Frontends for Windows

Loic Bernable leto@vilya.org
Mon Nov 19 14:18:01 2001 

--M9NhX3UHpAaciwkO
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Selon Arild Bjork :=20
> It's free enough for me. The license to GPGshell states:

[snip]

>    LIMITATIONS ON REVERSE ENGINEERING, DECOMPILATION, AND
>    DISASSEMBLY.
>    You may not reverse engineer, decompile, or disassemble "THE
>    SOFTWARE", except and only to the extent that such activity is
>    expressly permitted by applicable law notwithstanding this
>    limitation.

[snip]
=20
> But if the GnuPG teams can't accept it, well it's their problem. I believe
> GnuPG will have a much harder time gaining acceptance without a decent
> frontend.

It seems you haven't understood the underlying problem.

The question is : why did you decide to use GnuPG ? To improve your
security, I imagine, as most people here did.=20

However, using such a program, especially under this freeware kind of
license, is clearly a security problem, as many people have already told
you. I also agree that GPGshell must not contain any backdoor, but
precisely you make your system security rely entirely on this asumption.
Even if this is a bug, the passphrase is at some moment within the
program memory, and who knows what is done of it then ?

There are a lot of ways a program can send data over the internet by any
mean, I'm quite sure this can be easily feasible, especially under
MS-Windows.



Your opinion is that this program is good for GnuPG for it provides a
user-friendly interface, even if its source code is closed.

My opinion is you don't deserve to use GnuPG.

--=20
### Lo=EFc Bernable aka Leto -- leto@vilya.org -- Parinux, April, LinuxFR #=
##
Si Dieu existait, il faudrait s'en d=E9barasser
  -- Bakounine

--M9NhX3UHpAaciwkO
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7+QYnX1807qC7PesRArx4AJsEEUefpvuqlMxyGHPJz8roiJ+6vgCgr5+s
z/0g2oXkjlcXpIfQ5dMcUm8=
=a0HK
-----END PGP SIGNATURE-----

--M9NhX3UHpAaciwkO--