Hello, the FAQ states this: "The installXX.iso and installXX.fs images do not contain an SHA256.sig file, so the installer will complain that it can't check the signature of the included sets [...] This is because it would make no sense for the installer to verify them. If someone were to make a rogue installation image, they could certainly change the installer to say the files were legitimate." Although that's true for intentional modifications, it would still be useful to have the installation medium perform a self integrity check against accidental or natural data corruption. For example, Ubuntu recently enabled a by-default integrity check, starting with release 20.04: "Ubuntu now defaults to checking the integrity of the medium in use when booting into live sessions. This can be skipped by hitting Ctrl-C. We’ve enabled this because failed installs due to corrupt downloads of installation media is one of the most common error conditions that users encounter." (Source: <https://ubuntu.com/blog/whats-new-in-ubuntu-desktop-20-04-lts>) I would like to have OpenBSD include at least an unsigned SHA256 file in the discs. The installer would then detect that the checksums are unsigned and warn about the security implications, but it would let the user run the check. I think it would be wise to make it check the bsd.rd image that's actually booted when booting from the disc, and not just the bsd.rd file set. (I get that the OpenBSD installer is just a multipurpose "bsd.rd" RAM disk that can be found not just in the installation discs, right?)
Thank you!
