Philipp Winter wrote: > Hi,
> > I did not find a file on the OpenBSD mirrors which contains a digital > signature for the 'MD5' files which are placed in the platform specific > directories (e.g.: ftp://ftp.openbsd.org/pub/OpenBSD/4.2/i386/). > > Is there no way to verify the authenticity of the installation files? > > Thanks, > Philipp Huh?, ftp://ftp.openbsd.org/pub/OpenBSD/4.2/i386/MD5 seems to contain all the proper MD5's... if your mirror matches the ones at the official site, that seems to prove they're genuine. The OpenBSD team takes security pretty seriously. ;) - digitally signing the MD5 file is a bit much though... don't ya think? =| If you're still paranoid, perhaps you request that release announcement emails should contain the "official" MD5's of the base files... perhaps Theo could send it for kicks.. lmao -Nix Fan.
