hmm, on Tue, Mar 04, 2014 at 06:29:18AM -0700, Theo de Raadt said that > For the install55.iso and install55.fs media, this is known. > > We cannot solve this problem in time for the 5.5 release, but hope to > fix it in the next releases. Let's just say that enough hair has been > lost in the last two weeks, and there needs to be time for regrowth. > > You can verify that the file is good ahead of time, by manually using > signify and sha256 beforehands. This is documented in the signify > manual page. It should become best practice to do this, and easier, > because in the future your existing release will alreayd contain the > command. > > The other install media do not have this problem, since they do not > have to cryptographically sign their own contents.
no sweat. i have been installing snapshots since 2.6 without signatures... i just mentioned it in the unlikely case of this getting through the cracks. -f -- when you starve with a tiger, the tiger starves last.
