Em 22-01-2014 11:00, Bob Beck escreveu:
> Our lists are so full of helpful smart people who think chains of
> trust are magical pixie dust coming from root-provider-fairylands
> where the root cert faires live in castles of uncompromising fortitude
> that are never full of government plants and are whose certificates
> are magically transported into operating systems and placed in that
> special place in our hearts where no file could ever be modified...
> They also suggest we should move the machines that generate the
> releases into of those same castles where power is cheaper to save
> money...
>
> I think I'll make sure to advertise the next OpenBSD Foundation
> funding campaign by suggesting that you're not actually not real
> people, but a helpful-suggestions-posting-bot sponsored by the NSA..
> Or maybe it's that they've infiltrated our educational systems...
> Please get our your tinfoil hats kids.
>
Bob,
There were lots of e-mails through the years on misc, some of
myself, that asked for more, how can I say, "trustiness" on the getting
the source and/or, just using the binaries provided by OpenBSD. I
believe that signify helps a lot on this. I took a look at the code and
it's simple and beautiful.
I myself download the installXX.iso and source code from different
mirrors/anoncvs, and using different internet links, just to be sure
that things are in order. I'll be even more paranoid with the next
release to make sure I have the right keys, both for 5.5 and the ones
that follow. Tinfoil hats apart, I believe that with the interdiction
programs that NSA has, and maybe also other governments, CD's can not be
entitled with the same trust as before. I believe that DNSSEC is just
one of the many things that could be done to make this "trust" more easy
to obtain and verify. I've been living without it anyway.
Cheers,
--
Giancarlo Razzolini
GPG: 4096R/77B981BC
