On 30-09-2014 16:03, Ted Unangst wrote: > In theory, we could sign the ssh fingerprint page, but I don't think > that's a good idea at the current time. There are some issues with > expiring old data. This would be a significant improvement. If you are 99,99% certain you got the release right, them you could quickly verify every other peace of the OpenBSD infrastructure. And it would render other solutions irrelevant (DNSSEC+SSHFP for example). Could you elaborate on the expiring issue?
Cheers [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]