I've searched OpenBSD.org and google for source code signing practices in

OpenBSD, nothing obvious stands out. I've probably overlooked it. Just

curious about this... is the process described someplace?

--

View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14164451

Sent from the openbsd user - misc mailing list archive at Nabble.com.

No. OpenBSD doesn't sign code.
---

Lars Hansson

Well, there's the MD5 files (e.g.

http://openbsd.arcticnetwork.ca/pub/OpenBSD/4.2/i386/MD5).

but yeah, for the most part OpenBSD doesn't need it.

-Nick

Could you explain in more detail? Why doesn't OpenBSD need to use pgp keys?

Really, I'm not trying to start anything, I just want to understand.

Especially since everyone else seems to do it. FreeBSD, NetBSD, Linux

Kernel, etc... they all employ some sort of PKI mechanism... so how does

OpenBSD handle these sort of things?
--

View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176001

Sent from the openbsd user - misc mailing list archive at Nabble.com.

For one thing, I think you're quite confused. Unless I'm missing something,

I'm not noticing the FreeBSD, NetBSD, Linux kernel developers "signing"

their code, or doing anything particularly differently from the OpenBSD

developers. Please explain.
You've also conveniently ignored bofh's question. Why do you see this as

being an issue? What risks does PKI mitigate? Did you just vaguely read

somewhere in an advertisement about the supposed security benefits?
JI

Wow, my surprise grows... I shall no longer add to this thread... Bye now.
http://www.kernel.org/signature.html

http://www.freebsd.org/doc/pgpkeyring.txt
* One example of a signed Linux Kernel path... there are many others:

ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-2.6.9.sign
* One example of signed FreeBSD code... there are others:

http://taosecurity.blogspot.com/2007/11/updating-freebsd-70-beta2-to-70-...
Some examples of signed communications from FreeBSD & NetBSD:

http://www.freebsd.org/internal/ssh-keys.asc

http://mail-index.netbsd.org/netbsd-announce/2004/02/20/0000.html

Ah, my apologies. I was looking at the wrong thing. No further comment.

I'm guessing that he's referring to the fact that some Linux

*distributions* (not the kernel developers or necessarily any of the

components) sign their binary packages: for example Debian do this.
I believe one of the supposed benefits of this is that it allows anyone

to set up a public Debian mirror and, after checking the signatures

during download, one can be sure that they are 'real' Debian packages.
I believe that in some circumstances this may lead to a false sense of

security:
- Said mirror could have old (vulnerable) versions of packages.  Just

  because they're signed doesn't mean they're safe;
- The signing relates only to the packaging: if the underlying source

  code is compromised, then all bets are off.
Would signing help for OpenBSD?  I don't particular see that it would,

given that you are trading off the hassle of implementing it,

maintaining it and so on, against the benefits of doing so, which are

probably small or non-existent.
Dave.
--

Dave Ewart davee@sungate.co.uk, jabber:davee@jabber.org, freenode:davee

All email from me is now digitally signed, http://www.sungate.co.uk/

Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Yes, that's what I gathered was meant. Going into PKI and code signing,

however, I assumed he meant signing and verifying the underlying source

code, and navigating the trees, I haven't noticed that.
Evidently he meant signing binary packages. In that case, I can kind of

understand the requirement - particularly for business - but whether it's

worth it is up to the OpenBSD team, not me. :) I'm having trouble seeing how

somebody could easily manage to get a compromised binary onto OpenBSD

servers. Seems more trouble to implement then it's worth.

Oh that surprises me, are OpenPGP signatures used for anything? Errata,

official communication, etc... maybe this is a stupid question, by it seems

everyone does it these days... even small software projects. Not being

critical of OpenBSD (I love it and buy CDs) just curious as to the reasoning

for not using pgp/gpg keys to sign stuff, secure communication, etc.
--

View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14173498

Sent from the openbsd user - misc mailing list archive at Nabble.com.

What is the benefit of doing so? What's the point? Is the website so likely

to be hacked into, that the developers need to sign all communication just

to ensure that it comes from them? There's absolutely no need to signing

errata or official communications. Name one justifiable use for them. If the

OpenBSD developers didn't care about "secure communications", then OpenSSH

would not exist.

Can you dismiss PKI and the benefits that OpenPGP signatures provide to your

user community? Knowing that xyz binary is signed by OpenBSD for

distribution or abc email came from an official OpenBSD source is a good

thing. Trojaned binaries and forged emails happen. PKI can help mitigate

this. The benefit of PKI is widely known and accepted and does not need to

be rehashed here. I'm surprised that OpenBSD (the most secure OS I know of)

does not use it, that's all I'm saying. I also thought there would be a real

reason for not doing so and there may in fact be and I may just be unaware

of it.

--

View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14175339

Sent from the openbsd user - misc mailing list archive at Nabble.com.

On Thu, 06 Dec 2007 02:35:38 +0100, Gilbert Fernandes
Or you pull the MD5s from another source than your packages,

not bloody likely that the two different sites you've selected

for download has both been hacked.

This does not protect against the master site being owned though,

though I guess that'd be noticed and announced.
Easy thing is to use the CDs though, just as people has already

stated. =)
--

Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

Having this being the default on ports could be a good

thing perhaps. The script would download the package

from a FTP and hashes from another one. But the hashes

are already stored inside the folder of the package on the

ports.. so to what use ?
Sources that get downloaded are hashed and the value compared

to the one stored by the package maintainer.
And you have to trust this person to be serious. And even

if he is, if he grabs the latest version of sources for XYZ

and those got a hole non published (far, far more easy to

use tools to check sources for potential holes to use rather

than go hack their repositories...) that won't change anything.
Security is a link as Bruce Schneier explained, and it will

break at its weakest point. And if it breaks anywhere, the

whole thing can go down.
Thus, security is a constant process. You select a good

quality operating system (a BSD for example) and you don't

install anything on it eyes closed. And you do backups.

And you store them in a media not connected to anything.

And you use various tools to check everything (firewall,

rootkit checker, arp tool, etc. etc. ad nauseum).
It's really an education.
And if you are cautious with backups and make it part

of your current life, when shit happens you have solutions.
And if shit can happen, it will.. :)
--

unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ;

yes ; fsck ; umount ; sleep

Yes, one can dismiss the "benefits".  Think about what an MD5 (or any

other cyptographic) checksum means.  If the OpenBSD site publishes

that list, how does something more complicated help?
Answer: it doesn't.
--STeve Andre'

Wrong.
If someone cracks a website, then he can put up a modified binary

and a modified MD5 checksum. Creating a (digital) signature (with

the right key) is significantly more complex.
Using CDs to distribute the code make the attack of course rather

complicated.
Someone actually did the former with sendmail.org (to distribute a

version of sendmail with a backdoor).  The problem was only noted

because users checked the (digital) signature.

This is silly. You mean that you get the checksums and the

associated binaries from the *SAME* website?

You're probably being sarcastic, but in the case of the master site,

it doesn't matter, because all the slaves probably rsync from the

master anyway.
--

http://www.glumbert.com/media/shift

http://www.youtube.com/watch?v=tGvHNNOLnCk

"This officer's men seem to follow him merely out of idle curiosity."

-- Sandhurst officer cadet evaluation.

"Securing an environment of Windows platforms from abuse - external or

internal - is akin to trying to install sprinklers in a fireworks

factory where smoking on the job is permitted."  -- Gene Spafford

You know something is wrong when the checksum changes when

You know, you're descending into a recursive loop of "if, if, if..." and

it never ends.  OF COURSE if someone breaks into the site they could

do things--once you've lost control of your site all bets are off.  I dare

say that someone breaking into a site might find all the appropriate

tools to re-sign things, too, and do the spoof that way.
--STeve Andre'

Hi!
If I released code with cryptographic signatures, I'd not leave a secret

key file, nor a passphrase on the servers with the master web/ftp

site. I'd sign on a box you can't access from the master site (nor

the mirrors). So, no, the attacker would *not* gain access to signing

tools (ok, yes, the tools, perhaps, like gpg or openssl, but not the
Kind regards,
Hannah.

Heh--you're intelligent.  But I know of two places where everything was

stored on the one machine, and I think one of those sites still hasn't

gotten it through their heads that this isn't a good idea.
--STeve Andre'

^^^^^^^^^^^^^^^^
Hmm, did you read what I wrote?
The breakin was detected due to the digital signature.
Anyway, it's obviously up to the OpenBSD developers what they do.

Code signing has it's use, but it does not come for free. It's quite

involved. As always, the key problem is key management, not the

signing itself.
As an illustration, read what I wrote when similar questions came up 5

years ago, and dont forget Dug Song's answer to my post.
<http://marc.info/?l=openbsd-misc&m=103769360002468&w=2>
	-Otto

Hmm, you have a financial interest in a CA? Or you just believe you

know more about PKI security than Schneier does?
http://www.schneier.com/paper-pki.html
Now tell us all why you would trust PKI so absolutely.
Rod/
Me...a skeptic?  I trust you have proof.

If you want a secure binary. buy an official CD.. This is

what most people do.  PKI requires infrastructure that would cost OpenBSD

money and developer time. Official CD's keep OpenBSD alive. 
	Oh wait, we should devote resources to people who care about

security, just not enough to spend $50 on it..   Yeah. I'll get right

on that.
	-Bob

One last thought. You insinuate in this post that I do not buy CDs or

support OpenBSD. I claim that I do. There is a person listed by my name on

the donations page... but since I was not given the opportunity to digitally

sign my donation ;) I could just be impersonating that person. How is that

for irony? I'll go away now.
Thanks,

Brad
--

View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14180803

Sent from the openbsd user - misc mailing list archive at Nabble.com.

That's irrelevant (the impersonating bit).
What you have to understand is this - this is not a commercial

venture, nor is openbsd looking to grow marketshare or ease of use or

anything.  This is a project by developers for themselves.
Yes, they do sell CDs and so on to help support the project, and yes

they have users that they support.  But the moment the users become

annoying and passes a certain threshold (which are different for

different developers) those users become lusers (not saying you are

one, btw).
So, look at their objectives - does using pki solve anything for them?

 No, not really.  Signing source code that goes into the tree - does

it help?  No, if an intruder got in, they would have gotten the key

anyway.  Signing binaries?  What's on the primary server is considered

authoritative.  Or you can compile your own.  Binary updates?  Don't

do it.  Mirrors - they currently use MD5 which is cheap and fast and

good enough.
So, to put in a complicated pki and so on would add overhead that is

really useless to the developers.  It may benefit some users.  But

does the benefit outweigh the cost?  Not currently, according to the

developers.
Now, if you're willing to fund it, and do the work, and manages to

gain Theo's trust, then you get to do it.  But else, I don't really

see the devs taking on this additional work for fun.  And ultimately

that's what they're doing - having fun.
Now, it could be that tomorrow one of the devs catches the pki bug -

then suddenly, all these can and will happen.  But I doubt it.
--

http://www.glumbert.com/media/shift

http://www.youtube.com/watch?v=tGvHNNOLnCk

"This officer's men seem to follow him merely out of idle curiosity."

-- Sandhurst officer cadet evaluation.

"Securing an environment of Windows platforms from abuse - external or

internal - is akin to trying to install sprinklers in a fireworks

factory where smoking on the job is permitted."  -- Gene Spafford

I do buy CDs. T-shirts too. I also donate. You guys live up to the

reputation :)

Are you *sure* of that? You might want to read
OpenBSD is the most secure OS, the devs know what they are doing.. and

they've rejected this as uneccessary.

You can check the MD5 files for the main distribution, and for

packages.. well the official OpenBSD mirrors are all trustworthy--if

they aren't, it will be discovered and they will no longer be official

mirrors.

This isn't a great answer, I know.
-Nick

I don't see what is the problem with blessing a fingerprint of the

binaries with a PKI signature, which would mean that *these* are the

binaries the devs intended to release.
Come on... twice a year and get the benefit of not being excluded from

company policies which require digital signature of software downloaded
Definitely not a great answer, as there are vectors of attack which

cover the client acessing the mirror and not the mirror in itself, like

changing on-the-fly the md5sums to match the bad binaries, etc...
A digital signature would enable the non-repudiation of the fingerprints

file (at least), giving a moderate level of assurance that attack

vectors would have to concentrate on upstream development servers (where

the devs *really* know what they are doing).
Rui
--

Hail Eris!

Today is Prickle-Prickle, the 47th day of The Aftermath in the YOLD 3173

+ No matter how much you do, you never do enough -- unknown

+ Whatever you do will be insignificant,

| but it is very important that you do it -- Gandhi

+ So let's do it...?

It's not really OpenBSD's problem that some companies implement pointless

"security" policies.
---

Lars Hansson

I'm not discussing wether its pointless or not, maybe you don't want

OpenBSD to be used at all?
Rui
--

Grudnuk demand sustenance!

Today is Setting Orange, the 48th day of The Aftermath in the YOLD 3173

+ No matter how much you do, you never do enough -- unknown

+ Whatever you do will be insignificant,

| but it is very important that you do it -- Gandhi

+ So let's do it...?

Who would sign the binaries?

Would each package maintainer sign his own packages?

Does Theo have to sign each package?

I don't see a problem in having signatures for software but I do see

problems in creating and maintaining an infrastructure for these

signatures.

And what would you gain?

What guarantees would these signatures give you?

You can verify package consistency with md5 sums.
If you are paranoid, why would you trust the devs? You would just

compile

the software yourself. But only after reading each line of code of

course.
Floor Terra

blah blah blah
have you ever wondered why openbsd doesn't do binary updates?
maybe you are now going to be able to figure out why we don't need

complex signing mechanisms.

You're ignoring that it is perhaps quite insane to expect anyone to

verify every single line of code, and a (so far very much deserved)

trust is given to the developers. Which is why I would very much like to

be absolutely sure the CD I bought brought the release the developers

intended to publish.
This is not about downloading OpenBSD, but of having a quite measurable

degree of trust that what you have is what you were supposed to have.
Btw, it would be much better to use a hashing algorithm stronger

than MD5, even on the file signed by an OpenPGP or X.509 certificate.
Rui
--

Wibble.

Today is Setting Orange, the 48th day of The Aftermath in the YOLD 3173

+ No matter how much you do, you never do enough -- unknown

+ Whatever you do will be insignificant,

| but it is very important that you do it -- Gandhi

+ So let's do it...?

And what are package updates?
Does pkg_add -u even check an e.g. md5 or does it trust the server?
Best

   Martin

But, my god, you're asking people to do actual work?  Goddamn it, you

aren't doing your bit to improve the ease of use of people using

openbsd.  Where's the one click gui to install everything that I want

(but only what I want and nothing more!)?  It is positively

embarassing that I have to use a text based installer when my linux

lusing friends can use a mouse and click install (never mind that I

get it done in a quarter of the time they do - but they have a pretty

gui, and it's even skinnable!!!!!!!!)
Why, I tell you, if you can just make openbsd more like windows,

you'll get a lot more users!!!!!!!!!!!!!!!!  Don't you care about

market share?  (Cue Theo's story about the VC who tried to dotcom-ize

openbsd :-))
Oh, by the way, can I have some dancing girls to come hold my hands as

I install it.
Maybe the faq needs a prequel in front of it - if you are not willing

to do the work, don't use openbsd.
Tongue in cheek
--

http://www.glumbert.com/media/shift

http://www.youtube.com/watch?v=tGvHNNOLnCk

"This officer's men seem to follow him merely out of idle curiosity."

-- Sandhurst officer cadet evaluation.

"Securing an environment of Windows platforms from abuse - external or

internal - is akin to trying to install sprinklers in a fireworks

factory where smoking on the job is permitted."  -- Gene Spafford

Doesn't it already have that, pretty much?
-Nick

sign it yourself, then download it.  problem solved.

Forgive them, for they know not what they say... *sigh* :)
Rui
-- 
Today is Prickle-Prickle, the 47th day of The Aftermath in the YOLD 3173

+ No matter how much you do, you never do enough -- unknown

+ Whatever you do will be insignificant,

| but it is very important that you do it -- Gandhi

+ So let's do it...?

Buy the CDs?

What are the risks you are trying to address?  What are the widely

known benefits of PKI?  Who downloads and installs openbsd binaries

*FROM AN EMAIL*?
Would you consider Bruce Schneier to be knowledgeable about PKI?  Have you read:

http://www.schneier.com/paper-pki.html
--

http://www.glumbert.com/media/shift

http://www.youtube.com/watch?v=tGvHNNOLnCk

"This officer's men seem to follow him merely out of idle curiosity."

-- Sandhurst officer cadet evaluation.

"Securing an environment of Windows platforms from abuse - external or

internal - is akin to trying to install sprinklers in a fireworks

factory where smoking on the job is permitted."  -- Gene Spafford

Hi!
One risk would be the plans of "online surveillance" of computers e.g.

in Germany. One way to install surveillance even on OpenBSD would be to

actively interfere with the internet connection with the surveilled

person, in the man-in-the-middle sense, and inject trojanned code

("Bundestrojaner") into the updates of the victim.
Using OpenBSD CDs doesn't protect the victim from attacks like that

that much because many people need ports/packages and to get fixes one

virtually has to use -current most of the time, and to update -current,

one often uses snapshots over non-secured transfers (ftp, rsync, source

via cvsync/cvsup). The only exception I know of is anoncvs via ssh,

but then, the CDs, IIRC, don't even ship with a known_hosts file for

the anoncvs servers.
As the talk about those "online surveillance" plans includes talk about

tailored attacks for each victim, they could investigate which OS one

uses and which ways of updating, so they could tailor their attack

vector appropriately.
Yes, *I*'d be vulnerable. I'd be not if I had a public key (and anoncvs

known_hosts file) from CD, perhaps also cvsync with cryprographic

integrity protection and public key (fingerprints) from CD, etc.
So the "online surveillance" stuff would perhaps not only affect Windoze

boxen as some people would come to think, even though the installation

of a trojan is, of course, usually much easier for Windoze than for

OpenBSD (or even a Linux installation if people with some skills operate

them).
Yes, of course cryptographic integrity protection wouldn't secure

OpenBSD against all kinds of attack vectors, but against *some*. Yes, it

comes at a cost. And I don't know whether the cost is really worth

while...
Kind regards,
Hannah.

Using software from any source without interference from an

all-pervasive government is a very special, but unfortunatly today, a

very real issue for many people around the world.  To be secure, you

have to get pieces of the puzzle over multiple paths.  It all can't come

via the net since then you're open to man-in-the-middle.  
Key-revocation announcements could come over the net (via an announce

list) but the new key would then have to come over a second channel.
One second-channel option is the q6mth CD issue, which could include a

new public key and e.g. known-hosts fingerprints.  This is vulnerable to

a very determined man-in-the-middle who can replicate and then alter the

CD before it arrives to you in the mail.
Another option is a trusted courier flying to Alberta and get a CD from

the OpenBSD store  (yeah, right).
In fact, likely any other technological option (e.g. an answering

machine in Alberta that spits out the alphanumerics of the current

master public key) is still suceptible.
If every piece of information you receive is filter through your

government, is there any hand-shaking protocol that can allow you to

establish a verified information connection (not necessarily encrypted)?

I don't think so.
Sure, Debian has signed .debs that use gpg as a back end (the system is

called apt-key), it relies on you trusting the fist key that you get

from them.  Since Debian doesn't actually mail out its own CDs,

everything is off its mirrors.  apt-key only 'protects' you from a later

man-in-the-middle.
I think that this is the central 'problem' that people are dancing

around.  
Personally, if this thread is to continue, I would like to see it move

from a "Why doesn't OpenBSD do things this way?" to a "What are the

threat models for OpenBSD identity theft and how can we protect

ourselves?".
Doug.

On Thu, 6 Dec 2007 09:51:16 -0500, "Douglas A. Tutty"
Please don't. I am getting tired of deleting this stupid thread.

The project has been around for more than ten years.

Do you think the devs are so completely clueless about

security that they haven't already thought about this?

Actually, a couple of the devs have already spoken up

on this topic and gave you the answer so please shut up already.

Sorry for adding to the talk talk talking, but people like Theo

actually read all this crap and it's wasting their time.

You forgot one option.  Invite Theo to give a talk, and ask him to

bring the CDs.  If you can't trust Theo's CDs, all hope is lost.
Just need to make sure there're some mountains around for Theo to go

climb.  If you live on a flatland, then, sorry, you're doomed.
--

http://www.glumbert.com/media/shift

http://www.youtube.com/watch?v=tGvHNNOLnCk

"This officer's men seem to follow him merely out of idle curiosity."

-- Sandhurst officer cadet evaluation.

"Securing an environment of Windows platforms from abuse - external or

internal - is akin to trying to install sprinklers in a fireworks

factory where smoking on the job is permitted."  -- Gene Spafford

He doesn't have to bring the CDs, just in the speach give the MD5 (or

other more secure [sha?} sum for an .iso file made from those CDs.  Buy

the CD, create an image, calc the md5.  Compare with Theo's speach.
Doug.

And how would you know that it is indeed Theo and not someone that

looks like him? I think that blood samples and DNA tests is the only

Code signing by blood.  ISAGN.
"Sorry marc - had to do it"
--

http://www.glumbert.com/media/shift

http://www.youtube.com/watch?v=tGvHNNOLnCk

"This officer's men seem to follow him merely out of idle curiosity."

-- Sandhurst officer cadet evaluation.

"Securing an environment of Windows platforms from abuse - external or

internal - is akin to trying to install sprinklers in a fireworks

factory where smoking on the job is permitted."  -- Gene Spafford

what if theo is a "person of interest", has his endpoint surveilled and

his key and passphrase are compromised? if somebody stole a pint of

blood, that could go a long way in your proposed plan...
short of having a web of trust, meeting people in person to sign their

keys and assuming private keys and passphrases have not been

compromised, you're pretty much SOL here. best bet is to use anoncvs and

verify your cvs server's public key in person, but even that is a PITA.

if massive databases of key fingerprint collisions exist MITM is very

real even with a key fingerprint, multiple fingerprints make this much

harder.
if anyone has a non-trivial quantum computer or remote viewing really

works, the gig is pretty much up anyhow.
< jy-p cinches his tinfoil hat and returns to following the yellow brick

It's not all about governments.  Corporate espionage is probably a

larger, more active threat, especially to OpenBSD.
	"cui bono?"
If we assume for the sake of argument that the printed CDs are ok, then

there is at least one method for distributing keys and/or building a web

of trust.
-Lars

True, but a single source of corporate espionage can't attack the mail,

Doug.

give it a rest guys.
has anyone ever actually been the victim of some

government/corporate/"the man" attack where they slipped trojan

openbsd binaries to you?
do you have any idea how hard it really is to mount such an attack?

without being detected?  and what's the trojan going to do?  copy all

your secrets to their national citizen oppression center?  how do they

get their nefarious packets through your firewall without notice?
i've download openbsd onto various machines from at least 5 mirrors

using 9 isps in 5 countries over the course of 7 years.  and you're

telling me that every single time, somebody out there was feeding me

the bad bits?  because if they screwed up even a single time, i could

use the good machine to detect the tainted ones.  get real.

Of course they won't do that. The US government has rules about

what it can collect and put in it's own databases and use. Forward thinking

people put careful rules in place preventing the government from legally

playing big brother...
	Of course it has no such rules about what data in private databases

it can in retrieve and use. The brownshirts can pretty much go in there

and get anything they want anytime. Forward thinking people kind of had

the blinders on about that one. 
	Wow that Google toolbar sure is nice... ;)
	-Bob

Ted says everything is ok.  We can pack up and call it a day, knowing

that everything's settled once and for all.
Seriously, if the process has been already worked out, then point to

where it is  written up.  Maybe we're not looking in the right part of

the FAQ.
-Lars

HITLER AND MORE HITLER

there seems to be a fine, pink mist in the air.  some time ago

the matter comprising this mist was a live and healthy horse.
--

Christopher Linn <celinn at mtu.edu>  | By no means shall either the CEC

System Administrator II               | or MTU be held in any way liable

  Center for Experimental Computation | for any opinions or conjecture I

    Michigan Technological University | hold to or imply to hold herein.

Ok.  So Christopher, Marco, and Ted have spoken up to inform the list

that they do not know an answer.
To be sure the topic has been covered earlier, but

just where are there relevant message archives, presentations or

documents finding a practical solution to the problem of getting an

initial set of binaries?
-Lars

You can't possibly be this dense.  Let me try to spell it out.  YOU see

an issue WE don't.  That makes YOU responsible for fixing it.  All

reasons have been given to you why this is not even remotely a good idea

however you keep coming back for more.  So again you care we don't; how
You can't.  Either get over it or use an operating system with a trusted

vendor like Microsoft or Apple.  That pesky Open Source stuff can't be

hitler already

Here is yours :
+----------------+

| 1 Godwin point |

+----------------+
Bye
--

unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ;

yes ; fsck ; umount ; sleep

Hi!
Have I missed something? Last time I checked, it was plain http/ftp for
Kind regards,
Hannah.

That would make it rather hard to revoke a key if there ever

was a problem.

Hi!
Key revocation lists in some form? If it's gpg/OpenPGP, instruct users

to update from keyservers, one will notice when there're

incompatibilities between the key from CD and the one from the

keyserver, but one will also get the revocation from the keyserver. And

if one buys every CD, there's the time window of half a year even

without a key revocation infrastructure.
Kind regards,
Hannah.

Yes, I've read that. He's talking about CA's. He does not ridicule PGP keys

as you seem to. In fact, he has a few of his own:
Bruce Schneier <schneier@counterpane.com> 	0x4C92D93D 	2048 	1997/10/16

Never

Bruce Schneier <schneier@counterpane.com> 	0x7EDE4C65 	1024 	1995/09/26

Never
Look him and his company Counterpane up yourself:
http://keyserver.veridis.com:11371/
--

View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176573

Sent from the openbsd user - misc mailing list archive at Nabble.com.

I'm not ridiculing PGP keys.  I used to run PKI (Entrust) at a fortune

100 company.  Whenever I hear people screaming about using PKI, I

always want to know - exactly what problem are you trying to solve or

prevent, or what risk you are trying to address.
--

http://www.glumbert.com/media/shift

http://www.youtube.com/watch?v=tGvHNNOLnCk

"This officer's men seem to follow him merely out of idle curiosity."

-- Sandhurst officer cadet evaluation.

"Securing an environment of Windows platforms from abuse - external or

internal - is akin to trying to install sprinklers in a fireworks

factory where smoking on the job is permitted."  -- Gene Spafford

yes.