[jlgaddis]

> ... I'm not sure if I can trust them.

Might I suggest looking into who it is at M-Tier that's producing these packages? It's not just some random third-party.

FWIW, the openup tool makes things extremely easy and it certainly doesn't "involves lots of time". Run "openup -c" from a cronjob and, when you get an e-mail saying there are updates available, log in and run "openup". Kick off a reboot if the kernel/base was updated and you're good.

I run several OpenBSD boxes in production. Don't let this be what stops you.

[saean]

The idea that we outsiders have to research mtier to decide that it's not very much of a third party after all is just odd.

I don't want to seem adversarial, and I want to like openbsd, but it's hard.

[toyg]

I said it before: if the people running mtier and openbsd are basically the same, the fact that they are different organizations invites speculation as to why that might be the case. In the spirit of trust and full-disclosure, it would be good if this situation were made transparent. At the moment there's a lot of "these packages are not blessed but they're from the same people wink-wink-nudge-nudge".

Nobody else does this, not even small distributions, and tbh the excuses are really thin - especially for a project so committed to security and transparency.