Why trust gpg4win?

Julian H. Stacey jhs at berklix.com
Fri Jul 26 00:14:08 CEST 2013


Hi, Reference:
> From:		atair <atair04 at googlemail.com> 
> Date:		Thu, 25 Jul 2013 21:17:43 +0000 

atair wrote:
...
Therefore, changes that look like
back doors are VERY unlikely to find their way in a release, because
hundreds of people are looking how the software evolves and will
reject such a patch.
...

Yes, malign code would have to hide in plain view in source (& most
likely evil patches wouldn't get past the view of the people commiting
the `improvement' to the source repository ;-).

However you missed the point that many MS users are not programmers,
& will not be compiling their own binaries, so any malign entity
could regularly hack their nasty extras in, compile & issue binaries
that dont match published source (sure that would breach licence,
but irrelevant to an evil doer), & those without access to exactly
the same set of compiler tools would not easily knowof embedded
evil extra mods.

The solution of course is as you urged takethebus at gmx.de , to get
a free operating system such as Linux or BSD, complete with free
build tools  & compile your own (even non programmers can do that,
eg on an OS downloaded from
	http://www.freebsd.org
just type
	cd /usr/ports/security/gnupg ; make install
) However for some thats too much effort, for them greater risk, their choice.

Cheers,
Julian
-- 
Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com
 Reply below not above, like a play script.  Indent old text with "> ".
 Send plain text.  No quoted-printable, HTML, base64, multipart/alternative.



More information about the Gnupg-users mailing list