Re: To gnupg or not to gnupg ... (was Re: Assertion while pui-list-packages)

N J Doye <nic(a)niss.ac.uk&gt; writes in xemacs-beta(a)xemacs.org: -> Still though I think switching to GnuPG should be delayed, its -> installed based is simply too small. It may be a choice of gnupg or nothing. I'm not signing anything with US exportable ``encryption'' and that may be the only kind of Zimmerman PGP we can get running on the box where signatures will be made. It is on US soil, but owned and operated by a Japanese company. Why am I not surprised? tiger.c utterly fails to compile on BSDI. Can you build if you do something like: make gnupg_extensions= Once I did manage to get it built (and after generating a secure key on a Linux box with /dev/random and importing it to the BSDI box) it spits this at me when stuff is signed: gpg (GnuPG) 0.4.4; Copyright (C) 1998 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg: Warning: using insecure memory! Reading passphrase from file descriptor 0 You need a passphrase to unlock the secret key for user: "XEmacs Distribution Builder (Key used for signing XEmacs distributions) <xemacs-dist(a)xemacs.org&gt;&quot; (1024-bit DSA key, ID DCF80B6B, created 1998-12-04) gpg: WARNING: using insecure random number generator!! The random number generator is only a kludge to let it compile - it is in no way a strong RNG! DON'T USE ANY DATA GENERATED BY THIS PROGRAM!! Um, what does having a weak RNG have to do with signing with a key generated with a strong RNG?