I don't think I'm more paranoid than the average considering that Debian has a way to do this (http://www.debian.org/CD/verify), fedora has a way to do this (https://fedoraproject.org/verify), even Freebsd has a way to do this ( https://www.freebsd.org/releases/9.1R/announce.html).
The thought of being more paranoid than an OpenBSD guy is not very comfortable :) On Wed, Sep 11, 2013 at 8:13 PM, Daniel Bolgheroni <dan...@bolgh.eng.br>wrote: > On Wed, Sep 11, 2013 at 03:17:20PM +0300, Valentin Zagura wrote: > > Yes, we know, but that file can also be easily compromised if it's not > > available for download with a secure protocol (HTTPS) > > If you're paranoid, build your own hardware from the ground up, > including designing your own CPU and complementary circuits, download > all the sources, audit them all, compile and then run. > > You can't be fooled by wrong measurements of security. >