What's the best practice for ensuring that the correct files are
downloaded and that they are unmodified either at the mirror, in transit,
or by someone masquerading as a mirror? The CD images seem to come with
some checksums, but is there some certificate or key that can be acquired
to ensure that the initial image, and thus subsequent patches, packages
and ports, is correct?
Like many people, I'm 10 hops (and 4 networks) away from the nearest
mirror. And I see that the distribution takes place largely through
cleartext (ftp, http, cvs, etc)
-Lars
Lars NoodC)n ([EMAIL PROTECTED])
Ensure access to your data now and in the future
http://opendocumentfellowship.org/about_us/contribute
