Subject: Re: BSD Privacy Guard status?
To: Curt Sampson <cjs@cynic.net>
From: Manuel Freire <droggo@gmail.com>
List: tech-security
Date: 10/04/2005 01:44:15
On 10/3/05, Curt Sampson <cjs@cynic.net> wrote:
> On Mon, 3 Oct 2005, Hubert Feyrer wrote:
>
> > I saw that too, but how far is the implementation?
> > Library only, userland tool, ...?
>
> It's basically a "sketch" at the moment. There's some basic
> functionality there for reading, verifying signatures, etc., tests for
> it, a bit of command line stuff, etc. However, the goals of the project
> (if you go and read them--the file is in the docs directory) are not to
> build a clone of gpg, but to build a fairly modular toolkit, as well as
> a command line app, and we're far from that.

Concretely: BPG can actually sign and verify files using DSA keys
created with gpg. This can be done from the command line program, the
Ruby library or directly from C code. The syntax of these three
elements is defined in their manual pages. The code works, but it was
written too fast and lacks severe revision and testing. Anyway,
there's a set of tests for the supported features written in Ruby that
are currently passing.

A complete list of the next steps are documented in the TODO file in
the CVS. Basically, finishing the OpenPGP part (without key
management) is the priority. Take a look.

> In otherwords, I think it's nowhere near ready to import.

No, not yet. The framework is there, and next steps are clear.
Although, there's still a lot to implement and revise. Forget about
the import idea by the moment, we'll see in the future. At least until
more experienced people get involved with the low-level of the
project.

> > Oh, and seeing that the test framework is ruby-based... joy!

Apart of Curt's idea about an extension language, if people is not
confortable with Ruby it's very easy to add Python or Perl support now
and rewrite the tests. This way we could take the Ruby thing out of
the build.

Manuel Freire