To gnupg or not to gnupg ... (was Re: Assertion while pui-list-packages)

Wednesday, 2 December 1998

        Speaking of PGP signatures, we're at a crossroads.  Future builds for
distribution will be occurring on a server that is owned by a Japanese
company but operated on United States soil.  This might make usage of
US domestic PGP problematic.  Any encryption that is US exportable is
unacceptable.

It is possible to use gnupg instead, which at least bypasses the
rsaref licensing issue, however the signatures generated by gnupg are
incompatible with PGP 2.6 (which is what we're using now).

I know what John Martin thinks about this.  Any other comments?  At
this time I'm strongly in favor of moving forward to gnupg.

Norbert Koch <n.koch(a)delta-ii.de&gt; writes in xemacs-beta(a)xemacs.org:
 ...
...
 Signaling: (error "Package-get PGP signature failed to
verify") 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

To gnupg or not to gnupg ... (was Re: Assertion while pui-list-packages)