OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto

ConstantineM writes "It's official: 'we are moving towards signed packages,' says Theo de Raadt on the misc@ mailing list. This is shortly after a new utility, signify, was committed into the base tree. The reason a new utility had to be written in the first place is that gnupg is too big to fit on the floppy discs, which are still a supported installation medium for OpenBSD. Signatures are based on the Ed25519 public-key signature system from D. J. Bernstein and co., and his public domain code once again appears in the base tree of OpenBSD, only a few weeks after some other DJB inventions made it into the nearby OpenSSH as well."

Re:Very surprised that it took this long

I'm just bothered that such a decision was made based off of the arbitrary capacity of a floppy diskette. The Floppy-based installer should compensate by having it fit across multiple disks and stored into RAM, or some other solution. What's next? Something won't run on a machine with less than 8MB of RAM, so it will be shoved off?

Re:Floppy disks?

[gwolf]

No, it won't make much sense even with that in mind. Even less, in fact.

Embedded systems are usually factory-installed. In the factory, they don't do the installs via floppies. Most OpenBSD installs today are done off their (very good!) CD-ROM media, or maybe even more, by USB.

Floppy disks are used for a tiny percentage of installs (yes, even of *their* installs). Alright, they don't want to dump very old architectures that are known to work and have no other acceptable bood medium, but in the end... Basing the entire OS in the least common denominator takes a toll on the general usability of the system in everyday settings.