Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]

Christopher Faylor cgf-no-personal-reply-please@cygwin.com
Sun Feb 22 23:38:00 GMT 2004


On Sun, Feb 22, 2004 at 05:53:47PM -0500, Nicholas Wourms wrote:
>cgf wrote:
>
>>On Sun, Feb 22, 2004 at 04:27:06PM -0500, Nicholas Wourms wrote:
>>
>>>cgf wrote:
>>>
>>>>On Sun, Feb 22, 2004 at 07:39:49PM +0100, Andreas Seidl wrote:
>>>>
>>>>>However, a new problem might have popped up. Reading this thread
>>>>>http://www.cygwin.com/ml/cygwin/2004-02/msg01103.html
>>>>>
>>>>>I wonder if there are legal problems for RedHat to distribute the 
>>>>>ccrypt package?
>>>
>>>Next time, please keep it to yourself.
>>
>>
>>I'm sure you wouldn't enjoy it if Red Hat was taken to task for
>>something that could have been caught early, decided that cygwin wasn't
>>worth the hassle, and pulled it from sources.redhat.com.
>>
>
>No, I wouldn't, but I didn't intend on that being the only statement. 
>Consider this:  The gpg which we distribute contains the *exact* same 
>cipher, AES{128,192,256}, as ccrypt plus gpg also has twofish & 
>blowfish.


The last time I checked, those two were also considered 
>"strong" encryption ciphers.  Moreover, gpg can be used encrypt and 
>decrypt streams like ccrypt so, in a sense, they share similar 
>functionality.  That's where I see the disconnect.  Does this mean we 
>should ditch gpg as well or distribute a version with < 128bit ciphers? 
> Frankly, I don't see why we should disqualified ccrypt because someone 
>"thinks" it might be a problem.  Is it *really* a problem?
>
>By his standard, RedHat has been breaking the law for years now, which 
>leads me to conclude that either:
>A)The authorities don't care.
>B)Red Hat doesn't care.
>or
>C)RedHat already has filed the necessary paperwork to allow it to 
>distribute binaries with strong encryption.

Hmm.  I guess I haven't been as diligent as I should have been.  I've
pulled gnupg from the distribution.

>>But, hey, thanks for clarifying just whom I can trust to be watching out
>>for the project's interests.
>
>Hey, you certainly have a right to your opinion.  The reality is that I 
>was trying to paste some text and accidentally sent that message before 
>it was complete.

Yeah, isn't that always a convenient excuse?

>This reply contains some of the arguments I was planning on including
>in that message to debunk his theory.  Oh well, that's all water under
>the bridge, believe what you want to believe...  I suppose I'll never
>get a gold star now ;-).

Thanks.  I will certainly believe what i want to believe.  I'd have a
hard time not doing that, in fact.

cgf



More information about the Cygwin-apps mailing list