previously on this list Theo de Raadt contributed: You see the cd can fetch sets from mirrors and in fact all you need to upgrade is bsd.rd, a reboot from it and an internet connection, in which case verifying bsd.rd and the sets is needed.
> Very the CD image media itself. You didn't do that? Then you booted it? If you really want you can add sha256.sig to the iso with isomaster from packages or choose http rather than cd. The bit you seem to have missed from Theo's last email aside from the above? is that booting the iso/bsd.rd without verifying it with signify (buy a cd or verify with checksums) means that while the sets may be valid the iso may not be and you could already be fscked from this or past CDs etc. (verifying could be compromised anyway). -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________
