Release sets, packages and patches are signed

A long wished for development, OpenBSD now has signed packages courtesy of signify(1) (SIGN and veriFY).

Your pre-OpenBSD 5.5 does not have the public keys for the release, you can fetch them from your local mirror before install.

There is still the SHA256 (if you want, fetch from other mirror, compare), do your own sha256 sums, see that they match

After install you'll have the keys in /etc/signify for verification.