITY] [DSA 4371-1] apt security update

[Steve McIntyre <steve@einval.com>]

On Thu, Jan 24, 2019 at 12:39:29PM +0100, Emilio Pozuelo Monfort wrote:
>Hi Steve,
>
>On 22/01/2019 14:50, Steve McIntyre wrote:
>> On Tue, Jan 22, 2019 at 01:44:12PM +0000, Ben Hutchings wrote:
>>> However, APT is used during initial installation and we don't have any
>>> provision for updating installer images during LTS.  So we're either
>>> going to have to revisit that or come up with some kind of workaround
>>> for installation time.
>> 
>> I can help with new jessie installation images,
>
>That would be great!
>
>> but it'll need a bit
>> of prep work. debian-cd doesn't pull from security or lts by default.
>
>Just to clarify: there is no separate -lts suite anymore, so it'd just need to
>pull from security (which still needs changes as you mentioned).
>
>Can you give a pointer to the code where this is done? Perhaps we can help with
>the necessary code changes if you would welcome that.

There are a few places where debian-cd references the mirror, suite,
etc. which is a bit awkward here. Thinking about this, the *easiest*
way to do this would be to use the existing "local" support which can
pull in a local repo of changed .debs and .udebs on top of the base
Debian repo access. Simply setting up a local repo with the apt
packages in wouldn't be too hard here, and would solve the initial
installation problem. However, it might confuse people a little, and
I'll admit it might look ugly too.

I'll give it a try now...

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
Is there anybody out there?