Why is this not https://www.openbsd.org?
Surely everything and anything on your web page can be changed by man in the middle attacks including links to download mirrors and the hash values used to validate the downloads. This tends to put the whole idea that OpenBSD is secure at risk.
Or maybe I am just missing something. Yes I could ask for a DVD and I hope you have https on those pages othewise the same problem could arrive as MIM takes the order and sends me their disk.
Robin Murison
