Yeah, so this just adds fetching of recent versions of the OS instead of manually updating the URLs yourself (or files if you manage your own TFTP server I guess), and extends support for wifi devices. Some devices only support PXE without iPXE by default, so you need to boot an image that can do iPXE and chain boot. I did this for an embedded x86 system that had no display output or input to install the OS (there was serial output IIRC), it needed wifi drivers compiled into the debian ISO though (something Ventoy has a plugin to simplify by modifying the ISO mounted contents instead without any overwriting on the actual ISO).

Debian net-boot

Isn't that some form of security issue to boot an os from a random webpage, or do they somehow limit what sites can serve those?

Agreed...but if you're talking about the Debian ISOs then you should bring that up with them. I'm just repeating what they have on their download page.

Sarcastically -- Sounds like your install script needs a few more cleanup commands added. But I get where you're coming from. Sometimes I forget that installs aren't always as straightforward or as scriptable as pacstrap /mnt list_of_packages_needed with a few cp's afterward for configs.

I think my reply to Mark covers the rest of this.

Mark did not cover the fact you from time to time get the critical point releases with debian stable isos. Thinking I have used debain since it 1995 I have been. I have been around long enough to know the idea of never having to update a Debian install disc on a point release is not in fact always true and should not be presumed as true until you have read the download page/release notes. So you do need to know if you are installing a old point release if possible so you can look at the point release notes and check is this a update with a major change to the package management that is important to security or not.

What you did not get is what on the Debian page changes from "you don't need to update the installer on this point release" to "you need to update the installer on this point release because something critical to security changed in the package management system of the installer." So you need to know about a new point release so you can go check and see if it one you need to update or if you can use the old installer disc no problem. Long term debian user I have seen this change a few times sometimes the result requires you need manually download packages so you could update old systems that had not be updated regulary.

There is so much allowed transition time from .0 to .1 to .2.... in the stable releases. Like we are on .7 now of stable .8 could be a security fix and the change breaks support for .4 and before stable if that happened it will be in the release notes. If this is happened and you could attempting to use a .4 or before point release installer the result can be that you cannot connect the mirror servers because you are being rejected. These things don't happen often. Big thing is you were reading the download page and presuming this stuff does not happen. The trap here is that it does happen just rarely its safer to presume new point release you need to check the release notes in case something like this has happened..

Well it currently says that you don't need to. And while Mark didn't go into it, you did. I assumed that you'd assume that I read what you wrote and was replying to it with that reply.

Look, all the release notes on their main page all have the same message of:

That's from 10.1. Every single one, including all the 9.X and 10.X releases from the past 2 years, has that same message with the version and codename changed.

FWIW I'm not disagreeing with you or saying that doesn't happen. IIRC that was a problem with one of their 7.x or 8.x releases... I know that bugs and security fixes occur and that "keep on using the old iso and update" isn't necessarily the best advise to give or receive...but it is the advice that they give on their release notes. Like I said, if you don't like it then take it up with Debian and their release notes because I'm just repeating them.

Problems happened in the 2.x, 4.x,5.x, 7.x and 8.x where there were point releases where you had to update because there was what debian called a new version. 1.x, 3.x,6.x did not. 9.x and 10.x are so far looking good but we are not to final point release yet so there is still time for them to screw up. Its horrible 50/50 if you get through a complete cycle of point releases with Debian without a breaking one.

I have been around debian long enough to see all those versions.

Debian wording could be better. "the point release" is referring to the current point releases. You will see in case of break age something like "this point release is a new version of Debian X"

Like I want to know if there is a new point release and if I need to read release notes/download page to make sure I not getting caught by a true new version that has done something security critical.

Opensolaris and later illumos and it's distros, had WanBoot almost 15 years ago (don't quote me on timetable ).
And it were removed form illumos in order to maintain less code etc. (alo don't quote me for reasons), yet times come when that forward-thinking function comes handy for the wider audience.
Just saying how much time it took.