On Wed, Apr 11, 2018 at 10:20:37PM +0200, Paul de Weerd wrote:
> ftp doesn't do this itself, but the error detection in tcp and ssl
> (ok, so that's linked into the ftp binary) do.
> The file is unlikely to have been changed in flight.

OK, odd. What I find odd is that the SHA256.sig file I got (which was 
downloaded after the .iso) differs from the very first time I made contact with 
today with the SHA256.sig that I downloaded to verify.  Could this be an
atomicity thing with the FTP mirror?

<some cut>

> | 4. Is it possible that there was an attack on the OpenBSD network 
> infrastructure?
> Unlikely.  Probably, the bytes you got match 1:1 with the file I got,
> minus those last 4096 bytes.  There's probably nothing all that
> interesting in those last 4K of the ISO, so my guess would be that
> everything would still be fine.  You can verify that by checking the
> contents of the mounted file system against the SHA256 file.
> | 5. Or mine?
> Also unlikely.  Could the download have been interrupted at the last
> moment?

Not by me with any signals, I let the download finish.  Theo does want me to
investigate this box because it has problems waking/sleeping, and I was going
to do that tonight but now it's too late, this signature anomaly wasted my
time for tonight.  It's entirely possible the drive is dying on it.  After
swapping SATA cables I think I'll put an SSD in it.

Thanks Paul (and everyone else in this thread).


> Cheers,
> Paul

Reply via email to