Date: Mon, 08 Nov 2010 23:02:36 -0700 From: Warner Losh <imp@bsdimp.com> To: Nathan Whitehorn <nwhitehorn@FreeBSD.org> Cc: jpaetzel@FreeBSD.org, freebsd-hackers@FreeBSD.org, Garrett Cooper <gcooper@FreeBSD.org> Subject: Re: txt-sysinstall scrapped Message-ID: <4CD8E3FC.2080504@bsdimp.com> In-Reply-To: <4CD58136.6070509@freebsd.org> References: <201011052316.27839.jpaetzel@freebsd.org> <AANLkTi=62rRhZsN4wUi6p_yokSxG0tkjUHK7gosLtTRZ@mail.gmail.com> <20101105.230617.74669306.imp@bsdimp.com> <AANLkTi=G2UEj4P=h=B7Tr58vg7RC9McMZq-q73ArDWOZ@mail.gmail.com> <4CD58136.6070509@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/06/2010 10:24, Nathan Whitehorn wrote: > On 11/06/10 01:04, Garrett Cooper wrote: >> On Fri, Nov 5, 2010 at 10:06 PM, Warner Losh<imp@bsdimp.com> wrote: >>>> Just to add to that (because I do find it a novel idea), 1) how >>>> are you going to properly prevent man in the middle attacks (SSL, TLS, >>>> etc?), and 2) what webserver would you use? >>> https or ssh. >>> >>> We're also toying with the idea of having a partition that you could >>> 'dd' your certs and keys to (so any system can customize the image >>> with keys to make sure you were talking to who you think you are). >>> We'd just reserve 1MB of space on partition s3. We'd then check to >>> see if there was a tar ball. If so, we'd extract it and do the >>> intelligent thing with the keys we find there. >> Wouldn't it be better just to go with a read-write media solution >> (USB) like Matt Dillon was suggesting at today then? Then again, >> determining the root device to date is still a bit kludgy isn't it? > But this breaks badly for people who don't own USB sticks of sufficient > size, are installing on machines without USB ports, can't boot from USB, > want to install from a shared medium like PXE, are installing on blades > with convenient shared CD drives but not USB etc. etc. Everything in the > world can boot from CD, and we have to ensure that continues working. Yes. We won't break that, although you might have more functionality if you do have a USB stick. > I also have mixed feelings about needing to use a web browser to > instruct a web app inside a bundled web server to write a config file to > be interpreted by shell scripts just in order to run gpart, newfs, and > tar. But if you get it working, it's better than sysinstall no matter > how baroque. We'll see how it all plays out? Warner > -Nathan > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CD8E3FC.2080504>