On 14/01/2015 17:03, mar...@martinbrandenburg.com wrote: > [...] you trust Theo and OpenBSD because you have no better option. > Don't pretend you increase your security by proving the software came > from a source you can't prove is trustworthy. [...]
More than Theo himself, what makes me trust OpenBSD is its stable, clean, open and essential code reviewed by a very skilled community. That's why I go the extra mile(s) to ensure running *that* code. <off-topic> > Security is about pushing attacks out of your attackers' ability or > price range. [...] Are you willing to go to the effort that defending > against your outlined attack requires? Being my current line of work, yes. Not that I or my clients have anything malicious to hide, but some government agencies and vendors seem to have lost touch with reality and/or ethics. The discussion went off topic. I was just after signed CD checksums, to raise the security of my physical delivery on par with that of the source code. Never mind: I will make do with downloading an ISO, while the kid within me enjoys the boxed CD set (which, save missing CD checksums for paranoid security people, is very nice indeed). </off-topic> Many thanks to Theo and the others for your advice and opinions. Regards -- Enos D'Andrea
