On Thu, Jan 15, 2015 at 3:27 PM, Enos D'Andrea wrote:
> On 14/01/2015 17:03, mar...@martinbrandenburg.com wrote:
>> [...] you trust Theo and OpenBSD because you have no better option.
>> Don't pretend you increase your security by proving the software came
>> from a source you can't prove is trust
Sometimes I wish mailing lists having a "like" button ;)
On Wed, Jan 14, 2015 at 6:30 PM, Jack Woehr wrote:
> Theo de Raadt wrote:
>
>> Finding them inside the global shipping system is easier than you
>> think
>>
>
> One of the joys of growing old is watching the really bad sci fi you read
>
On 14/01/2015 17:03, mar...@martinbrandenburg.com wrote:
> [...] you trust Theo and OpenBSD because you have no better option.
> Don't pretend you increase your security by proving the software came
> from a source you can't prove is trustworthy. [...]
More than Theo himself, what makes me trust O
> I bought a can of this paint from a hardware store up in Lake Louise last
> week.
We already knew that.
I bought a can of this paint from a hardware store up in Lake Louise last
week.
On Wed, 14 Jan 2015, Theo de Raadt wrote:
On 2015-01-14, mar...@martinbrandenburg.com
wrote:
"Buying a CD" in my case includes a 5.000 mile trip through multiple
"five-eyes" nations, whose overzealous three
Theo de Raadt wrote:
Finding them inside the global shipping system is easier than you
think
One of the joys of growing old is watching the really bad sci fi you read as a
youth all come true :)
--
Jack Woehr # "There's too much emphasis on things
Box 51, Golden CO 80402 # lik
> > On 2015-01-14, mar...@martinbrandenburg.com
> > wrote:
> >
> > >> "Buying a CD" in my case includes a 5.000 mile trip through multiple
> > >> "five-eyes" nations, whose overzealous three letter agencies officially
> > >> intercept physical shipments to install backdoors and hardware implants
Christian Weisgerber wrote:
> On 2015-01-14, mar...@martinbrandenburg.com
> wrote:
>
> >> "Buying a CD" in my case includes a 5.000 mile trip through multiple
> >> "five-eyes" nations, whose overzealous three letter agencies officially
> >> intercept physical shipments to install backdoors and
On 2015-01-14, mar...@martinbrandenburg.com
wrote:
>> "Buying a CD" in my case includes a 5.000 mile trip through multiple
>> "five-eyes" nations, whose overzealous three letter agencies officially
>> intercept physical shipments to install backdoors and hardware implants.
>
> Where have you hea
On Wed, Jan 14, 2015 at 02:32:07PM +0100, Enos D'Andrea wrote:
> "Buying a CD" in my case includes a 5.000 mile trip through multiple
> "five-eyes" nations, whose overzealous three letter agencies officially
> intercept physical shipments to install backdoors and hardware implants.
"Enos D'Andrea" wrote:
> On 14/01/2015 12:24, Stefan Sperling wrote:
>
> > Bootstrapping trust is always going to be hard no matter what we do
> > and how hard we try. [...] Now the answer has become "buy a CD
> > and cross-check it with signify" and it's still not enough. [...]
>
>
>
> "Buyi
> >> Please how is one supposed to verify the integrity of an official
> >> OpenBSD 5.6 commercial CD set, bought on the OpenBSD store and
> >> received by physical mail? [...]
> >
> > Each directory on the CD is signed using signify and the 5.6 keys
> > listed at http://www.openbsd.org/56.html
On 14/01/2015 12:24, Stefan Sperling wrote:
> Bootstrapping trust is always going to be hard no matter what we do
> and how hard we try. [...] Now the answer has become "buy a CD
> and cross-check it with signify" and it's still not enough. [...]
"Buying a CD" in my case includes a 5.000 mile t
On Wed, Jan 14, 2015 at 10:49:01AM +0100, Enos D'Andrea wrote:
> Thanks, but I was hoping for a method that would also verify the CD boot
> process, and that would not require downloading and installing a second
> image or trusting the CD to verify itself.
Bootstrapping trust is always going to be
> Thanks, but I was hoping for a method that would also verify the CD boot
> process, and that would not require downloading and installing a second
> image or trusting the CD to verify itself.
Next time, it is better to ask what you hope for. You asked how to
check and you got the answer, then yo
On 12/01/2015 20:34, Theo de Raadt wrote:
>> Please how is one supposed to verify the integrity of an official
>> OpenBSD 5.6 commercial CD set, bought on the OpenBSD store and
>> received by physical mail? [...]
>
> Each directory on the CD is signed using signify and the 5.6 keys
> listed at
> Please how is one supposed to verify the integrity of an official
> OpenBSD 5.6 commercial CD set, bought on the OpenBSD store and received
> by physical mail?
>
> Those CD images (with multiple platforms on the same CD) do not seem to
> be available for download. Their checksums (provided mine
17 matches
Mail list logo
