Subject: Re: adding gpg to src/gnu/dist
To: None <tech-userlevel@NetBSD.org, tech-security@NetBSD.org>
From: Michael Richardson <firstname.lastname@example.org>
Date: 05/13/2004 16:05:38
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Simon" == Simon J Gerraty <email@example.com> writes:
Simon> That may sound like a lot of mucking about - especially
Simon> compared to the peer to peer model of GPG or SSH, but it has
Simon> advantages in terms of scalability (which are perhaps not
Simon> particularly important here).
Frankly, you said it all here.
If this is the only advantage, I don't think the complexity of the
"OpenSSL" is worth it. As many have said, the "openssl" binary is
particularly poorly suited to actually doing anything with the library.
If the code is built into pkg_* - i.e. we are using libssl, not
"openssl", great. Openssl is too hard to script.
Otherwise, I suggest using simpleca (http://www.vpnc.org/simpleca/ )
or sticking with GnuPG, as sucky as I think GnuPG is.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] firstname.lastname@example.org http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----