View Single Post
Old 13th July 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,383

Originally Posted by cravuhaw2C View Post
What is that single authority?
For OpenBSD software, it is The OpenBSD Project (the "Project"), in two ways:
  1. By the Project member who issued signify(1) -G to create the key pair. The public key having been distributed in /etc/signify by the Project in its distributions, and the private key managed by applicable members of the Project.
  2. By the Project members who use signify(1) -S to sign messages*, which may be source code components (break/fix patches for releases, and as of today, Portable LibreSSL), kernels and installation filesets, distributable third party firmware, and all distributed pre-compiled binary packages of third party software that has been configured to run on OpenBSD.
* Message being the term used in signify(1) for the plaintext that is to be cryptographically signed or verified.
Reply With Quote