On Wed, Sep 11, 2013 at 08:53:50PM +0300, Valentin Zagura wrote: > I don't think I'm more paranoid than the average considering that Debian > has a way to do this (http://www.debian.org/CD/verify), fedora has a way to > do this (https://fedoraproject.org/verify), even Freebsd has a way to do > this ( https://www.freebsd.org/releases/9.1R/announce.html).
So you're saying that less paranoid projects are doing it, so why doesn't OpenBSD join the crowd and provide some fuzzy feel good but pointless security theatre? :-) > > The thought of being more paranoid than an OpenBSD guy is not very > comfortable :) Don't worry. You're apparently not paranoid enough yet. The true practical paranoid does not waste time on such mummery. .... Ken > > > On Wed, Sep 11, 2013 at 8:13 PM, Daniel Bolgheroni <[email protected]>wrote: > > > On Wed, Sep 11, 2013 at 03:17:20PM +0300, Valentin Zagura wrote: > > > Yes, we know, but that file can also be easily compromised if it's not > > > available for download with a secure protocol (HTTPS) > > > > If you're paranoid, build your own hardware from the ground up, > > including designing your own CPU and complementary circuits, download > > all the sources, audit them all, compile and then run. > > > > You can't be fooled by wrong measurements of security. > >
