On 2023-08-28 00:07, Taylor R Campbell wrote:
Date: Sat, 26 Aug 2023 16:06:39 +0200 From: Johnny Billquist <bqt%softjar.se@localhost> Even worse - we are then getting into territory where old releases might accept bad certificates, since they use SSL and have trust anchors and so on. But once those get compromised, these old releases/installers are suddenly not safe anymore.This is not worse than the status quo, which is that the old (and current!) releases/installers are _already_ not safe from a MITM on the network when fetching sets over the network from netbsd.org.
Well. I would argue that it is worse, since this might make people think they are safe, while previously it was clearly not the case.
The promise is a (the) difference.
Also, if you're doing public-key crypto - for anything - in the installers, this will drastically, I am tempted to say catastrophically, slow down installation on low-end machines, like a MicroVAX-II or Sun-3. (Of course, NetBSD might be fine with that. I just think it should be at least thought about.)It will be worse than horrible...Can you please follow the same instructions I sent to Mouse to help me gauge possible performance impacts on the low-end machines you care about? https://mail-index.netbsd.org/tech-install/2023/08/27/msg000700.html
If Mouse don't beat me to it, I'll try to eventually get to it. As far as VAXen go, I do har a fairly fast one where I am, but it's still going to be slow by todays standard (it's a 4000/90 with 128M of memory). But it's usually not up and running.
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt%softjar.se@localhost || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol