
It is exactly what you'd expect from OpenBSD now unfortunately - smitherfield
https://lwn.net/Articles/688658/
======
bsdbear
Half of the article is sensationalist and bashes OpenBSD for bashing's sake.
The devs are right about 90% of the time; they'd rather do something right
than jump on the bandwagon and ride the hype off the cliff.

Yes, that's exactly what you'd expect from OpenBSD, now, in the past, and
hopefully for many more years in the future. Years and years and only two
remote holes.

Thank you OpenBSD!

------
RaleyField
OpenBSD is a bit bipolar. The rationale behind http was that since CAs
demonstrated[1] that every CA can't do their job all the time it was more
appropriate to let users use other methods of authenticating their installs.
So you are supposed to check hashes via different networks, ask other people
to verify hashes, etc. Many people though just want isos and don't care if
it's coming from a source that works only 99.999% of the time so now they got
that.

GPG is also way over-engineered for its most common use case, so signify was
made to unburden existing OpenBSD users from unnecessary risks. But again it
wouldn't hurt them if they signed isos with both GPG and signify. It's not
like Linux isn't without a laundry list of faults though.

[1][https://en.wikipedia.org/wiki/DigiNotar](https://en.wikipedia.org/wiki/DigiNotar)

------
egwynn
tl;dr: article on linux news site criticizes bsd

