Estimated release of GnuPG 1.0.7?

Werner Koch wk@gnupg.org
Mon Dec 17 15:40:01 2001


On Mon, 17 Dec 2001 14:14:52 +0100, Olivier Mascia said:

> But isn't it possible to at least encourage people to use their own
> compilers they're accustomed to, to at least help pinpoint porting bugs
> in GnuPG ?

Frankly, I don't want to get bothered with bugs due to different
compilers, the Cygwin32 thing is troublesome enough.

> I wasn't specifically thinking of using Microsoft compilers anyway. I do
> not use those on Windows. There are a lot of other compilers.

And more and more bug reports.

> Would there be any licensing issue if I took the source code and
> compiled it (fixing any required porting issue) with my liking of tools
> suite under Windows ?

Of course not, the GPL is about the source code and not about tools or
data you use on it.

However, any changes required for other Windows compilers are unlikely
to go into the standard distribution. 

> Also, isn't there some Windows-hosted binaries of GNU tools available ?

Probably but I am not up-to-date.

> the fear a little bit far in my opinion. Why should I trust more a
> windows binary which you provide and which I can't build myself than a
> windows binary which I would build under my control with a proprietary

You can build it if you like, just need a POSIX system to do so.

> available and mine is not. But did you compiled the compiler yourself ?

Yes.  But what makes a Debian (or whatever) binary package more
trustworth is that a lot of eyses have seen the source and that noone
would risk the blame of deliberatley inserting a backdoor.  

> There is a very large number of excellent quality free software
> engineered to be built successfully on multiple platforms with multiple tools.

I am really tired of doing so.  Why should I spend my unpaid time on
doing this instead of simply requiring the use of a POSIX system.  I'd
even like to use some of the nice feature of gcc or glibc, but for the
sake of the other free operating systems I can't do that.

> In my opinion there is a much greater risk to have, for instance, a
> private key captured by a Linux or Win32 key-logger virus or worm than

Agreed.

  Werner

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus