This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Possible legal problem with ccrypt? [Was: Re: Pending PackagesList, 2004-02-13]


No, I wouldn't, but I didn't intend on that being the only statement. Consider this: The gpg which we distribute contains the *exact* same cipher, AES{128,192,256}, as ccrypt plus gpg also has twofish & blowfish.

The last time I checked, those two were also considered


"strong" encryption ciphers. Moreover, gpg can be used encrypt and decrypt streams like ccrypt so, in a sense, they share similar functionality. That's where I see the disconnect. Does this mean we should ditch gpg as well or distribute a version with < 128bit ciphers? Frankly, I don't see why we should disqualified ccrypt because someone "thinks" it might be a problem. Is it *really* a problem?

By his standard, RedHat has been breaking the law for years now, which leads me to conclude that either:
A)The authorities don't care.
B)Red Hat doesn't care.
or
C)RedHat already has filed the necessary paperwork to allow it to distribute binaries with strong encryption.

Hmm. I guess I haven't been as diligent as I should have been. I've pulled gnupg from the distribution.

Hmm, I had the 1.2.4 version ready for a while, but forgot to mention it.

Now it's too late. Anyone here with a bit web/ftp space to host the cygwin package? (Preferably in europe?)

Volker
(Former cygwin gnupg mainainer)

--
PGP/GPG key  (ID: 0x9F8A785D)  available  from  wwwkeys.de.pgp.net
key-fingerprint 550D F17E B082 A3E9 F913  9E53 3D35 C9BA 9F8A 785D

Attachment: pgp00000.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]