Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto

Posted by Soulskill on from the those-signatures-will-be-worth-a-lot-of-money-some-day dept.

ConstantineM writes "It's official: 'we are moving towards signed packages,' says Theo de Raadt on the misc@ mailing list. This is shortly after a new utility, signify, was committed into the base tree. The reason a new utility had to be written in the first place is that gnupg is too big to fit on the floppy discs, which are still a supported installation medium for OpenBSD. Signatures are based on the Ed25519 public-key signature system from D. J. Bernstein and co., and his public domain code once again appears in the base tree of OpenBSD, only a few weeks after some other DJB inventions made it into the nearby OpenSSH as well."

4 of 232 comments (clear)

  1. Very surprised that it took this long by ModernGeek · · Score: 4, Insightful

    I'm surprised that this wasn't implemented a long time ago. Even Windows has had signed code for quiet some time.

    --
    Sig: I stole this sig.
    1. Re:Very surprised that it took this long by Anonymous Coward · · Score: 5, Insightful

      I'm just bothered that such a decision was made based off of the arbitrary capacity of a floppy diskette. The Floppy-based installer should compensate by having it fit across multiple disks and stored into RAM, or some other solution. What's next? Something won't run on a machine with less than 8MB of RAM, so it will be shoved off?

    2. Re:Very surprised that it took this long by Kjella · · Score: 4, Insightful

      Theo is the same that he's been for the last 20 years, on the one hand he's militant about the BSD license which gives away all the code to multi-billion corporations then a giant crybaby when the same corporations take the code and give him nothing but a cold shoulder in return. Oddly enough he's managed to gather a small following which barely keeps OpenBSD alive, usually by threatening to shut down OpenSSH development which is their only true success but this is neither the first nor the last time he's making such ultimatums.

      If Linus is the benevolent dictator for life, Theo is the not-so-benevolent dictator for life. He started OpenBSD so he could run the show and any oppositition is harshly cut down. Don't argue with him about how the project's managed, what costs are necessary, everything is as Theo has decided it should be and he's only complaining that nobody is willing to fund his masterpiece. Your input is not wanted, just your wallet and he treats everyone from the smallest individual contributor to giant corporations the same. He's got balls of steel and an ego the size of a planet, but in the end he'll always be going around with a beggar's cup.

      --
      Live today, because you never know what tomorrow brings
  2. Re:Floppy disks? by gwolf · · Score: 5, Insightful

    No, it won't make much sense even with that in mind. Even less, in fact.

    Embedded systems are usually factory-installed. In the factory, they don't do the installs via floppies. Most OpenBSD installs today are done off their (very good!) CD-ROM media, or maybe even more, by USB.

    Floppy disks are used for a tiny percentage of installs (yes, even of *their* installs). Alright, they don't want to dump very old architectures that are known to work and have no other acceptable bood medium, but in the end... Basing the entire OS in the least common denominator takes a toll on the general usability of the system in everyday settings.