On Sat, Jul 04, 1998 at 12:18:59PM +0200, Marcus Brinkmann wrote: > > I don't read -private. I still need to get a key signed to become a > > developer. Working on that still. => However, I really think this should > > be in -announce or -devel-announce since it affects more than just developers > > really. > > More than "just developers", eh? ;) > > Joseph, some developers don't have time to read -devel, although they are > supposed to be subscribed. All are supposed to be subscribed to and read > -private, so private is the correct place for this. > > I think the relevant new maintainer documents will be updated then, once > the decision was made. It seems that the best place would be then both -private and -devel-announce with followups to -private. In addition, the new maintainer docs being updated would be a good thing. > BTW: Has someone the capability to judge if gpg is *secure*? > > Is the algorithm the same as in pgp? Is the key generation secure? I'm in > favour for free software, but let's not sacrifice secureness (or we could > drop signing at all). Note: gpg must be secure at the time we *generate* the > keys, not sometime later. The new patent-free algorithms found in PGP5 are in gpg as well as others such as Blowfish. Keys are protected much like they are in PGP.
Attachment:
pgpo22vxq10Vd.pgp
Description: PGP signature