previously on this list Jean-Philippe Ouellet contributed: > The OpenBSD project does not digitally sign releases. The above > command only detects accidental damage, not malicious tampering. > If the men in black suits are out to get you, they're going to > get you. > > It seems the men in black /are/ out to get everyone after all.
I'm sure the build systems are ace and know little about them aside from espies talks and posts and that they have a good track record. Also odd program behaviour may get picked up by many users of a central package. I also love the introduction of signify. However considering the complexity of building and especially all of the ports and it may also be mentioned elsewhere in the FAQ already or considered obvious but considering signify provides trust of OpenBSD being the source of the built packages and not upstream source code being guaranteed. Then I wonder if it's worth keeping some sort of disclaimer or line about "black suits" or other highly resourced powers in that it is suitable to most situations but obviously no replacement for a well audited and specifically targeted/secured building process and targeted source review where resources are available though most likely only close to possible for a few particular ports and where you hope the compiler(s) are trustable? Perhaps the following line from your patch and Ken's book (that I haven't read yet unfortunately) covers it all already and more? After that you can add whatever measures of real-life verification you see fit. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________
