Why trust gpg4win?
Julian H. Stacey
jhs at berklix.com
Fri Jul 26 00:14:08 CEST 2013
Hi, Reference:
> From: atair <atair04 at googlemail.com>
> Date: Thu, 25 Jul 2013 21:17:43 +0000
atair wrote:
...
Therefore, changes that look like
back doors are VERY unlikely to find their way in a release, because
hundreds of people are looking how the software evolves and will
reject such a patch.
...
Yes, malign code would have to hide in plain view in source (& most
likely evil patches wouldn't get past the view of the people commiting
the `improvement' to the source repository ;-).
However you missed the point that many MS users are not programmers,
& will not be compiling their own binaries, so any malign entity
could regularly hack their nasty extras in, compile & issue binaries
that dont match published source (sure that would breach licence,
but irrelevant to an evil doer), & those without access to exactly
the same set of compiler tools would not easily knowof embedded
evil extra mods.
The solution of course is as you urged takethebus at gmx.de , to get
a free operating system such as Linux or BSD, complete with free
build tools & compile your own (even non programmers can do that,
eg on an OS downloaded from
http://www.freebsd.org
just type
cd /usr/ports/security/gnupg ; make install
) However for some thats too much effort, for them greater risk, their choice.
Cheers,
Julian
--
Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com
Reply below not above, like a play script. Indent old text with "> ".
Send plain text. No quoted-printable, HTML, base64, multipart/alternative.
More information about the Gnupg-users
mailing list