Em 10-12-2015 20:03, Christian Weisgerber escreveu: > The true elephant in the room is that I can't get the current OpenBSD > source tree securely. (Well, _I_ can if push comes to shove, but > the general user community can't.) CVSync? No integrity or > authenticity. AnonCVS over SSH? Nope, no integrity or authenticity > because the mirror itself got the tree over CVSync. Assuming you > trust the mirror in the first place.
I agree with you. We don't want TLS to hide the fact that we are accessing the openbsd site. We want TLS to get a little extra confidence that what we are seeing on our screen is what the OpenBSD devs wanted us to see. Someone mentioned signify keys also. Nowadays if I want to be (kind of) sure I got everything right, I need to download the files from different mirrors, using different internet connections, using vpn's and tor, etc. The TLS could be implemented on a non mandatory way, you don't need to redirect HTTP connections to HTTPS ones. But it would be nice to have the option, at least. Cheers, Giancarlo Razzolini
