This is the mail archive of the
cygwin-apps@cygwin.com
mailing list for the Cygwin project.
Re: Possible legal problem with ccrypt? [Was: Re: Pending PackagesList, 2004-02-13]
cgf wrote:
On Sun, Feb 22, 2004 at 04:27:06PM -0500, Nicholas Wourms wrote:
cgf wrote:
On Sun, Feb 22, 2004 at 07:39:49PM +0100, Andreas Seidl wrote:
However, a new problem might have popped up. Reading this thread
http://www.cygwin.com/ml/cygwin/2004-02/msg01103.html
I wonder if there are legal problems for RedHat to distribute the ccrypt
package?
Next time, please keep it to yourself.
I'm sure you wouldn't enjoy it if Red Hat was taken to task for
something that could have been caught early, decided that cygwin wasn't
worth the hassle, and pulled it from sources.redhat.com.
No, I wouldn't, but I didn't intend on that being the only statement.
Consider this: The gpg which we distribute contains the *exact* same
cipher, AES{128,192,256}, as ccrypt plus gpg also has twofish &
blowfish. The last time I checked, those two were also considered
"strong" encryption ciphers. Moreover, gpg can be used encrypt and
decrypt streams like ccrypt so, in a sense, they share similar
functionality. That's where I see the disconnect. Does this mean we
should ditch gpg as well or distribute a version with < 128bit ciphers?
Frankly, I don't see why we should disqualified ccrypt because someone
"thinks" it might be a problem. Is it *really* a problem?
By his standard, RedHat has been breaking the law for years now, which
leads me to conclude that either:
A)The authorities don't care.
B)Red Hat doesn't care.
or
C)RedHat already has filed the necessary paperwork to allow it to
distribute binaries with strong encryption.
But, hey, thanks for clarifying just whom I can trust to be watching out
for the project's interests.
Hey, you certainly have a right to your opinion. The reality is that I
was trying to paste some text and accidentally sent that message before
it was complete. This reply contains some of the arguments I was
planning on including in that message to debunk his theory. Oh well,
that's all water under the bridge, believe what you want to believe...
I suppose I'll never get a gold star now ;-).
Cheers,
Nicholas
[1] The output of `gpg --help`:
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256
Compression: Uncompressed, ZIP, ZLIB