Almost. The difference is that all the others use strong cryptography (https or GnuPG in Debian case) to ensure that the signatures you get are actually from them.
On Wed, Sep 11, 2013 at 8:57 PM, Brandon Mercer <yourcomputer...@gmail.com>wrote: > There's literally the same thing on the mirror? > http://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/SHA256 > > On Wed, Sep 11, 2013 at 1:53 PM, Valentin Zagura <put...@gmail.com> wrote: > > I don't think I'm more paranoid than the average considering that Debian > > has a way to do this (http://www.debian.org/CD/verify), fedora has a > way to > > do this (https://fedoraproject.org/verify), even Freebsd has a way to do > > this ( https://www.freebsd.org/releases/9.1R/announce.html). > > > > The thought of being more paranoid than an OpenBSD guy is not very > > comfortable :) > > > > > > On Wed, Sep 11, 2013 at 8:13 PM, Daniel Bolgheroni <dan...@bolgh.eng.br > >wrote: > > > >> On Wed, Sep 11, 2013 at 03:17:20PM +0300, Valentin Zagura wrote: > >> > Yes, we know, but that file can also be easily compromised if it's not > >> > available for download with a secure protocol (HTTPS) > >> > >> If you're paranoid, build your own hardware from the ground up, > >> including designing your own CPU and complementary circuits, download > >> all the sources, audit them all, compile and then run. > >> > >> You can't be fooled by wrong measurements of security. > >> >
