Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
Volker Quetschke
quetschke@scytek.de
Mon Feb 23 02:23:00 GMT 2004
>>No, I wouldn't, but I didn't intend on that being the only statement.
>>Consider this: The gpg which we distribute contains the *exact* same
>>cipher, AES{128,192,256}, as ccrypt plus gpg also has twofish &
>>blowfish.
>
> The last time I checked, those two were also considered
>
>>"strong" encryption ciphers. Moreover, gpg can be used encrypt and
>>decrypt streams like ccrypt so, in a sense, they share similar
>>functionality. That's where I see the disconnect. Does this mean we
>>should ditch gpg as well or distribute a version with < 128bit ciphers?
>>Frankly, I don't see why we should disqualified ccrypt because someone
>>"thinks" it might be a problem. Is it *really* a problem?
>>
>>By his standard, RedHat has been breaking the law for years now, which
>>leads me to conclude that either:
>>A)The authorities don't care.
>>B)Red Hat doesn't care.
>>or
>>C)RedHat already has filed the necessary paperwork to allow it to
>>distribute binaries with strong encryption.
>
> Hmm. I guess I haven't been as diligent as I should have been. I've
> pulled gnupg from the distribution.
Hmm, I had the 1.2.4 version ready for a while, but forgot to mention
it.
Now it's too late. Anyone here with a bit web/ftp space to host the
cygwin package? (Preferably in europe?)
Volker
(Former cygwin gnupg mainainer)
--
PGP/GPG key (ID: 0x9F8A785D) available from wwwkeys.de.pgp.net
key-fingerprint 550D F17E B082 A3E9 F913 9E53 3D35 C9BA 9F8A 785D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 254 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-apps/attachments/20040223/692e0f39/attachment.sig>
More information about the Cygwin-apps
mailing list