On Wed, Feb 13, 2019 at 04:41:56PM +0100, Oleg Pahl wrote:
> Hi all,
>
> I use 6.4 Release.
> I install fm on my laptop from http://firmware.openbsd.org/firmware/6.4/
> This URL i found in man page FW_UPDATE(1)
> You can see that ( index.txt ) has one file more then as on server!
It doesn't
ke pkg_add with
binary packages) it doesn't proceed to decompress or parse the files
unless the signature is valid.
There is also a signed SHA256.sig file if you want to check signatures.
If you don't trust tgz files on a server, you can't trust an unsigned
SHA256 file either.
> Please explain me why
Hi all,
I use 6.4 Release.
I install fm on my laptop from http://firmware.openbsd.org/firmware/6.4/
This URL i found in man page FW_UPDATE(1)
You can see that ( index.txt ) has one file more then as on server!
---
From index.txt:
-rw-r--r-- 1 0 0 1707 Oct 16 22:41:37 2018 SHA256
---