Subject: Re: adding gpg to src/gnu/dist
To: None <,>
From: Marc Tooley <>
List: tech-security
Date: 05/14/2004 12:31:45
On Thursday 13 May 2004 13:25, Thor Lancelot Simon wrote:

> both that the 'openssl' command-line utility could 
> already do the necessary signing and verification operations, and
> that it would make more sense to link the pkg and installation tools
> with the OpenSSL libraries instead, and avoid the use of either
> horrible command-line tool.

> "Sticking with GNUPG" is not a valid reason to *add* GNUPG to the
> base system.

I think this is a misinterpretation of what the original poster meant, 
and you're spinning it to make it look like he said something he 
didn't. It seems to me that since everyone else uses GPG as a method of 
signed distribution of code, advisories, and so forth, "sticking with 
it" would better be interpreted in the broad sense that he's suggesting 
we not impose non-standard ssl-based distribution on users who are 
already familiar with, and actively using, GPG.