Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Encryption Operating Systems BSD

OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto 232

Posted by Soulskill from the those-signatures-will-be-worth-a-lot-of-money-some-day dept.
ConstantineM writes "It's official: 'we are moving towards signed packages,' says Theo de Raadt on the misc@ mailing list. This is shortly after a new utility, signify, was committed into the base tree. The reason a new utility had to be written in the first place is that gnupg is too big to fit on the floppy discs, which are still a supported installation medium for OpenBSD. Signatures are based on the Ed25519 public-key signature system from D. J. Bernstein and co., and his public domain code once again appears in the base tree of OpenBSD, only a few weeks after some other DJB inventions made it into the nearby OpenSSH as well."
This discussion has been archived. No new comments can be posted.

OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto More

OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto

Comments Filter:

  • Re:Very surprised that it took this long (Score:2, Interesting)

    by Anonymous Coward on Sunday January 19, 2014 @12:16AM (#46002919)

    OpenBSD is security by arrogance: nobody cares much to pay any attention to it, and anyone who comes with good intentions gets shouted down.

    Distributing unsigned packages in 2014 shows such a lack of concern for even the most basic risks facing administrators and end users that I can only assume it was intentional.

  • Floppy disks? (Score:3, Interesting)

    by thue ( 121682 ) on Sunday January 19, 2014 @12:27AM (#46002977) Homepage

    Being limited by floppy disk support requirement sounds like a bad joke. Is that really relevant for any computer which is not hopelessly antiquated in 2014? For reference, Apple stopped shipping floppy disk drives by default in 1998.

  • Overly paranoid (Score:5, Interesting)

    by johnwbyrd ( 251699 ) on Sunday January 19, 2014 @12:47AM (#46003117) Homepage

    I started using OpenBSD in 1998. It was a viable, timely competitor to Linux at the time, especially for building firewalls as such.

    OpenBSD is a great example of what happens when you make life too difficult for end users and administrators in the name of Security. OpenBSD has never embraced the most recent release of anything -- if it's new, by definition it's insecure and it can't be trusted. Ergo, if you have to demonstrate the latest technology in whatever you're doing, you start with a Linux distribution.

    From the article: "We wanted a tool that would fit on installation media, which meant minimizing code size and external dependencies." That's the breakage mode, in a nutshell. NO ONE in the world has been clamoring for an OpenBSD signing tool that runs on a floppy. But the designers are imagining the user requirements based on their own biases. This way lies the death of any commercial or open source software product.

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Sunday January 19, 2014 @03:13AM (#46003591)
    Comment removed based on user account deletion

Slashdot Top Deals

UNIX is hot. It's more than hot. It's steaming. It's quicksilver lightning with a laserbeam kicker. -- Michael Jay Tucker

Close