>Anything else, that has PGP keys and such. Good luck! It's curious you say this Theo, since OpenSSH already uses PGP to sign the releases... no? Web of Trust wouldn't minimize the probablity of corrupted packages? What makes you think that the main server (openbsd.org) cannot not be pwned? Just asking because I don't really understand the crypto theory behind it all, but I didn't read any elaborated argument besides a big "NO" from openbsd community about use of TLS and PGP for packages.
- Re: Impossibility of cryptographic verification ... Chris Bennett
- Re: Impossibility of cryptographic verifica... Eduard - Gabriel Munteanu
- Re: Impossibility of cryptographic veri... Theo de Raadt
- Re: Impossibility of cryptographic verifica... Stuart Henderson
- Re: Impossibility of cryptographic veri... Kevin Chadwick
- Re: Impossibility of cryptographic verification ... Theo de Raadt
- Re: Impossibility of cryptographic verifica... Eduard - Gabriel Munteanu
- Re: Impossibility of cryptographic veri... Theo de Raadt
- Re: Impossibility of cryptographic ... Eduard - Gabriel Munteanu
- Re: Impossibility of cryptographic veri... Ivan Markin
- Re: Impossibility of cryptographic verification ... arrowscript
