Estimated release of GnuPG 1.0.7?

[Olivier Mascia]

Hello,

Werner Koch wrote:

WK> Olivier Mascia said:
WK> 
WK> > Are there licensing or political reasons not to let people compile GnuPG
WK> > with proprietary commercial compilers ? I suppose not.
WK> 
WK> The reasons why I don't support native compiling on Windows (well
WK> Cygwin32 basically works) it is far too much work to keep track of all
WK> the toolchain changes MS has done over the last 15 years or more and
WK> you need all these proprietary and buggy software.  I used to maintain
WK> a lot of software using my multi-toolchain, multi-target environment
WK> for many years, but later decided that it is a futile exercise.  It is
WK> far ebtter to have a regular environment on one machine adn
WK> cross-compile for other targets.
WK> 
WK> Another reason is trust.  I trust the GNU tool chain much more than
WK> any proprietary one.  Using a free toolchain reduces the risk of
WK> introducing backdoors.
WK> 
WK>   Werner

I see.

But isn't it possible to at least encourage people to use their own
compilers they're accustomed to, to at least help pinpoint porting bugs
in GnuPG ?

I wasn't specifically thinking of using Microsoft compilers anyway. I do
not use those on Windows. There are a lot of other compilers.

Would there be any licensing issue if I took the source code and
compiled it (fixing any required porting issue) with my liking of tools
suite under Windows ?

Also, isn't there some Windows-hosted binaries of GNU tools available ?

You see, I like free software (in the right meaning of the term) and I
even write some. But I start to find things not so free when the
software is locked for _any_ reason to a specific platform or
architecture.

I understand the fear that a proprietary compiler used to compile a
security tool like GnuPG could introduce backdoors, but that's taking
the fear a little bit far in my opinion. Why should I trust more a
windows binary which you provide and which I can't build myself than a
windows binary which I would build under my control with a proprietary
tool ? There is no real difference. Yes the source code of your tool is
available and mine is not. But did you compiled the compiler yourself ?
Or are you using any binary distro of the compiler ? You see my point, I
guess.

There is a very large number of excellent quality free software
engineered to be built successfully on multiple platforms with multiple tools.

In my opinion there is a much greater risk to have, for instance, a
private key captured by a Linux or Win32 key-logger virus or worm than
by a backdoor engineered to be included in gnuPG when compiled by one of
the proprietary compilers available, be it on unixes than on windowses.

I certainly don't want to start any 'guerilla' about these issues. So if
you prefer we can close this discussion here. I would try to find myself my
way around this limitation.

Sincerely,
-- 
Olivier Mascia <om@mascia.biz>