to some kind of ISO checksum or something similar (but using
strong cryptography) I think would do it, but I could not find any (except
a line in the FAQ stating If the men in black suits are out to get you,
they're going to get you. which is not the case :) )
Thanks,
Valentin Zagura
for all of the files in that directory.
On Sep 11, 2013, at 5:49 AM, Valentin Zagura put...@gmail.com wrote:
Hi,
We are going to use a OpenBSD system in a PCI-DSS compliant environment.
Is there any way we can prove to our PCI-DSS assessor that the OpenBSD
image we use for our
with their lives) and I hope you guys are also thinking of
them.
Thanks,
Valentin Zagura
On Wed, Sep 11, 2013 at 1:58 PM, Peter N. M. Hansteen pe...@bsdly.netwrote:
On Wed, Sep 11, 2013 at 01:49:14PM +0300, Valentin Zagura wrote:
We are going to use a OpenBSD system in a PCI-DSS compliant environment
it could be
Syria. Or some other combination of opposition.
2013/9/11 Valentin Zagura put...@gmail.com
Thanks for the suggestion, we will probably order the CD.
But on the other hand, I hope that you realize that people in some
countries (Iran, China, Egypt, Syria) would not have
of being more paranoid than an OpenBSD guy is not very
comfortable :)
On Wed, Sep 11, 2013 at 8:13 PM, Daniel Bolgheroni dan...@bolgh.eng.brwrote:
On Wed, Sep 11, 2013 at 03:17:20PM +0300, Valentin Zagura wrote:
Yes, we know, but that file can also be easily compromised if it's not
available
If I were a dissident in one of those countries, I would not trust a third
party with my life (but maybe I'm too paranoid).
AFAIK OpenBSD is Canada, not US, but again, I might be wrong.
11, 2013 at 10:32 PM, Kenneth R Westerback
kwesterb...@rogers.com wrote:
On Wed, Sep 11, 2013 at 08:53:50PM +0300, Valentin Zagura wrote:
I don't think I'm more paranoid than the average considering that Debian
has a way to do this (http://www.debian.org/CD/verify), fedora has a
way to
do
...@rogers.com wrote:
On Thu, Sep 12, 2013 at 07:52:22PM +0300, Valentin Zagura wrote:
There is no entity
that owns or can be held responsible for the code, or is capable
of providing a solid evidentuary path from commit to your hands.
I thought if we buy the CDs we WILL get a solid evidentuary