Howdy!
I know the bootnet.img is a very cramped little floppy. Still have to ask,
though, is there any plan to add ssl to the loader program and to the rest
of anaconda? libssl.a stripped and compressed needs 64k on my system.
It would be nifty to install a RedHat-based distro from a floppy image off
of a secure web server.
I'm writing a system that generates custom RH distros and kickstarts from
data about machines and networks stored in an LDAP database. One of the
goals for the system is security, and another is the ability to build
distributed networks (in this case, the install server and the client are
separated by the internet).
If you're ultra-paranoid, it's conceivable that someone upstream of the
remote location could hijack the install, substituting the install images
and RPMs (are the digital signatures even checked by the installer?). Might
take quite a lot of work, but it's doable. Am I really that paranoid? :)
When an entry in the LDAP database is changed, it triggers some scripts that
go off and rebuild the affected RPMs, and plugs them into the RedHat install
tree. To install a machine at a remote site, it is necessary to download an
ISO and burn it onto CDROM. If there were a secure network install, only a
floppy would be needed; there would be no need to download the ISO, and only
the RPMs that were actually to be installed would be downloaded.
Thanks for any ideas! If there's no such thing right now, it'll just have
to go on my project list for... someday. :)
John
