Subject: Re: adding gpg to src/gnu/dist
To: None <tech-userlevel@NetBSD.org, tech-security@NetBSD.org>
From: Marc Tooley <netbsdMLpostNO@SPAM.quake.ca>
Date: 05/14/2004 12:31:45
On Thursday 13 May 2004 13:25, Thor Lancelot Simon wrote:
> both that the 'openssl' command-line utility could
> already do the necessary signing and verification operations, and
> that it would make more sense to link the pkg and installation tools
> with the OpenSSL libraries instead, and avoid the use of either
> horrible command-line tool.
> "Sticking with GNUPG" is not a valid reason to *add* GNUPG to the
> base system.
I think this is a misinterpretation of what the original poster meant,
and you're spinning it to make it look like he said something he
didn't. It seems to me that since everyone else uses GPG as a method of
signed distribution of code, advisories, and so forth, "sticking with
it" would better be interpreted in the broad sense that he's suggesting
we not impose non-standard ssl-based distribution on users who are
already familiar with, and actively using, GPG.