>One suggestion/request, to make it even harder for the man-in-the-middle >attack to be successfully employed, could the current checksums be posted in >the announcement of the new version?
http://www.openbsd.org/55.html signify(1) pubkeys for this release: base: RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h fw: RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO pkg: RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5 For the upcoming 5.6 release (few months yet), the keys are already included in your 5.5 install, or you can find them in your /etc/signify directory. Or, check http://www.openbsd.org/56.html (warning: incomplete) signify(1) pubkeys for this release: base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV fw: RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw pkg: RWSPEf7Vpp2j0PTDG+eLs5L700nlqBFzEcSmHuv3ypVUEOYwso+UucXb In fact the snapshots available since about a month ago already include the public keys for the 5.7 release next May....
