DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3rd September 2008
revzalot's Avatar
revzalot revzalot is offline
Shell Scout
 
Join Date: May 2008
Posts: 123
Default How secure is updating and installing online

How secure is it updating and installing the OS and packages online? How can I be sure the software is legitimate when I do an online install, cvsup, and pkg_add? Usually when you download software, you can use md5sum or gpg to check before installing. Enquiring minds wants to know.
Reply With Quote
  #2   (View Single Post)  
Old 4th September 2008
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

The OS has MD5 checksums in the /pub/OpenBSD/<release>/<arch> folder. The best practice is to compare checksums from a different mirror than you download the filesets from. Note that this MD5 checksum does not include the X11 filesets.

Every port in the tree includes checksums. This is critical for picking up any unexpected changes in source files. For an example, see any /usr/ports/<category>/<port>/distinfo file, and for further information, see the ports(7) and bsd.port.mk(5) man pages.

For packages, the x* filesets, and the CVS tree, trust is required.

Note. This has been discussed many times over the years. A perusal of the misc@ archives should lead you to some heated discussion on the subject.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Updating FreeBSD carpman FreeBSD Installation and Upgrading 6 26th October 2008 11:49 AM
Java online tutorial 18Googol2 Programming 5 28th August 2008 03:07 AM
Updating Packages on -current roundkat OpenBSD Packages and Ports 21 14th July 2008 11:50 PM
divx online under freebsd ABRAXAS FreeBSD General 4 20th May 2008 03:34 PM


All times are GMT. The time now is 02:02 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick