Re: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Volker Quetschke wrote: | http://www.scytek.de/cygwin/release/gnupg/setup.hint | http://www.scytek.de/cygwin/release/gnupg/gnupg-1.2.4-1.tar.bz2 | http://www.scytek.de/cygwin/release/gnupg/gnupg-1.2.4-1-src.tar.bz2 version: 1.2.4-1 install: release/gnupg/gnupg-1.2.4-1.tar.bz2 1069953 3dbda86bf20b3965e70e2d6bab47f3c9 source: release/gnupg/gnupg-1.2.4-1-src.tar.bz2 2419600 4de8131f05fc2c7b53a58b2c49bdc44c [prev] version: 1.2.2-3 install: release/gnupg/gnupg-1.2.2-3.tar.bz2 985280 dd913d7652807e0b72c1229bd5ad282f source: release/gnupg/gnupg-1.2.2-3-src.tar.bz2 3261728 100770ae4a9b443108902e373ccee55a Oh, quite a decrease, in binary file size! 0_o - -- L a p o L u c h i n i l a p o @ l a p o . i t w w w . l a p o . i t / http://www.megatokyo.it -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkA8vNwACgkQaJiCLMjyUvsLJACgm8sMyFsNMmh/JCkq/gcXHdi0 43kAn1tAZD8wfwsW3vU0N5PExOcg+Q99 =hsP9 -END PGP SIGNATURE-
Re: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
Hmm, I had the 1.2.4 version ready for a while, but forgot to mention it. I was asked for the links, here they are: Changes since version 1.2.2-3: * New upstream version NOTES - You find build instructions for a windows native executable (MinGW) after unpacking the source (see gnupg.README for details) in: /usr/src/gnupg-1.2.4-X/CYGWIN-PATCHES/gnupg.MinGW.README The source package contains the original's package detached gpg signature of the author and detached signatures of the patch file and the build/packaging script signed by me. Here are the URLs: http://www.scytek.de/cygwin/release/gnupg/setup.hint http://www.scytek.de/cygwin/release/gnupg/gnupg-1.2.4-1.tar.bz2 http://www.scytek.de/cygwin/release/gnupg/gnupg-1.2.4-1-src.tar.bz2 Volker -- PGP/GPG key (ID: 0x9F8A785D) available from wwwkeys.de.pgp.net key-fingerprint 550D F17E B082 A3E9 F913 9E53 3D35 C9BA 9F8A 785D pgp0.pgp Description: PGP signature
Re: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
Volker Quetschke wrote: Hmm, I had the 1.2.4 version ready for a while, but forgot to mention it. Now it's too late. Anyone here with a bit web/ftp space to host the cygwin package? (Preferably in europe?) Volker (Former cygwin gnupg mainainer) Feel free to post the links or to email me the packages and the setup.hint file. For some time, I can put them on a server in Germany. Andreas. (Almost future cygwin ccrypt maintainer)
Re: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
Volker Quetschke wrote: Now it's too late. Anyone here with a bit web/ftp space to host the cygwin package? (Preferably in europe?) I guess the nice guts at gnupg.org would be happy to host a /cygwin/ directory in their FTP and put in the web page: cygwin users out there can just add this source to they setup.exe to continue use gnupg (of course we'd have to create setup.ini also, but that is not a problem at all, for a single package...) Anyway, I guess we're a bit OT here, now... =( BTW: if you could also send me the source package by email I'd like to install it ;-) -- L a p o L u c h i n i l a p o @ l a p o . i t w w w . l a p o . i t / http://www.megatokyo.it
RE: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
Christopher Faylor wrote on Monday, February 23, 2004 12:38 AM: Hmm. I guess I haven't been as diligent as I should have been. I've pulled gnupg from the distribution. Wouldn't this be a candidate for a source only distrubution with a postbuild script that complies and installs the package ? Regards, Jörg
Re: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
Andreas Seidl schrieb: Volker Quetschke wrote: Now it's too late. Anyone here with a bit web/ftp space to host the cygwin package? (Preferably in europe?) Feel free to post the links or to email me the packages and the setup.hint file. For some time, I can put them on a server in Germany. And please the zip und unzip packages with en-/decryption also. I also have enough space available. (disabled anonymous FTP, HTTP only) -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/
RE: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
On Mon, 23 Feb 2004, Jörg Schaible wrote: Christopher Faylor wrote on Monday, February 23, 2004 12:38 AM: Hmm. I guess I haven't been as diligent as I should have been. I've pulled gnupg from the distribution. Wouldn't this be a candidate for a source only distrubution with a postbuild script that complies and installs the package ? Regards, Jörg FWIW, that's basically what I was thinking about in http://cygwin.com/ml/cygwin-apps/2004-02/msg00233.html. Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_[EMAIL PROTECTED] ZZZzz /,`.-'`'-. ;-;;,_[EMAIL PROTECTED] |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D. '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! I have since come to realize that being between your mentor and his route to the bathroom is a major career booster. -- Patrick Naughton
RE: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
Igor Pechtchanski wrote on Monday, February 23, 2004 2:29 PM: On Mon, 23 Feb 2004, Jörg Schaible wrote: Wouldn't this be a candidate for a source only distrubution with a postbuild script that complies and installs the package ? Regards, Jörg FWIW, that's basically what I was thinking about in http://cygwin.com/ml/cygwin-apps/2004- 02/msg00233.html. Igor Welcome to Gentoo :)
Re: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
On Sun, Feb 22, 2004 at 07:39:49PM +0100, Andreas Seidl wrote: However, a new problem might have popped up. Reading this thread http://www.cygwin.com/ml/cygwin/2004-02/msg01103.html I wonder if there are legal problems for RedHat to distribute the ccrypt package? You're right. There are. That means this package is removed from consideration. Sorry. cgf
Re: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
cgf wrote: On Sun, Feb 22, 2004 at 07:39:49PM +0100, Andreas Seidl wrote: However, a new problem might have popped up. Reading this thread http://www.cygwin.com/ml/cygwin/2004-02/msg01103.html I wonder if there are legal problems for RedHat to distribute the ccrypt package? Andreas, Next time, please keep it to yourself. Cheers, Nicholas
Re: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
On Sun, Feb 22, 2004 at 04:27:06PM -0500, Nicholas Wourms wrote: cgf wrote: On Sun, Feb 22, 2004 at 07:39:49PM +0100, Andreas Seidl wrote: However, a new problem might have popped up. Reading this thread http://www.cygwin.com/ml/cygwin/2004-02/msg01103.html I wonder if there are legal problems for RedHat to distribute the ccrypt package? Next time, please keep it to yourself. I'm sure you wouldn't enjoy it if Red Hat was taken to task for something that could have been caught early, decided that cygwin wasn't worth the hassle, and pulled it from sources.redhat.com. But, hey, thanks for clarifying just whom I can trust to be watching out for the project's interests.
Re: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
cgf wrote: On Sun, Feb 22, 2004 at 04:27:06PM -0500, Nicholas Wourms wrote: cgf wrote: On Sun, Feb 22, 2004 at 07:39:49PM +0100, Andreas Seidl wrote: However, a new problem might have popped up. Reading this thread http://www.cygwin.com/ml/cygwin/2004-02/msg01103.html I wonder if there are legal problems for RedHat to distribute the ccrypt package? Next time, please keep it to yourself. I'm sure you wouldn't enjoy it if Red Hat was taken to task for something that could have been caught early, decided that cygwin wasn't worth the hassle, and pulled it from sources.redhat.com. No, I wouldn't, but I didn't intend on that being the only statement. Consider this: The gpg which we distribute contains the *exact* same cipher, AES{128,192,256}, as ccrypt plus gpg also has twofish blowfish. The last time I checked, those two were also considered strong encryption ciphers. Moreover, gpg can be used encrypt and decrypt streams like ccrypt so, in a sense, they share similar functionality. That's where I see the disconnect. Does this mean we should ditch gpg as well or distribute a version with 128bit ciphers? Frankly, I don't see why we should disqualified ccrypt because someone thinks it might be a problem. Is it *really* a problem? By his standard, RedHat has been breaking the law for years now, which leads me to conclude that either: A)The authorities don't care. B)Red Hat doesn't care. or C)RedHat already has filed the necessary paperwork to allow it to distribute binaries with strong encryption. But, hey, thanks for clarifying just whom I can trust to be watching out for the project's interests. Hey, you certainly have a right to your opinion. The reality is that I was trying to paste some text and accidentally sent that message before it was complete. This reply contains some of the arguments I was planning on including in that message to debunk his theory. Oh well, that's all water under the bridge, believe what you want to believe... I suppose I'll never get a gold star now ;-). Cheers, Nicholas [1] The output of `gpg --help`: Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB
Re: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
On Sun, Feb 22, 2004 at 05:53:47PM -0500, Nicholas Wourms wrote: cgf wrote: On Sun, Feb 22, 2004 at 04:27:06PM -0500, Nicholas Wourms wrote: cgf wrote: On Sun, Feb 22, 2004 at 07:39:49PM +0100, Andreas Seidl wrote: However, a new problem might have popped up. Reading this thread http://www.cygwin.com/ml/cygwin/2004-02/msg01103.html I wonder if there are legal problems for RedHat to distribute the ccrypt package? Next time, please keep it to yourself. I'm sure you wouldn't enjoy it if Red Hat was taken to task for something that could have been caught early, decided that cygwin wasn't worth the hassle, and pulled it from sources.redhat.com. No, I wouldn't, but I didn't intend on that being the only statement. Consider this: The gpg which we distribute contains the *exact* same cipher, AES{128,192,256}, as ccrypt plus gpg also has twofish blowfish. The last time I checked, those two were also considered strong encryption ciphers. Moreover, gpg can be used encrypt and decrypt streams like ccrypt so, in a sense, they share similar functionality. That's where I see the disconnect. Does this mean we should ditch gpg as well or distribute a version with 128bit ciphers? Frankly, I don't see why we should disqualified ccrypt because someone thinks it might be a problem. Is it *really* a problem? By his standard, RedHat has been breaking the law for years now, which leads me to conclude that either: A)The authorities don't care. B)Red Hat doesn't care. or C)RedHat already has filed the necessary paperwork to allow it to distribute binaries with strong encryption. Hmm. I guess I haven't been as diligent as I should have been. I've pulled gnupg from the distribution. But, hey, thanks for clarifying just whom I can trust to be watching out for the project's interests. Hey, you certainly have a right to your opinion. The reality is that I was trying to paste some text and accidentally sent that message before it was complete. Yeah, isn't that always a convenient excuse? This reply contains some of the arguments I was planning on including in that message to debunk his theory. Oh well, that's all water under the bridge, believe what you want to believe... I suppose I'll never get a gold star now ;-). Thanks. I will certainly believe what i want to believe. I'd have a hard time not doing that, in fact. cgf
Re: Possible legal problem with ccrypt? [Was: Re: Pending Packages List, 2004-02-13]
No, I wouldn't, but I didn't intend on that being the only statement. Consider this: The gpg which we distribute contains the *exact* same cipher, AES{128,192,256}, as ccrypt plus gpg also has twofish blowfish. The last time I checked, those two were also considered strong encryption ciphers. Moreover, gpg can be used encrypt and decrypt streams like ccrypt so, in a sense, they share similar functionality. That's where I see the disconnect. Does this mean we should ditch gpg as well or distribute a version with 128bit ciphers? Frankly, I don't see why we should disqualified ccrypt because someone thinks it might be a problem. Is it *really* a problem? By his standard, RedHat has been breaking the law for years now, which leads me to conclude that either: A)The authorities don't care. B)Red Hat doesn't care. or C)RedHat already has filed the necessary paperwork to allow it to distribute binaries with strong encryption. Hmm. I guess I haven't been as diligent as I should have been. I've pulled gnupg from the distribution. Hmm, I had the 1.2.4 version ready for a while, but forgot to mention it. Now it's too late. Anyone here with a bit web/ftp space to host the cygwin package? (Preferably in europe?) Volker (Former cygwin gnupg mainainer) -- PGP/GPG key (ID: 0x9F8A785D) available from wwwkeys.de.pgp.net key-fingerprint 550D F17E B082 A3E9 F913 9E53 3D35 C9BA 9F8A 785D pgp0.pgp Description: PGP signature