Comment Re:I'm suprised... (Score 1) 574
Bzzzzt. Wrong.
Many systems (to my personal experience, FreeBSD and Gentoo), check all downloaded packages against an MD5 sum that was set by the port/package maintainer. So even if this person had changed the signature on the openbsd site, any installations of openssh on at least these operating systems would have mysteriously failed with a signature mismatch.
Many systems (to my personal experience, FreeBSD and Gentoo), check all downloaded packages against an MD5 sum that was set by the port/package maintainer. So even if this person had changed the signature on the openbsd site, any installations of openssh on at least these operating systems would have mysteriously failed with a signature mismatch.
