On Fri, Sep 16, 2016 at 02:29:53PM -0400, grarpamp wrote:
> Nevermind that they still [1] don't have their release iso's and everything
> else fully reproduceable and cryptographically traceable back to
> their source repository, in part because their silly choice of repo (svn)
> isn't capable of establishing cryptographic provenance over, and distribution
> of, the source, so unlike signable trees git or monotone there's a big gaping
> disconnect there. Though they are making good progress on reproduceability.
> 
> Oh, and OpenBSD still uses cvs for code authenticity, lol.
>

Did all BSDs have sound integrity checks when updating or installing new
stuff?

About 8 years ago Freebsd installed ports and or packages fetching them
from plain ftp, without integrity checks IIRC.
 

Reply via email to