Re: PGP Software Update (intent to package)
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 5 Mar 1998, Tommi Virtanen wrote:
> What I hear 5.5 has radically different code base. Seems like
> doing the thing all over again when 5.5 is released.
> This message has been there for ages. I might just as well stop
> waiting and see if I can package 5.0i. Consider this an announce.
Two things: 1) Even if 5.5i were to come out tomorrow, I'd have
serious second thoughts about switching from 5.0i for a while, partly
because AFAIK 5.5i doesn't add any significant functionality, and partly
because I think the CMR code is actually *disabled* in 5.0 and certainly
isn't in 5.5.
Let me interject for the uninitiated before we get a flamefest: This
does not mean that using 5.5 will automatically compromise your key. If
you install PGP yourself, unless you specifically request a mandatory
secondary key, it's fine. The software will work fine. It's okay.
Back to the comment, in any case, technical security aside, although I
need a 5.x for technical reasons (I need to be able to deal with RSA/DH on
one keyring), I'm politically uncomfortable moving up. I suspect others
may feel the same, unless there's some spiffy new function in 5.5 that I'm
not aware of that is going to make 5.0 incompatable.
2) I've got a personal patch for PGP5.0i that does a number of things
from changing the version ID to cut down harassment chances in the US to
changing the base names so that pgp5 will be installable next to pgp2. If
you're interested in these patches, send me mail.
Zed Pobre <email@example.com> | PGP key on servers, fingerprint on finger
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .