This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

gnupg gone? [Was Re: Possible legal problem with ccrypt?]


On Sun, 22 Feb 2004, Christopher Faylor wrote:

> On Sun, Feb 22, 2004 at 05:53:47PM -0500, Nicholas Wourms wrote:
> >cgf wrote:
> >
> >>I'm sure you wouldn't enjoy it if Red Hat was taken to task for
> >>something that could have been caught early, decided that cygwin wasn't
> >>worth the hassle, and pulled it from sources.redhat.com.
> >
> >No, I wouldn't, but I didn't intend on that being the only statement.
> >Consider this:  The gpg which we distribute contains the *exact* same
> >cipher, AES{128,192,256}, as ccrypt plus gpg also has twofish &
> >blowfish.  The last time I checked, those two were also considered
> >"strong" encryption ciphers.  Moreover, gpg can be used encrypt and
> >decrypt streams like ccrypt so, in a sense, they share similar
> >functionality.  That's where I see the disconnect.  Does this mean we
> >should ditch gpg as well or distribute a version with < 128bit ciphers?
> >Frankly, I don't see why we should disqualified ccrypt because someone
> >"thinks" it might be a problem.  Is it *really* a problem?
> >
> >By his standard, RedHat has been breaking the law for years now, which
> >leads me to conclude that either:
> >A)The authorities don't care.
> >B)Red Hat doesn't care.
> >or
> >C)RedHat already has filed the necessary paperwork to allow it to
> >distribute binaries with strong encryption.
>
> Hmm.  I guess I haven't been as diligent as I should have been.  I've
> pulled gnupg from the distribution.

Whoops...  Good thing we left the package signing option in the
generic-build-script disabled by default...  Would have been hard to
explain all the error messages to new package maintainers. :-)

I wonder, though (IANAL, and this may be heavily OT): does any of this
paperwork need to be filed for distributing pure source code for strong
encryption?  If not, I have an idea that might just work, but I'd like to
hear an answer first.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]