Re: How to verify ports.tar.gz in mirrors - and similarly packages?

[Jasper Valentijn]

2009/5/11 Cem Kayali <cemkay...@eticaret.com.tr>:
> If someone (who knows) reply, i would appreciate...
>
Patience is a virtue...

> If i would download packages through a mirror server, how could i validate
> their checksum? Please note, i'm NOT mentioning about using checksum on
> mirror server, which is not valid if  the packages are already
> compromised... Shouldn't these checksums exist on openbsd.org main web site
> at least?
>

<http://marc.info/?l=openbsd-misc&w=2&r=1&s=packages+checksum&q=b>

And read.

If you've downloaded ports.tar.gz, untared it and done a cvs up -C -Pd
you can be sure it's in sync with the cvs server...

>> since i couldn't see a list of md5/sha256(512) sums of those in main
>> www.openbsd.org website ---nor somebody mentions they are in cdroms? Maybe
i
>> can get ports via anoncvs but not packages. Well, ordering cd-rom is not a
>> problem, but it does not contain all the software i wish -probably.

It does support the project and does contain a clean ports tarbal.

>>
>> I'm sorry if this looks like 101 OpenBSD question, this is just how NetBSD
>> (that i use) handles.

You're not the first to ask and not the first who didn't search the
archives before asking...



--
We spend the first twelve months of our children's lives teaching
them to walk and talk and the next twelve telling them to sit down and
shut up.