PGP8

[Todd]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ben Finney wrote:
> Is it possible to build a complete working PGP, as provided by the
> vendor, from the source code?

It should be, according to what I've seen on the PGP-User's list and on
pgp.com, but I can't verify that since I don't have the windows build tools
and have no plans to purchase/acquire them anytime soon.

> (They require "registration" to get the source code -- for no reason made
> clear -- so I'm not able to check this myself.)

What registration were you subjected to?  I downloaded a copy of the PGP
code for windows today and the only thing I had to do was check a box
agreeing to the license, which, while it isn't GPL or even OSI compatible,
wasn't totally ridiculous.

> If the answer is "no", then a bundle of source code is useless for
> checking the operation of the version of PGP you actually use, since
> there's no way to determine if they are in any way related.

That would certainly be true, but I don't think it is.  One nasty clause in
the license does make it sound like building your own binary of PGP for
daily use would be outside the scope of the license (Section 2e).  It says
that any use other than to verify that there are no holes or bugs is not
acceptable, but how broadly one defines that is probably a matter of
contention.

> Yet another reason to use free software, instead of "look but don't touch"
> source code carrots.

No disagreement that free software is to be preferred.  But since PGP has
been saddled with so much rumor and misinformation from its inception, I
think it's worth making sure that the complaints against it be legitimate.

I would rather have readily available encryption that isn't free software
than no encryption at all.  Fortunately, I don't have to make that choice,
thanks to David, Stefan, Timo, Werner, and everyone else contributing to the
GnuPG project.  Much thanks to all of them!!  If any developers/contributors
happen to be near the south central PA area of the US anytime, please let
me know and I'll buy you a beer!

- -- 
Todd              OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
============================================================================
Tell a man there are 300 billion stars in the universe, he'll believe you.
Tell him a bench has wet paint on it and he'll have to touch it to be sure.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc2 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iD8DBQE/LJjOuv+09NZUB1oRAiUcAKCaRahAkR8z1s5LuXZO69w0rm9F0gCgzZa5
bAl3+MP0A8XzdPv1FjBSjms=
=ceNa
-----END PGP SIGNATURE-----