Re: pgp in Debian: obsolete?

On Thu, Aug 12, 2004 at 11:20:28PM +0200, Florian Weimer wrote: >> Quoting Florian Weimer ([EMAIL PROTECTED]): >> Just out of curiosity, are there now, or have there been in the >> past, any _other_ implementations of the OpenPGP spec, besides >> GnuPG? > GnuPG is not a complete implementation of

Re: pgp in Debian: obsolete?

On Tue, Aug 10, 2004 at 02:51:19PM -0700, Rick Moen wrote: > Quoting Ian Beckwith ([EMAIL PROTECTED]): > > > Do you have links to documentation of these issues or where to get the > > pirated versions? How pirated/illegal are they? > > > > License permitting, I could maybe take patches from them.

Re: pgp in Debian: obsolete?

* Rick Moen: > Quoting Florian Weimer ([EMAIL PROTECTED]): > >> I once worked on an OpenPGP implementation vulnerability matrix, but >> this topic isn't very interesting anymore. For me at least, there's >> just GnuPG. > > Just out of curiosity, are there now, or have there been in the past, > an

Re: pgp in Debian: obsolete?

Quoting Florian Weimer ([EMAIL PROTECTED]): > I once worked on an OpenPGP implementation vulnerability matrix, but > this topic isn't very interesting anymore. For me at least, there's > just GnuPG. Just out of curiosity, are there now, or have there been in the past, any _other_ implementations

Re: pgp in Debian: obsolete?

Quoting Florian Weimer ([EMAIL PROTECTED]): > * Henrique de Moraes Holschuh: > > >> Why non-free? The code is available under a DFSG-free copyright > >> license. > > > > The one I have here isn't, but if you have one that is entirely DFSG-free, > > that's much better. > > An older version is ava

Re: pgp in Debian: obsolete?

* Henrique de Moraes Holschuh: >> Why non-free? The code is available under a DFSG-free copyright >> license. > > The one I have here isn't, but if you have one that is entirely DFSG-free, > that's much better. An older version is available from:

Re: pgp in Debian: obsolete?

On Thu, 12 Aug 2004, Florian Weimer wrote: > * Henrique de Moraes Holschuh: > > On Thu, 12 Aug 2004, Florian Weimer wrote: > >> >> You don't need to make a second version of GPG; the IDEA module can be > >> >> loaded dynamically. > >> > Then the module would need to be in non-free. > >> non-us, I t

Re: pgp in Debian: obsolete?

* Henrique de Moraes Holschuh: > On Thu, 12 Aug 2004, Florian Weimer wrote: >> >> You don't need to make a second version of GPG; the IDEA module can be >> >> loaded dynamically. >> >> > Then the module would need to be in non-free. >> non-us, I think. > > non-free in non-us, actually. Why non-f

Re: pgp in Debian: obsolete?

* Ian Beckwith: > On Sat, Aug 07, 2004 at 09:17:38PM +0200, Florian Weimer wrote: >> Both PGP 5 and 6.5 have security issues which haven't been fixed >> upstream (because there isn't any upstream anymore). There are some >> pirated versions of 6.5.8 that incorporate fixes, but Debian certainly >>

Re: pgp in Debian: obsolete?

On Thu, 12 Aug 2004, Florian Weimer wrote: > >> You don't need to make a second version of GPG; the IDEA module can be > >> loaded dynamically. > > > Then the module would need to be in non-free. > non-us, I think. non-free in non-us, actually. And maybe not even there, since the IDEA patent is a

Re: pgp in Debian: obsolete?

* Phillip Hofmeister: >> You don't need to make a second version of GPG; the IDEA module can be >> loaded dynamically. > Then the module would need to be in non-free. non-us, I think. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTEC

Re: pgp in Debian: obsolete?

On Thu, 12 Aug 2004 at 03:35:29AM -0400, Matthias Urlichs wrote: > Hi, Phillip Hofmeister wrote: > > > If you wanted to > > make a second version of GPG and place it in non-free, that would likely > > be an acceptable option. > > > You don't need to make a second version of GPG; the IDEA module ca

Re: pgp in Debian: obsolete?

Hi, Phillip Hofmeister wrote: > If you wanted to > make a second version of GPG and place it in non-free, that would likely > be an acceptable option. > You don't need to make a second version of GPG; the IDEA module can be loaded dynamically. -- Matthias Urlichs -- To UNSUBSCRIBE, email to [

Re: pgp in Debian: obsolete?

On Tue, 10 Aug 2004 at 05:51:19PM -0400, Rick Moen wrote: > Quoting Ian Beckwith ([EMAIL PROTECTED]): > > > Do you have links to documentation of these issues or where to get the > > pirated versions? How pirated/illegal are they? > > > > License permitting, I could maybe take patches from them.

Re: pgp in Debian: obsolete?

Quoting Ian Beckwith ([EMAIL PROTECTED]): > Do you have links to documentation of these issues or where to get the > pirated versions? How pirated/illegal are they? > > License permitting, I could maybe take patches from them. Quoting the licence for pgpi 6.5.8: The source code contained here

Re: pgp in Debian: obsolete?

On Sat, Aug 07, 2004 at 09:17:38PM +0200, Florian Weimer wrote: > Both PGP 5 and 6.5 have security issues which haven't been fixed > upstream (because there isn't any upstream anymore). There are some > pirated versions of 6.5.8 that incorporate fixes, but Debian certainly > shouldn't encourage di

Re: pgp in Debian: obsolete?

* Arthur de Jong: >> In short, better package the IDEA module for GnuPG... > > I did some work on this sometime ago, based on a previous package. The > work is here: > > http://tiefighter.et.tudelft.nl/~arthur/gnupg-idea/ > > It is sort of an source-based installer. You get the source, when buildi

Re: pgp in Debian: obsolete?

> http://tiefighter.et.tudelft.nl/~arthur/gnupg-idea/ > > It is sort of an source-based installer. You get the source, when > building the package it downloads the source and creates a binary > package. The source file idea.c is however not DFSG free because the > copyrights notice forbids distrib

Re: pgp in Debian: obsolete?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > In short, better package the IDEA module for GnuPG... I did some work on this sometime ago, based on a previous package. The work is here: http://tiefighter.et.tudelft.nl/~arthur/gnupg-idea/ It is sort of an source-based installer. You get the so

Re: pgp in Debian: obsolete? [gpg idea support]

On Thu, 2004-08-05 at 14:13, Rick Moen wrote: > Just attempting to fill in missing detail: PGP first used for its > symmetric cipher Zimmerman's own amateur effort "Bass-o-Matic", which > was quickly dropped and replaced with the IDEA algorithm. IDEA is > patent encumbered (and will remain that w

Re: pgp in Debian: obsolete?

* Ian Beckwith: > I shall attempt to get an updated pgp5i with FTBFS fixes into sarge, > and post-sarge I will package 6.5.8 and get the package renamed > from pgp5i to pgp. Both PGP 5 and 6.5 have security issues which haven't been fixed upstream (because there isn't any upstream anymore). Ther

Re: pgp in Debian: obsolete?

Thanks to everyone for your comments. On Thu, Aug 05, 2004 at 06:58:58PM +0100, Dale Amon wrote: > Keep in mind people may have encrypted files and email > archived. The means of accessing archive data should > be considered to be at least as immortal as the data > itself. Given this and Rick Mo

Re: pgp in Debian: obsolete?

Quoting Dale Amon ([EMAIL PROTECTED]): > I don't know for sure either. I do seem to remember there was a > document explaining how to transition and that there was a new key > generation method. I also vaguely remember having some problem with my > own package signing keys when the switch was made

Re: pgp in Debian: obsolete?

On Thu, Aug 05, 2004 at 11:40:09AM -0700, Rick Moen wrote: > > Keep in mind people may have encrypted files and email > > archived. The means of accessing archive data should > > be considered to be at least as immortal as the data > > itself. > > Aren't GnuPG's decryption/verification features a

Re: pgp in Debian: obsolete?

Quoting Dale Amon ([EMAIL PROTECTED]): > On Thu, Aug 05, 2004 at 06:51:22PM +0100, Ian Beckwith wrote: > > If there is a demand for it, is there any reason I shouldn't upgrade > > to the package to the latest pgp? (6.5.8 I believe, assuming the > > international pgp restrictions no longer apply).

Re: pgp in Debian: obsolete?

On Thu, Aug 05, 2004 at 06:51:22PM +0100, Ian Beckwith wrote: > If there is a demand for it, is there any reason I shouldn't upgrade > to the package to the latest pgp? (6.5.8 I believe, assuming the > international pgp restrictions no longer apply). Keep in mind people may have encrypted files an

pgp in Debian: obsolete?

Hello. I am in the process of taking over maintenance of pgp5i, based on the international unix version of PGP version 5, pgp50i-unix-src.tar.gz The previous maintainer suspects that nobody uses the package anymore so it can be removed from debian, as everyone has switched to gpg. Is anyone stil