Re: PGP 5.0 (was Re: PGP keys)

To: David Frey <david@eos.lugs.ch>
Cc: debian-devel@lists.debian.org
Subject: Re: PGP 5.0 (was Re: PGP keys)
From: Zed Pobre <zed@moebius.interdestination.com>
Date: Sat, 16 May 1998 15:05:42 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.3.96.980516145704.17381A-100000@moebius.interdestination.net>
In-reply-to: <[🔎] 19980516195823.29914@eos.lugs.ch>

-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 16 May 1998, David Frey wrote:

>On Fri, May 15, 1998 at 06:14:18PM -0700, Darren wrote:
>>I used PGP 5.0 to create a key (pgpk -g)... now what?  
>
>Shouldn't we forbid the use of PGP 5.0 for backward compability 
>reasons? Only a few percentage uses probably PGP 5.0 (my reason

    I use 5.0, as I have the occassional need to verify DH/DSS
dignatures, and I like to be able to automagically retrieve keys via
hkp.  My current key (the one I use to sign uploads and everything
else) was generated with it.  It is a 2048-bit RSA key that is
perfectly verifiable by PGP 2.6 -- in fact, I use 2.6 with this same
key to do package signing, since dpkg-buildpackage doesn't have hooks
for PGP5.
    Obviously, if you plan on being a developer, it's somewhat stupid
to create a primary key with DH/DSS, but that's not the same as not
using PGP5.


>is, that PGP 2.6 is more free than the PGP 5.0 brand and that I
>have already a RSA key and that everybody else uses PGP 2.*;
>otherwise I'd use gpg. 

    PGP 2.6 is not noticably more "free" than 5.0i, I think.
Certainly if you buy a precompiled binary of an encryption product
from a company, you deserve what you get.


>BTW: Is PGP 5.0 already out for Unix?)

    Sources have been available for months.  

    http://www.pgpi.com

    If you compile from source you even have the option of generating
a US-legal binary with the freeware license.  Whoopee.  For those less
concerned with US RSA patents, the Debian packages have been available
for weeks in non-us.

=============================================================================
 Zed Pobre <zed@va.debian.org>  |  PGP key on servers, fingerprint on finger
=============================================================================
* And this signature can be verified with 2.x or 5.x

-----BEGIN PGP SIGNATURE-----
Version: 5.0
Charset: noconv

iQEVAwUBNV3jgtwPDK/EqFJbAQEBAgf+Lrh7fMpaGXv6ahnRGRQ4pOUNiKDSHWxQ
PavjySZLt7srr1otjhRuoq+4mVp6bVedD2a8gDr2eD1EbYSXh9XZfUQgKuVyGCd9
dOaLWPNzlBVqjrkmqqUDtYqNJbqhMo86EyPcisLxehCxKZxgIE14DUYEBTsEKqfC
YbF6ESVPdzMpKK1lv/paWjMSh4kvDMCI2wHuTVOgL/hotfplR+tOO8gJvN2Qdvq8
w8PSYhZmDEgViMxAlv+Mwcm3e05ybr5Kn0vz28gQtW1WA2tW1kqYtuvEycXZEM99
g3wOUSthrvQXx6Bul6j8o3YaudaKMyG+d5jREVc5eLkQYsKt1cd4+w==
=m4Zm
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- PGP 5.0 (was Re: PGP keys)
  - From: David Frey <david@eos.lugs.ch>

Prev by Date: Re: US-only packages (Re: Intent to package hesiod)
Next by Date: Re: Strang shutdown mechanism with Debian
Previous by thread: PGP 5.0 (was Re: PGP keys)
Next by thread: Re: PGP 5.0 (was Re: PGP keys)
Index(es):
- Date
- Thread