According to Michael Graff:
>
>Without a cool public key system, where NetBSD Foundation, Inc
>binaries could be signed and distributed (and presumably trusted) I
>don't know why, other than for experimentation, this would be used...
>

Maybe I am being a bit simplistic here but isn't the MD5 signatures
available from the ftp server good enough to assure some level of
trust that the distribution has not been tampered with?  (yes,
assuming the files has not been tampered with on the ftp server) Or
are you suggesting a service should be set up where the signatures can
be encrypted with a public key and forwarded to the requestor for
decryption?

What I was looking to do was to plug some of the standard script
kiddie tricks such as loading trojan horses (can be fixed with
immutable) and running network sniffers.  I believed that having a
validation of the TCB via a cryptographically strong method (I believe
md5 is one) was a nicety - saves running tripwire or the like over the
binaries since they are handled automatically.

-- 
===============================================================================
Brett Lymn, Computer Systems Administrator, British Aerospace Australia
===============================================================================