Interesting...

Anthony E. Greene agreene@pobox.com
Thu Jul 11 18:15:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11-Jul-2002/10:07 -0400, Adam Pavelec <apavelec@benefit-services.com> wrote:
>Here's a rather interesting article: 
>http://www.eweek.com/article2/0,3959,368778,00.asp
>
>I am glad GnuPG is open to review by our community to aviod
>these issues.

It's not so much because GnuPg is Open Source, but because it concentrates
on doing one thing well.

The GnuPG developers let the application developers use the interfaces
that GnuPG provides. This flaw is in a piece of code written at NAI to
interface with another vendor's application. The GnuPG developers do not
write plugins like this. They concentrate on writing reliable crypto and
let the application developers (who know their own apps better than anyone
else) write the code to interface with external programs like GPG.

Tony
- -- 
Anthony E. Greene <mailto:agreene@pobox.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26  C484 A42A 60DD 6C94 239D
AOL/Yahoo Messenger: TonyG05    HomePage: <http://www.pobox.com/~agreene/>
Linux. The choice of a GNU generation <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene <mailto:agreene@pobox.com> 0x6C94239D

iD8DBQE9La8bpCpg3WyUI50RAg+eAJ4job/1eLDWBxyZB5GkgC4sCsrGNwCg77wk
6RFg6kD7Eet2UNxxLC8m87Q=
=HOIB
-----END PGP SIGNATURE-----