Re: To gnupg or not to gnupg ... (was Re: Assertion while pui-list-packages)
At 02:06 02/12/98 -0800, SL Baur wrote:
Speaking of PGP signatures, we're at a crossroads. Future builds
for
distribution will be occurring on a server that is owned by a Japanese
company but operated on United States soil. This might make usage of
US domestic PGP problematic. Any encryption that is US exportable is
unacceptable.
It is possible to use gnupg instead, which at least bypasses the
rsaref licensing issue, however the signatures generated by gnupg are
incompatible with PGP 2.6 (which is what we're using now).
I know what John Martin thinks about this. Any other comments? At
this time I'm strongly in favor of moving forward to gnupg.
Sounds ok to me. If people really care about checking the signature (and I
don't) then they will make sure they have the right version installed.
andy
---------------------------------------------------------------------------
" .sigs are like your face - rarely seen by you and uglier than you think"
Dr Andy Piper, Technical Architect, Parallax Solutions Ltd
mail: andyp(a)parallax.co.uk web: www.parallax.co.uk/~andyp