... gmail.com> wrote: > > I've searched OpenBSD.org and google for source code signing practices in > > OpenBSD, nothing obvious stands out ... doesn't sign code. Well, there's the MD5 files (e.g ... yeah, for the most part OpenBSD doesn't need it. -Nick ...

openbsd-misc - Nick Guenther - Dec 5 2007 - 10:56

... > reasoning > for not using pgp/gpg keys to sign stuff, secure communication, etc. > > > -- > View this message in context: > http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14173498 > Sent from the openbsd ...

openbsd-misc - Kevin Stam - Dec 5 2007 - 11:22

... wrote: > I've searched OpenBSD.org and google for source code signing practices in > OpenBSD, nothing obvious stands out. I've ... is the process described someplace? No. OpenBSD doesn't sign code. --- Lars Hansson

openbsd-misc - Lars Hansson - Dec 5 2007 - 01:52

... as to the reasoning for not using pgp/gpg keys to sign stuff, secure communication, etc. -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14173498 Sent from the openbsd user ...

openbsd-misc - new_guy - Dec 5 2007 - 11:03

... 's absolutely no need to signing > > errata or official communications. Name ... that xyz binary is signed by OpenBSD for > distribution or abc ... doing so and there may in fact be and I may ... for packages.. well the official OpenBSD mirrors are all trustworthy--if ...

openbsd-misc - Nick Guenther - Dec 5 2007 - 12:59

... was meant. Going into PKI and code signing, however, I assumed he meant ... doing anything particularly > > differently from the OpenBSD developers. Please explain. > > I'm guessing ... ' Debian packages. > > I believe that in some circumstances this may lead ...

openbsd-misc - Kevin Stam - Dec 5 2007 - 15:52

... A guy who claims to be Brad Tilley :) -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14204037 Sent from the openbsd user - misc mailing list archive at Nabble.com.

openbsd-misc - new_guy - Dec 6 2007 - 20:00

... them? There's absolutely no need to signing > errata or official communications. Name one justifiable use ... in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14175339 Sent from the openbsd user - misc mailing list archive at Nabble. ...

openbsd-misc - new_guy - Dec 5 2007 - 12:46

For one thing, I think you're quite confused. Unless I'm missing something ... or doing anything particularly differently from the OpenBSD developers. Please explain. You've also ... > http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176001 > ...

openbsd-misc - Kevin Stam - Dec 5 2007 - 13:59

... that the developers need to sign all communication > > just to ensure ... that xyz binary is signed by OpenBSD for > distribution or abc ... doing so and there may in fact be and I may ... cyptographic) checksum means. If the OpenBSD site publishes that list, how ...

openbsd-misc - STeve Andre' - Dec 5 2007 - 15:58

... the (digital) signature. > > > You know, you're descending into a recursive loop of " ... obviously up to the OpenBSD developers what they do. Code signing has it's use ... problem is key management, not the signing itself. As an illustration, read what ...

openbsd-misc - Otto Moerbeek - Dec 6 2007 - 02:55

... does OpenBSD handle these sort of things? -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14176001 Sent from the openbsd user - misc mailing list archive at Nabble.com.

openbsd-misc - new_guy - Dec 5 2007 - 13:22

... > For one thing, I think you're quite confused. Unless I'm missing > ... developers "signing" their code, or doing anything particularly > differently from the OpenBSD developers. ... real' Debian packages. I believe that in some circumstances this may lead to ...

openbsd-misc - Dave Ewart - Dec 5 2007 - 15:13

... that xyz binary is signed by OpenBSD for > distribution or abc email came from an official OpenBSD source is a good > thing. ... doing so and there may in fact be and I may ... requires infrastructure that would cost OpenBSD money and developer time. Official ...

openbsd-misc - Bob Beck - Dec 5 2007 - 16:24

... do. PKI requires infrastructure that would cost OpenBSD > money and developer time. Official CD's keep ... go away now. Thanks, Brad -- View this message in context: http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14180803 Sent from ...

openbsd-misc - new_guy - Dec 5 2007 - 17:28

... . And ultimately that's what they're doing - having fun. Now, it could be ... . PKI requires infrastructure that would cost OpenBSD > > money and developer time. Official CD's ... : > http://www.nabble.com/Code-signing-in-OpenBSD-tf4947207.html#a14180803 > ...

openbsd-misc - bofh - Dec 5 2007 - 18:22

... user community? Knowing that xyz binary is signed by OpenBSD for >> distribution or abc email came from an ... surveilled person, in the man-in-the-middle sense, and inject trojanned code ("Bundestrojaner") into the updates of the victim. Using OpenBSD ...

openbsd-misc - Hannah Schroeter - Dec 6 2007 - 06:48

... we don't need > complex signing mechanisms. You're ignoring that it is ... to verify every single line of code, and a (so far very ... . This is not about downloading OpenBSD, but of having a quite ... 48th day of The Aftermath in the YOLD 3173 + No matter ...

openbsd-misc - Rui Miguel Silva Seabra - Dec 6 2007 - 05:44

... that xyz binary is signed by OpenBSD for > distribution or abc ... doing so and there may in fact be and I may ... PKI? Who downloads and installs openbsd binaries *FROM AN EMAIL*? Would ... to trying to install sprinklers in a fireworks factory where smoking ...

openbsd-misc - bofh - Dec 5 2007 - 13:15

... kernel/v2.6/patch-2.6.9.sign * One example of ... one thing, I think you're quite confused. Unless I'm ... signing" their code, or doing anything particularly differently from the > OpenBSD ... you just vaguely read > somewhere in an advertisement about the supposed ...

openbsd-misc - Brad Tilley - Dec 5 2007 - 14:18