On Wed, Sep 11, 2013 at 03:17:20PM +0300, Valentin Zagura wrote:
> Yes, we know, but that file can also be easily compromised if it's not
> available for download with a secure protocol (HTTPS)
So get the CD. You'll support the project as well.
-Otto
>
> On Wed, Sep 11, 2013 at 1:59 PM, Stan Gammons <[email protected]> wrote:
>
> > The sha256 file located in the directory with the installxx.iso image has
> > the sha256 checksum for all of the files in that directory.
> >
> > On Sep 11, 2013, at 5:49 AM, Valentin Zagura <[email protected]> wrote:
> >
> > > Hi,
> > >
> > > We are going to use a OpenBSD system in a PCI-DSS compliant environment.
> > > Is there any way we can prove to our PCI-DSS assessor that the OpenBSD
> > > image we use for our installation can be checked so that it is the
> > correct
> > > one (is not modified in a malicious way by a third party) ?
> > > A https link to some kind of ISO checksum or something similar (but using
> > > strong cryptography) I think would do it, but I could not find any
> > (except
> > > a line in the FAQ stating "If the men in black suits are out to get you,
> > > they're going to get you." which is not the case :) )
> > >
> > > Thanks,
> > > Valentin Zagura
> >
