I meant that the fact that i do not know for certain that the packages were compiled by openbsd dev makes packages interesting. To be clear, my point re - cost is stupid and wrong. Free is free as in speech not as in beer.
2008/12/14 spamtester spamtester <[email protected]> > Hello I note that pkg_add can work over scp.... > > > However, as a user who is told to use packages by the official openbsd > documentation and that ports are for advanced users. I feel some what let > down... at this answer. Obviously i do not have ssh access to a mirror. I > also do not have the bandwidth to download all of the openbsd packages, > calculate the sha1sums of the packages and then distribute such a list. It > would also not be integrated into openbsd's pkg_add. > > The answer often provided is buy the cdroms. That is one answer sure. BUT > THEN i cannot agree that *free*, *practical* and *secure*. Why ? well cdroms > cost money. --> cost --> not free. It is practical to use binary packages > --> verification (if you only use the packages -> you have the checksums / > they are elsewhere ). ---> peace of mind --> extended practical use. > Secure.... no checksums stored locally / signed (and then distributed in the > operating system) is likely to result in package integrity being > compromised. > > > It does not matter what faith one places in the pki or webs of trust > (gpg/pgp style). Most linux distributions have had their packages signed for > years (for example at ruxcon - an australian security conference a large > number of participants had openbsd t-shirts stickers etc -> if one had a sig > / link to a chain it could have been spread / if it was on a cd --> key > could be compared to what others had) . Why not openbsd ? > > This seems trivial to me.
