... gmail.com> wrote: > > I've searched OpenBSD.org and google for source code signing practices in > > OpenBSD, nothing obvious stands out ... doesn't sign code. Well, there's the MD5 files (e.g ... yeah, for the most part OpenBSD doesn't need it. -Nick ...

openbsd-misc - Nick Guenther - Dec 5 2007 - 10:56

... was meant. Going into PKI and code signing, however, I assumed he meant ... doing anything particularly > > differently from the OpenBSD developers. Please explain. > > I'm guessing ... ' Debian packages. > > I believe that in some circumstances this may lead ...

openbsd-misc - Kevin Stam - Dec 5 2007 - 15:52

... > reasoning > for not using pgp/gpg keys to sign stuff, secure communication, etc. > > > -- > View this message in context: > http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14173498 > Sent from the openbsd ...

openbsd-misc - Kevin Stam - Dec 5 2007 - 11:22

... wrote: > I've searched OpenBSD.org and google for source code signing practices in > OpenBSD, nothing obvious stands out. I've ... is the process described someplace? No. OpenBSD doesn't sign code. --- Lars Hansson

openbsd-misc - Lars Hansson - Dec 5 2007 - 01:52

... as to the reasoning for not using pgp/gpg keys to sign stuff, secure communication, etc. -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14173498 Sent from the openbsd user ...

openbsd-misc - new_guy - Dec 5 2007 - 11:03

... or doing anything particularly differently from the OpenBSD developers. Please explain. You've also conveniently ... sort of things? > > -- > View this message in context: > http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176001 > Sent ...

openbsd-misc - Kevin Stam - Dec 5 2007 - 13:59

... up to the OpenBSD developers what they do. Code signing has it's use, but it ... key problem is key management, not the signing itself. As an illustration, read what ... my post. openbsd-misc&m=103769360002468&w=2> ...

openbsd-misc - Otto Moerbeek - Dec 6 2007 - 02:55

... A guy who claims to be Brad Tilley :) -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14204037 Sent from the openbsd user - misc mailing list archive at Nabble.com.

openbsd-misc - new_guy - Dec 6 2007 - 20:00

... them? There's absolutely no need to signing > errata or official communications. Name one justifiable use ... in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14175339 Sent from the openbsd user - misc mailing list archive at Nabble. ...

openbsd-misc - new_guy - Dec 5 2007 - 12:46

... 's absolutely no need to signing > > errata or official communications. Name ... that xyz binary is signed by OpenBSD for > distribution or abc ... doing so and there may in fact be and I may ... for packages.. well the official OpenBSD mirrors are all trustworthy--if ...

openbsd-misc - Nick Guenther - Dec 5 2007 - 12:59

... > developers "signing" their code, or doing anything particularly > differently from the OpenBSD developers. Please explain. I'm guessing that he' ... are 'real' Debian packages. I believe that in some circumstances this may lead to a false ...

openbsd-misc - Dave Ewart - Dec 5 2007 - 15:13

... that the developers need to sign all communication > > just to ensure ... that xyz binary is signed by OpenBSD for > distribution or abc ... doing so and there may in fact be and I may ... cyptographic) checksum means. If the OpenBSD site publishes that list, how ...

openbsd-misc - STeve Andre' - Dec 5 2007 - 15:58

... do. PKI requires infrastructure that would cost OpenBSD > > money and developer time. Official CD's keep ... . > > Thanks, > Brad > > -- > View this message in context: > http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14180803 > Sent ...

openbsd-misc - bofh - Dec 5 2007 - 18:22

... this... is the process described someplace? -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14164451 Sent from the openbsd user - misc mailing list archive at Nabble.com.

openbsd-misc - new_guy - Dec 4 2007 - 23:16

... does OpenBSD handle these sort of things? -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176001 Sent from the openbsd user - misc mailing list archive at Nabble.com.

openbsd-misc - new_guy - Dec 5 2007 - 13:22

... do. PKI requires infrastructure that would cost OpenBSD > money and developer time. Official CD's keep ... go away now. Thanks, Brad -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14180803 Sent from ...

openbsd-misc - new_guy - Dec 5 2007 - 17:28

... > "signing" their code, or doing anything particularly differently from the > OpenBSD developers. Please explain. > > You've also conveniently ... ? Did you just vaguely read > somewhere in an advertisement about the supposed security benefits ...

openbsd-misc - Brad Tilley - Dec 5 2007 - 14:18

... 70-beta3.html > > Some examples of signed communications from FreeBSD & NetBSD: > http:// ... "signing" their code, or doing anything particularly differently from the > > OpenBSD ... you just vaguely read > > somewhere in an advertisement about the supposed ...

openbsd-misc - Kevin Stam - Dec 5 2007 - 14:26

... that xyz binary is signed by OpenBSD for > distribution or abc email came from an official OpenBSD source is a good > thing. ... doing so and there may in fact be and I may ... requires infrastructure that would cost OpenBSD money and developer time. Official ...

openbsd-misc - Bob Beck - Dec 5 2007 - 16:24

... > other cyptographic) checksum means. If the OpenBSD site publishes > > that list, how does something ... > > Using CDs to distribute the code make the attack of course rather > ... find all the appropriate tools to re-sign things, too, and do the spoof that ...

openbsd-misc - STeve Andre' - Dec 5 2007 - 19:46