I gotta put my two cents in here.
I don't care what the medium is OpenBSD chooses to
distribute on. And get this I think the dist. sets
are a great value. Why?, glad you asked!!!
For too many years I have used other operating
systems (you know who they are) resulting
in way too much frustration, a high price with
bad to no docs.
Then I ran accross OpenBSD and (s**t), read
a little bit, ask a couple of intelligent questions
on the forums, and, most, if not all my/our company's
problems are GONE!
Since swithing to OpenBSD our server problems
have vanished at a considerable fair price. This
individual and my/our company would pay more in Theo
asked for it.........What a pleasure running this
system......
Thanyou OpenBSD developers!!!!!
frcc
On Tue, 14 Jan 2014 10:11:56 -0700
Theo de Raadt <[email protected]> wrote:
> > Many users who would like to test OpenBSD would be pleased about the
> > possibility to purchase or download OpenBSD as DVD.
> > Most users have a DVD or even a Blue Ray drive these days and I believe that
> > the installation should be as comfortable as
> > possible if you wanna gain new users. A DVD with the full set of packages
> > for
> > installation as well as providing the whole set of
> > OpenBSD software for live system boots would be possible as you can get
> > approx
> > 2*3 CDs on a singleton DVD. The additional
> > possibility to boot a genuinely downloaded OpenBSD DVD (not a self assembled
> > one or a live DVD from a third party) will even
> > be critical towards many use cases concerning security. Sometimes at least
> > if
> > you can trust the BIOS of the machine you want
> > to boot from a non-alterable live medium and want to reboot after any
> > possible
> > security incident (f.i. visiting an untrustworthy
> > website). Even if you install on hard drive having a singleton DVD for
> > installation and verification can be an essential advantage
> > as you wanna verify whether files have been altered on hard disk (and I have
> > already spotted numerous intrusions this way).
> > Some people may ask whether keeping it on DVD will just alleviate to verify
> > integrity but not authenticity. Sure you have to
> > ascertain the authenticity of your download at least once but then you can
> > keep the sha256/512sum with you and ascertain
> > auth. by keeping integrity. Both domains are closely linked together and you
> > can f.i. add auth to integr. by signing the sha-lists
> > of the files a package contains (though signing is not a silver bullet as
> > the
> > secret keys tend to be stolen systematically by
> > intelligence services). Sometimes you can get a higher degree of auth. by
> > making several anonymous download attempts
> > because lost integrity on some downloads or the downloads in a given area
> > could be easily spotted by the providers of the
> > download. Nonetheless to improve auth I would suggest to ship your secret
> > key
> > with a live medium that can be purchased
> > in newspaper shops like the System Rescue CD
> > (http://www.sysresccd.org/forums/viewtopic.php?f=6&t=5208); apart from
> > approaches like DANE/DNSSEC
> > (http://www.mail-archive.com/[email protected]/msg33596.html) which
> > can
> > not
> > provide the ultimate silver bullet either.
>
> The big question: How many of you would pay how much for each unit?
>
> It has to be worth the effort, or, the effort will distract from other
> much more important work.
>
> As to the remaining authentication issues you mention about, that is
> about to be solved with cryptographic signatures. If you eventually
> find this new work valuable at covering your risk factors in the next
> coming months, PLEASE make sure we know by contributing to the
> project.
>
--
frcc <[email protected]>
