> > And we should also ask a firmware question? > > > > Nope. I don't think we should bend over backwards for people doing > > strange things. They are on their own. > > > > Most of the time I agree with this particular attitude and it is indeed > appropriate for the OP case. However, there some major networks such as > various governments (or for example .mil) that do not participate in > the public PKI but run their own PKI infrastructure. What effect will > the installer's checks have in that environment? What workarounds would > be reasonable and approriate? and does it make sense for OpenBSD to > support such scenarios out-of-the-box to promote wider adoption of > better software?
The installer falls back to http. Just like it worked in 6.0 and all previous releases. So there is no problem. If you don't participate in the publically available cert model for https, it asks for a question and you fall back to http and continue on. We are following the same roadmap the browsers followed. Let me point out that our install script caters poorly to the Zulu speaking population. Also to the french. Not all minority featuresets can be supported. Please stop dismissing 20 years of effort to create an install media which supports so many many usage cases -- by insisting on the addition of more usage cases. It is amazing so much good and complex behaviours come out of such a small package; those who have dug into the guts of the install media understand. Essentially, you are making an enemy of good argument. And frankly, you say .mil? Good grief, that's unacceptable, our stuff is post-FIPS.