> > OpenBSD is still debating md5s of packages in 2008. Seems like the first step would be to have checksums for all of the base system. Then do packages, then consider signatures. Personally I can live without signatures, but a checksum (or some form of data integrity verification) is needed.
I submitted a bug about this, google can find it but the bug tracking system cannot. Here is a copy for your amusement. -------- The MD5 files for OpenBSD 4.4 do not include the X11 files (xbase44.tgz, xetc44.tgz, ...) examples: ftp://ftp3.usa.openbsd.org/pub/OpenBSD/4.4/alpha/MD5 ftp://ftp5.usa.openbsd.org/pub/OpenBSD/4.4/amd64/MD5 And the directories with the source files (e.g. src.tar.gz) don't have checksum files at all. examples: ftp://ftp3.usa.openbsd.org/pub/OpenBSD/4.4/ ftp://ftp5.usa.openbsd.org/pub/OpenBSD/4.4/
