[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenBSD 3.2 official release files / CDs MD5 / SHAs / digital signatures online?

I think it would be very nice is there was a place online that listed
the correct MD5 or SHA hashes of all official release files from the
FTP site and also all the files on installation CDs.

Extra credit would be having the same information for every checked in
(at least labeled / release ones) CVS source file.

I gather there may have been talk in the past of having a "OpenBSD digital signature"
that could be used to sign things like patches, release file checksum lists, and

My thought is that having these items (secure hash checksums of official source / binary
files and perhaps also an official 'OpenBSD digital signature' to further authenticate
such things) would be a good step forward in enabling users' to have a more secure
and verifiable base of code.

I've seen some talk on file system saint, tripwire, aide, mtree usage et. al. lately as
a mechanism to validate the integrity a system's files.  However promoting that
'ab initio' would be good by having such authentication information easily traceable right
back to the OpenBSD release itself by publishing / distributing the hashes and signatures
in a convenient way.

If any of these resources already exist somewhere, I'd certainly appreciate hearing reference
to how they may be found.  If they don't exist, I'd just suggest that perhaps it could be
a good idea for security and authentication.

Yahoo! Mail Plus - Powerful. Affordable. Sign up now.