Chris Abbey wrote:
>
> >sorry for my ignorance, but aren't PGP signatures included in every RPM ?
> >I think when you are installing the rpm the rpm verifies the signature.
>
> every RPM *can* be PGP signed... not all are.
> rpm *can* verify the signature of a signed RPM, *IFF* you have pgp installed,
> and ask it to do so. Redhat does not ship PGP; that's what hpa meant by having
> to download it yourself.
>
> >I am missing something ?
> >
> >Is GnuPG the solution of the US export-control problems ?
>
> You mean GnuPGP? if it can be obtained outside the US, and it can perform
> the same level of verification as pgp can inside the US, then yeah I don't
> see why not.
>
It can -- but it isn't the solution, just a workaround for the U.S.
censorship. The real solution would let RedHat ship it on their CDs.
GnuPG (not GnuPGP) is in a lot better position, though -- it's produced
outside the U.S., and is still legal (no patent issues) within the U.S.,
so one program can be used anywhere.
-hpa
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
