The MPEx Bitcoin stock exchange (run by Mircea Popescu) is listed on the significant contributors page.
Also, according to Bob Beck, director of OpenBSD Foundation, 100k has been raised so far; their target goal for 2014 fundraising is 150k:
For what it's worth, it would seem like [a different kind of?] a package signature system was actually supported since 2010, it's just that the official packages were never signed.
http://www.openbsd.org/faq/faq15.html#PkgSig
Revision 1.71:
Sat Jul 17 09:02:47 2010 UTC (3 years, 6 months ago) by ajacoutot
Changes since revision 1.70: +65 -1 lines
Add a "Package signatures" section to teach people how to create and use
signed packages. Still opened for enhancement but all info is there now.
http://openbsd.org/faq/faq15.html#Ports
"Everyone is encouraged to use the pre-compiled binary packages."
And why would you do that? Going that way you're easily MITM'ed.
Can you give some better reason than 'everyone does it'?
Why exactly would you prefer an insecure transmission channel over a reasonably secure one, for the software you install? How does that even remotely fit the OpenBSD mindset?
Maybe it doesn't, but that's not a good reason to claim of a widespread practice, "in OpenBSD land", that's completely foreign to anyone actually familiar with OpenBSD.
I repeat: I don't know of anyone who compiles software from ports all the time (besides, that's not that much more secure, since the ports tree itself isn't signed, either). A `pkg_add` from a nearby mirror is what gets things done for the vast majority of people. Many mirrors are run by developers; personally, I wouldn't use any mirror that wasn't; and yes, especially in light of the recent revelations, this does leave some room for a Government-in-the-Middle attack, which is probably exactly the reason of why this won't be as it was anymore.
Using binary package is just considered not the right way to do things, in OpenBSD land.
Entirely false. Binary packages, installed with pkg_add from a nearby mirror, has been the recommended way to install ports for as long as I remember (I've been a user for some 10 years, and a developer, too). I've never heard of anyone compiling packages directly from ports in OpenBSD. Not even the developers, unless they're port developers, that is.
Even for the kernel itself, it is highly recommended for non-developers to only run the binary snapshots.
Unless one is tracking the stable branch, which has no official binary builds, then compiling from source tree is only ever advised for the developers.
On i386, OpenBSD 5.4 can be installed from either one of the 3 floppies:
%ftp ftp://ftp.nluug.nl/pub/OpenBSD/5.4/i386/
ftp> ls floppy*
150 Here comes the directory listing.
-rw-r--r-- 1 500 450 1474560 Jul 30 18:27 floppy54.fs
-rw-r--r-- 1 500 450 1474560 Jul 30 18:27 floppyB54.fs
-rw-r--r-- 1 500 450 1474560 Jul 30 18:27 floppyC54.fs
226 Directory send OK.
Which one do you use? You'd have to see which one supports your hardware, which is documented in the INSTALL.i386 file, generated from src/distrib/notes/i386/hardware, amongst other files:
Drivers for hardware marked with [A] are NOT included in floppy A.
Drivers for hardware marked with [B] are NOT included in floppy B.
Drivers for hardware marked with [C] are NOT included in floppy C.
In summary, it would seem like OpenBSD is only intended to be boot-strapped from a floppy (e.g. to fetch the rest of the files from the network), and from a single floppy at that. So, even with the licence aside, including something like gnupg is indeed unrealistic and cumbersome.
Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall