On Wed, Sep 05, 2012 at 11:34:48PM -0400, Ted Unangst wrote:
> On Thu, Sep 06, 2012 at 10:26, Rowdy OpenBSD wrote:
>
> > OpenBSD's package system already supports package signing, and OpenSSL
> > can sign files, so there is nothing for which to submit a diff. All
> > of the code is there; it's just not being used.
>
> I already said there are no plans to start signing things. What more
> is there to discuss?
We could discuss the ideas of an armchair developer, release/package
builder and infrastructure maintainer ;-)
We have some developers in the group who are more than capable of
setting up a singing and key manangement system. We do not need advice
on how to do that.
But we choose not to do it, beacuse the (perceived) benefits are not
great enough compared to the amount of work involved.
If you do not trust getting binaries or source over the net, buy a CD.
-Otto
