>>Is there any way to verify that distribution sets and packages that I >>have downloaded have not been tampered with (e.g., by someone with >>access to the mirror from which I downloaded them)? >> >>The package system supports signatures, but the packages distributed >>on OpenBSD mirrors are unsigned, as is the SHA256 file in each >>directory. > > Did you RTFA?
I've read the FAQ. It says that the package system supports signatures, but, as I wrote above, the packages distributed on OpenBSD mirrors are unsigned. It doesn't say anything about signatures for the distribution sets. Is there some other article that I should read that answers my questions?