If someone (who knows) reply, i would appreciate...
If i would download packages through a mirror server, how could i
validate their checksum? Please note, i'm NOT mentioning about using
checksum on mirror server, which is not valid if the packages are
already compromised... Shouldn't these checksums exist on openbsd.org
main web site at least?
Or i assume openbsd uses alternative technique...
Thanks and regards,
Cem
Cem Kayali, 05/11/09 00:59:
Hello!
I thank you for hints to questions i asked 2 days ago about
bioct/softraid and i completed test installation.
Well, as developer i assume/think you have already implemented a
system to verify mirror contents, just could someone please share me;
- How i can verify originality of ports.tar.gz in a 'mirror server'?
- How i can verify originality of packages in a 'mirrror server'?
since i couldn't see a list of md5/sha256(512) sums of those in main
www.openbsd.org website ---nor somebody mentions they are in cdroms?
Maybe i can get ports via anoncvs but not packages. Well, ordering
cd-rom is not a problem, but it does not contain all the software i
wish -probably.
I'm sorry if this looks like 101 OpenBSD question, this is just how
NetBSD (that i use) handles.
Best regards,
Cem
