This is such a frequently asked question on this list. Why is it not answered in the FAQ?? I searched for this answer in the FAQ. I thought it was answered in the FAQ. It is not...
On Wed, Sep 5, 2012, at 01:46 AM, Ted Unangst wrote: > On Wed, Sep 05, 2012 at 11:36, Rowdy OpenBSD wrote: > > Is there any way to verify that distribution sets and packages that I > > have downloaded have not been tampered with (e.g., by someone with > > access to the mirror from which I downloaded them)? > > Download the checksums from another mirror using a different connection. > > The project doesn't have a certificate infrastructure, nor plans to > deploy one.