Re: Signing packages without violating restrictions/laws

On 2016-04-18 22:12, Mojca Miklavec wrote: > I have a problem understanding those rules because we are not dealing > with encrypted information, but merely use the same algorithms to > verify authenticity of the packages. On the other hand I have problems > believing that this problem really

Re: Signing packages without violating restrictions/laws

On Mon, 18 Apr 2016, Mojca Miklavec wrote: > This seems to be a problem for GPG though. Apparently USA export > restrictions forbid exporting software that does cryptography (and > some other countries might have import restrictions). That's largely ancient history. > I have a problem

Re: Signing packages without violating restrictions/laws

On Mon, Apr 18, 2016 at 4:12 PM, Mojca Miklavec wrote: > Apparently USA export > restrictions forbid exporting software that does cryptography Umm, ITAR's had an OSS exemption for years. Are you reading old information? > (and > some other countries might have import

Signing packages without violating restrictions/laws

Hi, I have a weird question. I know that MacPorts has been signing all the packages for a long time already. I'm currently involved with a project where one developer recently implemented package signing. On the client level it uses the "gpg" or "gpg2" binary to verify packages. It works