jonathan wrote:
> Debian Live Buster re-introduces the standard live image. This is a
> basic Debian image that contains a base Debian system without any
> graphical user interface. Because it installs from a squashfs image
> rather than installing the system files using dpkg, installation times
> are a lot faster than installing from a minimal Debian installation
> image.
So this is another text that should go in whats-new? It seems as
though it should include the item about calamares, instead of just
being plonked down after it:
<section id="debian-live">
<!-- stretch to buster -->
<title>Debian Live</title>
<para>
Debian Live Buster re-introduces the standard live image. This is a
basic Debian image that contains a base Debian system without any
graphical user interface. Because it installs from a squashfs image
rather than installing the system files using <command>dpkg</command>,
installation times are a lot faster than installing from a minimal
Debian installation image.
</para>
<para>
The live images also ship an additional installer called Calamares.
Calamares is a distribution-agnostic project that aims to create a
universal installer, providing an easy-to-use graphical interface
designed for typical laptop and desktop users. It doesn't yet support
advanced partitioning options like RAID, but for advanced users,
debian-installer is still available from the installation media boot menu.
</para>
</section>
This would also imply a correction to the link from issues.dbk.
Revised versions of two patches (plus another copy of the bonus patch
for evolution) attached.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
diff --git a/en/whats-new.dbk b/en/whats-new.dbk
index d5fcaa36..a8a7eaef 100644
--- a/en/whats-new.dbk
+++ b/en/whats-new.dbk
@@ -677,5 +677,26 @@ Among many others, this release also includes the following software updates:
</para>
</section>
+<section id="debian-live">
+ <!-- stretch to buster -->
+ <title>Debian Live</title>
+ <para>
+ Debian Live Buster re-introduces the standard live image. This is a
+ basic Debian image that contains a base Debian system without any
+ graphical user interface. Because it installs from a squashfs image
+ rather than installing the system files using <command>dpkg</command>,
+ installation times are a lot faster than installing from a minimal
+ Debian installation image.
+ </para>
+ <para>
+ The live images also ship an additional installer called Calamares.
+ Calamares is a distribution-agnostic project that aims to create a
+ universal installer, providing an easy-to-use graphical interface
+ designed for typical laptop and desktop users. It doesn't yet support
+ advanced partitioning options like RAID, but for advanced users,
+ debian-installer is still available from the installation media boot menu.
+ </para>
+</section>
+
</section>
</chapter>
diff --git a/en/issues.dbk b/en/issues.dbk
index b5c1d004..4f02beb4 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -692,6 +692,33 @@ $ sudo update-initramfs -u
</para>
</section>
+ <section id="calamares-creates-readable-key">
+ <!-- stretch to buster -->
+ <title>
+ Calamares installer leaves disk encryption keys readable
+ </title>
+ <para>
+ When installing Debian from live media using the Calamares installer
+ (<ulink url="&url-wiki;debian-live">new in buster</ulink>)
+ and selecting the full disk encryption feature, the disk's unlock key
+ is stored in the initramfs which is world readable. This allows users
+ with local filesystem access to read the private key and gain access
+ to the filesystem again in the future.
+ </para>
+ <para>
+ This can be worked around by adding <literal>UMASK=0077</literal> to
+ <filename>/etc/initramfs-tools/conf.d/initramfs-permissions</filename>
+ and running <command>update-initramfs -u</command>. This will recreate
+ the initramfs without world-readable permissions.
+ </para>
+ <para>
+ A fix for the installer is being planned (see <ulink
+ url="&url-bts;931373">bug #931373</ulink>) and will be uploaded to
+ debian-security. In the meantime users of full disk encryption should
+ apply the above workaround.
+ </para>
+ </section>
+
</section>
</chapter>
diff --git a/en/issues.dbk b/en/issues.dbk
index b5c1d004..720bdfc0 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -684,9 +684,9 @@ $ sudo update-initramfs -u
Users using <systemitem role="package">evolution</systemitem> as their
email client and connecting to a server running Exchange, Office365 or
Outlook using the <systemitem role="package">evolution-ews</systemitem>
- plugin should not upgrade to Buster without backing up data and finding an
+ plugin should not upgrade to buster without backing up data and finding an
alternative solution beforehand, as evolution-ews has been dropped due to
- <ulink url="&url-bts;926712">bug (#926712)</ulink> and their email
+ <ulink url="&url-bts;926712">bug #926712</ulink> and their email
inboxes, calendar, contact lists and tasks will be removed and will no
longer be usable.
</para>
