Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The install sets themselves are checked by the installer, you could for example get bsd.rd from one mirror and the sets from somewhere else.


I know you can do that, but that's not the best solution. A signature of the install set made with a key known to belong to the OpenBSD project is probably a much better assurance of integrity and authenticity of the files.

Besides, how do you know the files and their hashes are not modified en route to you? One rogue node on the way to you (think AT&T Room 641A, but with data modification abilities) is all it takes, unless the transfer is SSL encrypted. And I don't mean just between you and the mirror, possibly also between the developers and the mirror (I bet some people would be very interested in backdooring one of the most secure systems on the planet by compromising their install images). Modification wouldn't matter as much with a signature-based system, since anyone doing the verification correctly would notice the signature verification failing or the signature coming from the wrong key (see my other comment for more information).


No doubt there are better solutions. But nobody has implemented one yet. Despite some users making up advanced theories for the lack of certain functionality, it usually only comes down to a simple lack of time and resources...




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: