GnuPG 1.1.90 released

Werner Koch wk at gnupg.org
Mon Jul 29 12:20:01 CEST 2002 

On Mon, 29 Jul 2002 04:03:00 +0000, Brian M Carlson said:

> It is much easier (and faster) to recompile a module and hit the up
> button twice (sorry, three times) in bash to get it to dynamically load a
> module.

How often do you compile a program if you are not a developer?

> Compiling one module is much more likely to succeed than the entire
> tarball of code. Because if one source file in that entire tarball
> fails... the program doesn't run.

GnuPG runs on many different platforms and almost all build problems I
have noticed are due to the dynamic load code.  Dropping this code
would actually help improving the build process.

> I don't. But remember there was that issue that Linux was reporting more
> entropy than it might have had? Someone might have wanted to switch to
> EGD. But yes, it is quite unlikely.

GnuPG does not use /dev/random as it comes but as one source of
entropy and it uses its own estimation.  All in all the RNG is rather
conservative when it somes to generation key quality random.

> So are we including it, or not? I'd hate to see it go. But then again,
> I'd hate to see it used for actual message signing.

It will be compiled in but not used unless someone actuall want s
this.  Note that TIGER is underspecified in OpenPGP and there is no
real reason to use it at all.

> Do tell me where I'm going to get a binary distribution with IDEA on
> GNU/Linux. Redhat doesn't provide one, and Debian most certainly doesn't
> (it is *non-free*). You have effectively made OpenPGP backwards

Right, it is in non-free because it belongs there.

> As I said above, such a distribution is not available on GNU/Linux,
> AFAIK. It is provided on Windows, however. Are *you* going to provide
> debs and rpms with IDEA? Don't get me wrong -- I am all about free

Even Phil Zimmermann says that IDEA should not be used.  And in many
companies you are not allowed to use it at all unless you get a
license from the paten holder.  To get IDEA into GnuPG it would be
best to help the anti-software patent folks.

> high quality software first. Those people will ignore the ethics of not
> using IDEA, or the patent does not apply to them, so they are permitted

We put hundreds of hours work just for these people into GnuPG.  This
is pretty much time for an algorithm not really useful anymore and
which can only be used by violating licenses and (ridiculous) patents
in most countries.  Rememeber that I started GnuPG to get rid of the
IDEA problematic.

> In fact, it seems that the Free Software Foundation is in favor of shared
> library mechanisms. In the GNU Lesser General Public License v2.1 (I
> realize GnuPG is GPL'd, but...) section 6b) it states:

> Use a suitable shared library mechanism for linking with the Library.

I don't see how this fits into our discussion.  GnuPG is GPLed for
good reasons.

> I certainly agree, but it's been here this long. And most of the dynamic
> loading complexity is in dlopen and friends. If you wanted to simplify it
> more, you could use libltdl3.

And add more extra complexity.

> I know it would make the code super-ugly, but you could use libltdl3 and
> #ifdef out the code so that it compiles it only if you use

Preprocessor conditionals don't reduce complexity.


Salam-Shalom,

   Werner

More information about the Gnupg-devel mailing list