On Thu, Jan 15, 2015 at 3:27 PM, Enos D'Andrea temp4282138...@edlabs.it wrote:
On 14/01/2015 17:03, mar...@martinbrandenburg.com wrote:
[...] you trust Theo and OpenBSD because you have no better option.
Don't pretend you increase your security by proving the software came
from a source you
Sometimes I wish mailing lists having a like button ;)
On Wed, Jan 14, 2015 at 6:30 PM, Jack Woehr jwo...@softwoehr.com wrote:
Theo de Raadt wrote:
Finding them inside the global shipping system is easier than you
think
One of the joys of growing old is watching the really bad sci fi
I bought a can of this paint from a hardware store up in Lake Louise last
week.
On Wed, 14 Jan 2015, Theo de Raadt wrote:
On 2015-01-14, mar...@martinbrandenburg.com mar...@martinbrandenburg.com
wrote:
Buying a CD in my case includes a 5.000 mile trip through multiple
five-eyes nations,
I bought a can of this paint from a hardware store up in Lake Louise last
week.
We already knew that.
Please how is one supposed to verify the integrity of an official
OpenBSD 5.6 commercial CD set, bought on the OpenBSD store and
received by physical mail? [...]
Each directory on the CD is signed using signify and the 5.6 keys
listed at http://www.openbsd.org/56.html [...]
On 14/01/2015 17:03, mar...@martinbrandenburg.com wrote:
[...] you trust Theo and OpenBSD because you have no better option.
Don't pretend you increase your security by proving the software came
from a source you can't prove is trustworthy. [...]
More than Theo himself, what makes me trust
On 2015-01-14, mar...@martinbrandenburg.com mar...@martinbrandenburg.com
wrote:
Buying a CD in my case includes a 5.000 mile trip through multiple
five-eyes nations, whose overzealous three letter agencies officially
intercept physical shipments to install backdoors and hardware implants.
Enos D'Andrea temp4282138...@edlabs.it wrote:
On 14/01/2015 12:24, Stefan Sperling wrote:
Bootstrapping trust is always going to be hard no matter what we do
and how hard we try. [...] Now the answer has become buy a CD
and cross-check it with signify and it's still not enough. [...]
Christian Weisgerber na...@mips.inka.de wrote:
On 2015-01-14, mar...@martinbrandenburg.com mar...@martinbrandenburg.com
wrote:
Buying a CD in my case includes a 5.000 mile trip through multiple
five-eyes nations, whose overzealous three letter agencies officially
intercept physical
On Wed, Jan 14, 2015 at 02:32:07PM +0100, Enos D'Andrea wrote:
Buying a CD in my case includes a 5.000 mile trip through multiple
five-eyes nations, whose overzealous three letter agencies officially
intercept physical shipments to install backdoors and hardware implants.
On 2015-01-14, mar...@martinbrandenburg.com mar...@martinbrandenburg.com
wrote:
Buying a CD in my case includes a 5.000 mile trip through multiple
five-eyes nations, whose overzealous three letter agencies officially
intercept physical shipments to install backdoors and hardware
Theo de Raadt wrote:
Finding them inside the global shipping system is easier than you
think
One of the joys of growing old is watching the really bad sci fi you read as a
youth all come true :)
--
Jack Woehr # There's too much emphasis on things
Box 51, Golden CO 80402 #
On Wed, Jan 14, 2015 at 10:49:01AM +0100, Enos D'Andrea wrote:
Thanks, but I was hoping for a method that would also verify the CD boot
process, and that would not require downloading and installing a second
image or trusting the CD to verify itself.
Bootstrapping trust is always going to be
On 12/01/2015 20:34, Theo de Raadt wrote:
Please how is one supposed to verify the integrity of an official
OpenBSD 5.6 commercial CD set, bought on the OpenBSD store and
received by physical mail? [...]
Each directory on the CD is signed using signify and the 5.6 keys
listed at
Thanks, but I was hoping for a method that would also verify the CD boot
process, and that would not require downloading and installing a second
image or trusting the CD to verify itself.
Next time, it is better to ask what you hope for. You asked how to
check and you got the answer, then you
On 14/01/2015 12:24, Stefan Sperling wrote:
Bootstrapping trust is always going to be hard no matter what we do
and how hard we try. [...] Now the answer has become buy a CD
and cross-check it with signify and it's still not enough. [...]
paranoia
Buying a CD in my case includes a 5.000 mile
Hello,
Please how is one supposed to verify the integrity of an official
OpenBSD 5.6 commercial CD set, bought on the OpenBSD store and received
by physical mail?
Those CD images (with multiple platforms on the same CD) do not seem to
be available for download. Their checksums (provided mine are
Please how is one supposed to verify the integrity of an official
OpenBSD 5.6 commercial CD set, bought on the OpenBSD store and received
by physical mail?
Those CD images (with multiple platforms on the same CD) do not seem to
be available for download. Their checksums (provided mine are
18 matches
Mail list logo
