On 11/22/05, Will H. Backman <[EMAIL PROTECTED]> wrote: > If you are looking for MD5 sums to verify the trustworthiness of the > packages, I think the best way would be to purchase the official CDs > from the OpenBSD store and run the MD5 tool yourself. Not the most > useful answer for your immediate problem. If you don't trust the > package on the ftp site, you can't trust the MD5 sums on that site > either.
Which is of course why PGP(GPG) was invented, and why many other projects publish a signed cleartext file containing checksums for their release source and binary files, even ISOs. Kevin
