Yes, we know, but that file can also be easily compromised if it's not available for download with a secure protocol (HTTPS)
On Wed, Sep 11, 2013 at 1:59 PM, Stan Gammons <s_gamm...@charter.net> wrote: > The sha256 file located in the directory with the installxx.iso image has > the sha256 checksum for all of the files in that directory. > > On Sep 11, 2013, at 5:49 AM, Valentin Zagura <put...@gmail.com> wrote: > > > Hi, > > > > We are going to use a OpenBSD system in a PCI-DSS compliant environment. > > Is there any way we can prove to our PCI-DSS assessor that the OpenBSD > > image we use for our installation can be checked so that it is the > correct > > one (is not modified in a malicious way by a third party) ? > > A https link to some kind of ISO checksum or something similar (but using > > strong cryptography) I think would do it, but I could not find any > (except > > a line in the FAQ stating "If the men in black suits are out to get you, > > they're going to get you." which is not the case :) ) > > > > Thanks, > > Valentin Zagura >
