Why trust gpg4win?
Johan Wevers
johanw at vulcan.xs4all.nl
Fri Jul 26 23:20:34 CEST 2013
On 25-07-2013 23:17, atair wrote:
> This basically means, that everyone(!) can access, modify and
> redistribute the source code of the program (see [2] if you're
> interested). There are lots of people (usually volunteers from all
> over the wold) who do peer reviews on the sources (and if you start
> with [2], _you_ can be another one). Therefore, changes that look like
> back doors are VERY unlikely to find their way in a release, because
> hundreds of people are looking how the software evolves and will
> reject such a patch.
Yes, I know the mantra, and I'm sure that obvious backdoors are not
present because they would be found rather quickly. However, more subtle
bugs leading to decipherable messages can take more time to find. The
infamous PRNG bug in pgp 5 on Unix is a well-known example.
That said, I do trust GnuPG with things I like to keep confidential.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users
mailing list