[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Should OpenBSD sign its releases?



Tim Freeman <tim@fungible.com> writes:

> I had hoped to find a cryptographic signature on the MD5 checksums at
> 
>    ftp://mirror.cs.wisc.edu/pub/mirrors/OpenBSD/3.5/i386/MD5
> 
> but no such luck.  Without these signatures, it's conceivable that
> someone corrupted the archive and updated the MD5's to match.  Is
> there a reason not to sign OpenBSD releases?

Here is a signature for that file. Have fun.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (OpenBSD)

iD8DBQFAvn57xak/gpXyHMwRApNfAJ0Up65kHxMG3lMxGYI1OEeHp3JCEQCgr+9K
Rib5rwkR//gZJwEHG6+iw3c=
=NvDh
-----END PGP SIGNATURE-----

//art