On Wed, Dec 05, 2007 at 02:23:41PM -0600, Marco Peereboom wrote: > blah blah blah > > have you ever wondered why openbsd doesn't do binary updates?
I'm not talking about updates, I can read C. > maybe you are now going to be able to figure out why we don't need > complex signing mechanisms. You're ignoring that it is perhaps quite insane to expect anyone to verify every single line of code, and a (so far very much deserved) trust is given to the developers. Which is why I would very much like to be absolutely sure the CD I bought brought the release the developers intended to publish. This is not about downloading OpenBSD, but of having a quite measurable degree of trust that what you have is what you were supposed to have. Btw, it would be much better to use a hashing algorithm stronger than MD5, even on the file signed by an OpenPGP or X.509 certificate. Rui -- Wibble. Today is Setting Orange, the 48th day of The Aftermath in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?