On Wed, 13 Aug 2014, at 11:38 AM, Theo de Raadt wrote: > >One suggestion/request, to make it even harder for the man-in-the-middle > >attack to be successfully employed, could the current checksums be posted in > >the announcement of the new version? > > http://www.openbsd.org/55.html > > signify(1) pubkeys for this release: > base: RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h > fw: RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO > pkg: RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5 > > For the upcoming 5.6 release (few months yet), the keys are already > included in your 5.5 install, or you can find them in your /etc/signify > directory. Or, check http://www.openbsd.org/56.html (warning: > incomplete) > > signify(1) pubkeys for this release: > base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV > fw: RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw > pkg: RWSPEf7Vpp2j0PTDG+eLs5L700nlqBFzEcSmHuv3ypVUEOYwso+UucXb > > In fact the snapshots available since about a month ago already include > the public keys for the 5.7 release next May.... >
Are there plans to get openbsd.org serving over SSL? That would help a bit in trusting the keys posted to the website.
