Re: Code signing in OpenBSD

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: OpenBSD-Misc <misc@...>
Date: Thursday, December 6, 2007 - 5:44 am

On Wed, Dec 05, 2007 at 02:23:41PM -0600, Marco Peereboom wrote:

I'm not talking about updates, I can read C.

> maybe you are now going to be able to figure out why we don't need

You're ignoring that it is perhaps quite insane to expect anyone to
verify every single line of code, and a (so far very much deserved)
trust is given to the developers. Which is why I would very much like to
be absolutely sure the CD I bought brought the release the developers
intended to publish.

This is not about downloading OpenBSD, but of having a quite measurable
degree of trust that what you have is what you were supposed to have.

Btw, it would be much better to use a hashing algorithm stronger
than MD5, even on the file signed by an OpenPGP or X.509 certificate.

Rui

--
Wibble.
Today is Setting Orange, the 48th day of The Aftermath in the YOLD 3173
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
Code signing in OpenBSD, new_guy, (Tue Dec 4, 11:16 pm)
Re: Code signing in OpenBSD, Lars Hansson, (Wed Dec 5, 1:52 am)
Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 10:56 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:22 pm)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 1:59 pm)
Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 2:18 pm)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 2:26 pm)
Re: Code signing in OpenBSD, Dave Ewart, (Wed Dec 5, 3:13 pm)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 3:52 pm)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 11:03 am)
Re: Code signing in OpenBSD, Kevin Stam, (Wed Dec 5, 11:22 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 12:46 pm)
Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 9:35 pm)
Re: Code signing in OpenBSD, Linus Swälas, (Wed Dec 5, 11:03 pm)
Re: Code signing in OpenBSD, Gilbert Fernandes, (Wed Dec 5, 10:15 pm)
Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 3:58 pm)
Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 7:22 pm)
Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 8:15 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 8:56 pm)
Re: Code signing in OpenBSD, Tony Abernethy, (Wed Dec 5, 9:48 pm)
Re: Code signing in OpenBSD, STeve Andre', (Wed Dec 5, 7:46 pm)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:52 am)
Re: Code signing in OpenBSD, STeve Andre', (Thu Dec 6, 3:49 pm)
Re: Code signing in OpenBSD, Claus Assmann, (Wed Dec 5, 11:02 pm)
Re: Code signing in OpenBSD, Otto Moerbeek, (Thu Dec 6, 2:55 am)
Re: Code signing in OpenBSD, Rod Whitworth, (Wed Dec 5, 5:12 pm)
Re: Code signing in OpenBSD, Bob Beck, (Wed Dec 5, 4:24 pm)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:50 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 5:28 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 6:22 pm)
Re: Code signing in OpenBSD, Brad Tilley, (Wed Dec 5, 4:36 pm)
Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 12:59 pm)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 2:46 pm)
Re: Code signing in OpenBSD, Lars Hansson, (Thu Dec 6, 12:37 am)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:45 am)
Re: Code signing in OpenBSD, Floor Terra, (Wed Dec 5, 5:09 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Wed Dec 5, 4:23 pm)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Thu Dec 6, 5:44 am)
Re: Code signing in OpenBSD, Martin Schröder, (Thu Dec 6, 4:20 am)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 5:28 pm)
Re: Code signing in OpenBSD, Nick Guenther, (Wed Dec 5, 6:08 pm)
Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 3:23 pm)
Re: Code signing in OpenBSD, Rui Miguel Silva Seabra, (Wed Dec 5, 4:41 pm)
Re: Code signing in OpenBSD, Nick Bender, (Wed Dec 5, 4:21 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 1:15 pm)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 6:48 am)
Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 10:51 am)
Re: Code signing in OpenBSD, Eric Furman, (Thu Dec 6, 12:01 pm)
Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 11:39 am)
Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:12 pm)
Re: Code signing in OpenBSD, Jeff I. Ragland, (Thu Dec 6, 12:27 pm)
Re: Code signing in OpenBSD, bofh, (Thu Dec 6, 12:57 pm)
Re: Code signing in OpenBSD, Jacob Yocom-Piatt, (Thu Dec 6, 1:33 pm)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 11:24 am)
Re: Code signing in OpenBSD, Douglas A. Tutty, (Thu Dec 6, 1:10 pm)
Re: Code signing in OpenBSD, Ted Unangst, (Thu Dec 6, 2:00 pm)
Re: Code signing in OpenBSD, Bob Beck, (Thu Dec 6, 2:58 pm)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 2:28 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 2:39 pm)
Re: Code signing in OpenBSD, Christopher Linn, (Thu Dec 6, 3:22 pm)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 3:39 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 3:59 pm)
Re: Code signing in OpenBSD, Marco Peereboom, (Thu Dec 6, 11:08 am)
Re: Code signing in OpenBSD, Gilbert Fernandes, (Thu Dec 6, 11:54 am)
Re: Code signing in OpenBSD, Lars Noodén, (Thu Dec 6, 7:12 am)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:38 am)
Re: Code signing in OpenBSD, Stuart Henderson, (Thu Dec 6, 7:23 am)
Re: Code signing in OpenBSD, Hannah Schroeter, (Thu Dec 6, 7:37 am)
Re: Code signing in OpenBSD, new_guy, (Wed Dec 5, 1:41 pm)
Re: Code signing in OpenBSD, bofh, (Wed Dec 5, 2:27 pm)
Re: Code signing in OpenBSD, Ted Unangst, (Wed Dec 5, 2:48 pm)