On Thu, Dec 14, 2000 at 05:48:30AM -0700, Charles Curley wrote:
>
> One reason is security. GPG is free software, PGP is captive. This means
> you can get the GPG source, read it and compile it for yourself.
What? PGP source code has always been available. The source for PGP
6.5.8 can be downloaded from http://www.pgpi.org
[...]
> To paraphrase Eric Raymond's dictum in The Cathedral and the Bazaar, given
> enough eyeballs, all security holes are shallow. And GPG has had far more
> eyeballs go over it than recent versions of PGP.
Perhaps. If the goal is to use source that has been examined by many
people over the years, PGP 2.6.3i is a good choice.
The German government has given a grant to GPG. Would you trust PGP
if it were funded by the American government? Is there some reason
to believe the German government isn't just as interested in reading
your private mail as the US government is?
Understand, I'm not saying the German government has a nefarious
motive for the grant to GPG, but if the US government did the same
the rumors of back doors would be much more rampant than they are.
--
"They have computers, and they may have other weapons of mass
destruction." --Janet Reno, US Attorney General, 2.27.98
