That's irrelevant (the impersonating bit).
What you have to understand is this - this is not a commercial
venture, nor is openbsd looking to grow marketshare or ease of use or
anything. This is a project by developers for themselves.
Yes, they do sell CDs and so on to help support the project, and yes
they have users that they support. But the moment the users become
annoying and passes a certain threshold (which are different for
different developers) those users become lusers (not saying you are
one, btw).
So, look at their objectives - does using pki solve anything for them?
No, not really. Signing source code that goes into the tree - does
it help? No, if an intruder got in, they would have gotten the key
anyway. Signing binaries? What's on the primary server is considered
authoritative. Or you can compile your own. Binary updates? Don't
do it. Mirrors - they currently use MD5 which is cheap and fast and
good enough.
So, to put in a complicated pki and so on would add overhead that is
really useless to the developers. It may benefit some users. But
does the benefit outweigh the cost? Not currently, according to the
developers.
Now, if you're willing to fund it, and do the work, and manages to
gain Theo's trust, then you get to do it. But else, I don't really
see the devs taking on this additional work for fun. And ultimately
that's what they're doing - having fun.
Now, it could be that tomorrow one of the devs catches the pki bug -
then suddenly, all these can and will happen. But I doubt it.
On 12/5/07, new_guy <byte8bits@gmail.com> wrote:
--
http://www.glumbert.com/media/shifthttp://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted." -- Gene Spafford
