What's the best practice for ensuring that the correct files are downloaded and that they are unmodified either at the mirror, in transit, or by someone masquerading as a mirror? The CD images seem to come with some checksums, but is there some certificate or key that can be acquired to ensure that the initial image, and thus subsequent patches, packages and ports, is correct?
Like many people, I'm 10 hops (and 4 networks) away from the nearest mirror. And I see that the distribution takes place largely through cleartext (ftp, http, cvs, etc) -Lars Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute