On Wed, Dec 17, 2008 at 04:11:43PM -0500, Ted Unangst wrote: > On Wed, Dec 17, 2008 at 3:56 PM, Jussi Peltola <[email protected]> wrote: > > OpenBSD already has an SSL cert. Just publish the checksums over HTTPS. > > It's that easy? To silence the people demanding magic security dust? Yes.
To guarantee the package is safe, no, but I'd be pretty skeptical you can ever be certain. Of course, I don't endorse magic security dust solutions. However, a good explanation of the real problems with package authentication would probably help some people understand what they're asking.
