On Thu, Dec 14, 2000 at 08:17:29AM -0800, [EMAIL PROTECTED] muttered:
> On Thu, Dec 14, 2000 at 05:48:30AM -0700, Charles Curley wrote:
> >
> > One reason is security. GPG is free software, PGP is captive. This means
> > you can get the GPG source, read it and compile it for yourself.
>
> What? PGP source code has always been available. The source for PGP
> 6.5.8 can be downloaded from http://www.pgpi.org
Quite so, and I have already acknowledged this in a previous email.
>
> [...]
>
> > To paraphrase Eric Raymond's dictum in The Cathedral and the Bazaar, given
> > enough eyeballs, all security holes are shallow. And GPG has had far more
> > eyeballs go over it than recent versions of PGP.
>
> Perhaps. If the goal is to use source that has been examined by many
> people over the years, PGP 2.6.3i is a good choice.
>
> The German government has given a grant to GPG. Would you trust PGP
> if it were funded by the American government? Is there some reason
> to believe the German government isn't just as interested in reading
> your private mail as the US government is?
I trust no government any further than I can throw it. I am aware of the
German government grant, as it is described on the GPG web site. Indeed,
as webmaster for the Wyoming Libertarian Party, I posted a link to the GPG
web site, with an appropriate
warning. (http://www.geocities.com/wyolp/more.links.html#TOC91)
As a technical issue, free software, regardless of who funded it, is less
likely to have a security hole, back door or otherwise, than captive
software, regardless of who funded it.
I don't know the terms of the German grant to the FSF for funding GPG;
perhaps the test is on their web site (but, alas, I am not literate in
German). Nor do I know whether those GNUisances at the FSF have honored it
in its entirety.
But I have sufficient experience in American secret military and NSA "Top
Secret -- Burn Before Reading" type work to guess at the terms of such a
grant from the US government, and again sufficient experience with US
companies doing that sort of work to guess their response.
Is the German government just as much a police state as the US? I'm not
sure, but I suspect that -- in spite of their Orwellian ban on teaching
the history of Germany in the 1930s and 1940s and other evidence -- they
are not.
>
> Understand, I'm not saying the German government has a nefarious
> motive for the grant to GPG, but if the US government did the same
> the rumors of back doors would be much more rampant than they are.
And possibly such rumors would be justified.
On the other tentacle, perhaps the German government funded the
development of GPG because they were worried about the American government
reading their email? But didn't want to say so publicly?
>
> --
> "They have computers, and they may have other weapons of mass
> destruction." --Janet Reno, US Attorney General, 2.27.98
>
Quite.
--
-- C^2
No windows were crashed in the making of this email.
Looking for fine software and/or web pages?
http://w3.trib.com/~ccurley
PGP signature
