Can the project wire an explosive booby trap inside the CD box to ensure that any sneaky postman is blown away by the awesomeness of openBSD ? (for a decent supplementary fee of course)
On Thu, Sep 12, 2013 at 6:56 PM, Kenneth R Westerback < kwesterb...@rogers.com> wrote: > On Thu, Sep 12, 2013 at 07:52:22PM +0300, Valentin Zagura wrote: > > > There is no entity > > > that owns or can be held responsible for the code, or is capable > > > of providing a solid evidentuary path from commit to your hands. > > > > I thought if we buy the CDs we WILL get "a solid evidentuary path from > > commit to" our hands. > > > > So this isn't the case? > > Physical email is as susceptible to MITM attacks as network connections. I > know a story of laptops entering the mail system and car springs coming > out the other end in the same box. :-) > > CDs will give you the best evidentuary path available. Compiling everything > yourself with a compiler and hardware you built from piles of dirt in a > clean room would be better. And then you still have to worry about nano > technology being slipped into the dirt. > > .... Ken > > > > > > > > > > > On Wed, Sep 11, 2013 at 1:58 PM, Peter N. M. Hansteen <pe...@bsdly.net > >wrote: > > > > > On Wed, Sep 11, 2013 at 01:49:14PM +0300, Valentin Zagura wrote: > > > > > > > We are going to use a OpenBSD system in a PCI-DSS compliant > environment. > > > > Is there any way we can prove to our PCI-DSS assessor that the > OpenBSD > > > > image we use for our installation can be checked so that it is the > > > correct > > > > one (is not modified in a malicious way by a third party) ? > > > > > > Probably not what you want to hear, but starting with > > > http://www.openbsd.org/orders.html > > > is usually an excellent idea in this context. Verifiably delivered > from a > > > trusted source. > > > > > > > A https link to some kind of ISO checksum or something similar (but > using > > > > strong cryptography) I think would do it, but I could not find any > > > (except > > > > a line in the FAQ stating "If the men in black suits are out to get > you, > > > > they're going to get you." which is not the case :) ) > > > > > > It's possible some of the more prominent entries on > > > http://www.openbsd.org/support.html > > > could be persuaded to provide something like that (M:Tier comes to > mind, > > > but why are > > > they not on that page?) in exchange for a reasonable fee. > > > > > > But again, for -RELEASE, the CD sets are a good starting point. > > > > > > - Peter > > > > > > -- > > > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > > > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > > > "Remember to set the evil bit on all malicious network traffic" > > > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 > seconds. > > > > > -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\