On Wed, Sep 05, 2012 at 12:48:58PM +0800, Rowdy OpenBSD wrote:
> >>Is there any way to verify that distribution sets and packages that I
> >>have downloaded have not been tampered with (e.g., by someone with
> >>access to the mirror from which I downloaded them)?
> >>
> >>The package system supports signatures, but the packages distributed
> >>on OpenBSD mirrors are unsigned, as is the SHA256 file in each
> >>directory.
> >
> > Did you RTFA?
>
> I've read the FAQ. It says that the package system supports
> signatures, but, as I wrote above, the packages distributed on OpenBSD
> mirrors are unsigned. It doesn't say anything about signatures for
> the distribution sets.
>
> Is there some other article that I should read that answers my questions?
>
Perhaps he means to read afterboot? Not sure.
Regards,
Donald Cooley
