If I purchase a set of OpenBSD CDs or if I download them via http or ftp then I
am in need of verifying my CDs/images.
If the NSA regularly intercepts laptop shipment so it may do with the shipment
of OpenBSD CDs.
Now; how to obtain an authentic copy of your public key?
There is likely no better solution than buying an OpenBSD or Linux DVD with a
magazine at the next newspaper kiosk
as such a purchase will be 100% anonymous with regards to the actual copy of
the magazine you select: it will be
impossible to alter the magazine just for a specific user and altering all the
copies of a magazine would be discovered
quickly. There may be other solutions of obtaining an authentic copy of your
projects public key like DNSSEC/DANE;
nonetheless the one proposed in here is for sure the most simple and straight
forward one:
Please
* include a copy of your public key in the root directory of every
installation medium
(so that I can f.i.verify all three CDs by just obtaining a genuine
install55.iso
or the way that I can verify the set of CDs from the next release by a
previous one
unless you have updated your private key).
* ask others to ship your public key (f.i. system rescue cd, the net install
iso-s of other distros)
My dream would be that I just need to buy a newspaper and have all public keys
of all well known distributions;
and it really isn`t hard to realize as soon as one can assume a certain will to
cooperate!
Elmar
P.S.: URL about NSA regularely intercepting laptop shipments:
http://www.extremetech.com/computing/173721-the-nsa-regularly-intercepts-laptop-shipments-to-implant-malware-report-says
