On 2011-09-09, Aaron <def...@gmail.com> wrote: > http://www.openbsd.org/faq/faq15.html#PkgSig <--- info on signing > packages. My understanding is > that packages from the official site and mirrors are not signed. > > All the files that are downloaded when you build a port are checked against > the "distinfio" file.
correct, if this is an issue, build your own packages from ports; dpb(1) can help. ports distfiles are checked with sha256 sigs.
