Hi! On Thu, Dec 06, 2007 at 01:12:02PM +0200, Lars Noodin wrote: >Hannah Schroeter wrote: >... >> As the talk about those "online surveillance" plans includes talk about >> tailored attacks for each victim, they could investigate which OS one >> uses and which ways of updating, so they could tailor their attack >> vector appropriately. >...
>Some of this is mitigated in that when using OpenBSD, the connections to >the repositories is signed. Though, it looks like HTTP transfers are >not, and there is the question of getting the initial installation >packages. Have I missed something? Last time I checked, it was plain http/ftp for retrieving the base tarballs as well as the packages. >[...] Kind regards, Hannah.
