But, my god, you're asking people to do actual work? Goddamn it, you aren't doing your bit to improve the ease of use of people using openbsd. Where's the one click gui to install everything that I want (but only what I want and nothing more!)? It is positively embarassing that I have to use a text based installer when my linux lusing friends can use a mouse and click install (never mind that I get it done in a quarter of the time they do - but they have a pretty gui, and it's even skinnable!!!!!!!!)
Why, I tell you, if you can just make openbsd more like windows, you'll get a lot more users!!!!!!!!!!!!!!!! Don't you care about market share? (Cue Theo's story about the VC who tried to dotcom-ize openbsd :-)) Oh, by the way, can I have some dancing girls to come hold my hands as I install it. Maybe the faq needs a prequel in front of it - if you are not willing to do the work, don't use openbsd. Tongue in cheek On 12/5/07, Marco Peereboom <[EMAIL PROTECTED]> wrote: > blah blah blah > > have you ever wondered why openbsd doesn't do binary updates? > > maybe you are now going to be able to figure out why we don't need > complex signing mechanisms. > > On Wed, Dec 05, 2007 at 06:46:01PM +0000, Rui Miguel Silva Seabra wrote: > > On Wed, Dec 05, 2007 at 11:59:31AM -0500, Nick Guenther wrote: > > > > I'm surprised that OpenBSD (the most secure OS I know of) > > > > does not use it, that's all I'm saying. I also thought there would be > a real > > > > reason for not doing so and there may in fact be and I may just be > unaware > > > > of it. > > > > > > OpenBSD is the most secure OS, the devs know what they are doing.. and > > > they've rejected this as uneccessary. > > > > I don't see what is the problem with blessing a fingerprint of the > > binaries with a PKI signature, which would mean that *these* are the > > binaries the devs intended to release. > > > > Come on... twice a year and get the benefit of not being excluded from > > company policies which require digital signature of software downloaded > > through the internet. > > > > > You can check the MD5 files for the main distribution, and for > > > packages.. well the official OpenBSD mirrors are all trustworthy--if > > > they aren't, it will be discovered and they will no longer be official > > > mirrors. > > > This isn't a great answer, I know. > > > > Definitely not a great answer, as there are vectors of attack which > > cover the client acessing the mirror and not the mirror in itself, like > > changing on-the-fly the md5sums to match the bad binaries, etc... > > > > A digital signature would enable the non-repudiation of the fingerprints > > file (at least), giving a moderate level of assurance that attack > > vectors would have to concentrate on upstream development servers (where > > the devs *really* know what they are doing). > > > > Rui > > > > -- > > Hail Eris! > > Today is Prickle-Prickle, the 47th day of The Aftermath in the YOLD 3173 > > + No matter how much you do, you never do enough -- unknown > > + Whatever you do will be insignificant, > > | but it is very important that you do it -- Gandhi > > + So let's do it...? > > -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford
