Christian Weisgerber wrote:
Hannah Schroeter <[email protected]> wrote:
Would it be too difficult to change the md5 invocation in the release
target in /usr/src/etc into sha1 or sha256 (i.e. cksum -a sha256), or
just to *add* them there?
Should be trivial, but that's not my decision. And really, what's
the point? Unless the MD5 file has a different distribution path,
it offers no security benefit. It's handy to check for inadvertent
transfer corruption, that's all.
My upgrade script fetches the MD5 from ftp.openbsd.org as well as from
the local mirror of preference and bails out if they differ. At least
that would tell me if the mirror had been hacked.
...but then again, in case of a new snap on ftp.openbsd.org that has not
yet made it to the mirrors, combined widh an urge for updating (which I
almost always do from the local mirror), I tend to bypass that... :-P
/Alexander
