Bug#857888: Debian 9 RC ISO installers lacks apt-transport-https package

Package: debian-9-rcX.iso Version: debian-9-rc1/2/+? The Debian 9 RC installers now allow for HTTPS APT repos, but they will not work because apt-transport-https is missing (and thus cannot parse HTTPS sources during installation). I suggest adding apt-transport-https to the new RC installer im

Bug#814798: debian-installer: enable encrypting /boot using GRUB cryptomount

I would also like to express a vote for true full disk encryption within the Debian installer. The current form of FDE leaves the /boot partition unencrypted. This can be fixed and has been tested on Debian Stretch to work. The process should be as so: * Create RAID / DM / MD devices (if necess

Bug#858009: Debian "Full Disk Encryption" is a misnomer, /boot not encrypted, Evil Maid attacks, enable grub cryptodisk, improve guided encrypted partitioning

Package: debian-installer Version: stretch-rc2 The Debian Stretch RC2 installer and previous versions do not allow Full Disk Encryption since /boot is more vulnerable to Evil Maid attacks due to it being unencrypted. Securing /boot makes Evil Maid attacks slightly more difficult, raising the co

Bug#865649: cups HTTPS issues -- Lack of SHA-2 certificate, weak TLSv1.0 crypto

Package: cups Version: 2.2.1-8 * SHA-1 is officially deprecated for HTTPS certificates, but is still used for cups certificate generation. * TLSv1.0 is enabled for cups, but TLSv1.0 with CBC / SHA-1 is potentially vulnerable to BEAST attacks. I suggest two resolutions to correct this, even thou

Bug#865649: cups HTTPS issues -- Lack of SHA-2 certificate, weak TLSv1.0 crypto)

Was TLSv.1.0 already disabled back in July 2015 and this is a regression or is it time now to disable it permanently and completely in the default config? See below a prior changelog. cups (2.1~b1-1) * New 2.1~b1 release disable TLS/1.0 support. -- Didier Raboud Thu, 09 Jul 2015