Eduard - Gabriel Munteanu: > Well, you could certainly put the key and signify sources on the > main website.
As Theo said they're at the corresponding pages [s/http/https/g]: > You mean like here? > > http://www.openbsd.org/59.html > > and > > http://www.openbsd.org/58.html > > and > > http://www.openbsd.org/57.html > > and > > http://www.openbsd.org/56.html signify is pretty straightforward (and awesome!) tool so it's not that hard to imlement it yourself. But you don't have to. There are many portable reimplementations. > The CVS thing doesn't seem to be HTTPS-enabled. This note seems to be truly reasonable to me. If OpenBSD already got Let's Encrypt this month and deployed it for www.openbsd.org it should not be hard to expand it to *.openbsd.org. Yeah, X.509 is a piece of shit but having this option is better than nothing. #safedefaults -- Happy verifying, Ivan Markin
