Nice to see Dave checking out Debian:
I also had to take a moment to modify the sudo configuration to let me use it - it doesn't let me by default, unlike Ubuntu. (I still prefer using sudo with the root password to su.)
Sudo is convenient, but it's effectively the same thing as running Windows as an 'administrator' user - it significantly weakens the security of your system. By all means turn it on yourself, but you'll have a hard job convincing me something like this should be enabled by default.
I'm curious to why you went for the DVD option - the netinst images are the method of choice these days, and would have saved you a significant chunk of bandwidth. (Your missing APT sources.list entries were presumably partly d-i's fault in trying to do the Right Thing by assuming you have no internet access. Perhaps if it added some commented-out lines, that would have been useful.)
Placing a caching proxy such as Squid or apt-proxy between your machine and the internet would also speed up your future netinst-based installs.. Heh, there's optimism for you.
UPDATE: Benji pointed out I didn't really read Dave correctly. Sudo requiring the root password is seemingly equivalent to su (but with logging, arbitrary restrictions, etc.). My comments above assume Dave was referring to sudo with the user password, the Ubuntu default. Apologies.
Yes, I like using sudo with the root password because it keeps the same security while allowing me to stay logged in as me, with my Bash customisations, etc. I also don't like Ubuntu letting me use my user password by default, although that is still better than Windows not asking for a password at all!
I went for the DVD because I was evaluating it to use at work, and they have a 1mbit connection whereas I have about 18mbit - so it would probably have been quicker in the long-run if I ended up using it. And since it's unmetered the bandwidth doesn't matter much. (And I don't currently have a suitable machine to use as a proxy.)
Commented out lines in apt sources would indeed be useful - that's what Ubuntu does.
Dave
I would think that the argument for security trumps the Bash one (Have you seen sudo's -s flag?)
I've filed a wishlist bug against the installer (#439267) for the default URIs.
— lamby
<blockquote>I would think that the argument for security trumps the Bash one (Have you seen sudo’s -s flag?)</blockquote>
I hadn't seen -s, but I'll remember that in case I ever need it. I don't understand what you mean by "the argument for security trumps the Bash one" though - surely sudo with root pw satisfies both?
Dave
I think we are agreeing with each other. Sudo with root password is good.
— lamby