Some files floating around in my working directory

2001-12-15 18:41:00 +00:00 · 2001-12-15 18:41:00 +00:00 · f1262d5742
parent 5c280f3d18
commit f1262d5742
3 changed files with 194 additions and 0 deletions
--- a/contrib/UTF-8-test.txt
+++ b/contrib/UTF-8-test.txt
--- a/contrib/changes-in-2000
+++ b/contrib/changes-in-2000
@ -0,0 +1,114 @@
+New features since 1.0.0
+------------------------
+
+    * The default symmetric cipher algorithm is now AES (aka
+      Rijndael).  OpenPGP uses preferences to figure out the algorithm
+      to use, so this is only used if the recipient knows how to
+      handles AES.
+
+    * RSA keys can now be used (either old PGP 2 or new OpenPGP ones).
+      RSA key generation is not yet available.
+
+    * Unattended key generation.
+
+    * Faster and more robust random number generator under W32.
+
+    * Encryption is now much faster: About 2 times for 1k bit keys
+      and 8 times for 4k keys.
+
+    * New encryption keys are generated in a way which allows a much
+      faster decryption.
+
+    * GnuPG knows what the primary user ID is.
+
+    * Large File Support (LFS) is working.
+
+    * Ability to run gpg as a full controlled inferior process to speed up
+      mass verification of signatures.  
+
+    * Rewritten key selection code so that GnuPG can better cope with
+      multiple subkeys, expiration dates and so on.  The drawback is that it
+      is slower.
+
+    * New utility gpgv which is a stripped down version of gpg to
+      be used to verify signatures against a list of trusted keys.
+
+    * New command --export-secret-subkeys which outputs the
+      the _primary_ key with it's secret parts deleted.  This is
+      useful for automated decryption/signature creation as it
+      allows to keep the real secret primary key offline and
+      thereby protecting the key certificates and allowing to
+      create revocations for the subkeys.  See the FAQ for a
+      procedure to install such secret keys.
+
+    * New options --show-session-key and --override-session-key
+      to help the British folks to somewhat minimize the danger
+      of this Orwellian RIP bill.
+
+    * New option --no-auto-key-retrieve to disable retrieving of a
+      missing public key from a keyserver, even when a keyserver has
+      been configured.  Useful for dial-up connections.
+
+    * HTTP proxy support for keyservers.
+
+    * Keyserver support is how also available for W32 platforms (MS
+      Windows 95, 98, 2000, NT, ME).
+
+    * Experimental gpg-agent support to get the passphrase from a
+      daemon which can pop up a query window.  
+
+
+rfc2440bis support (PGP 6.5.8 does also handle them)
+-------------------
+
+    * MDC enhanced encryption is now used with the AES and Twofish
+      algorithms to detect manipulated messages. 
+
+    * The user is now asked for the reason of a revocation.
+
+
+Translations:
+------------
+
+    * Enhanced UTF-8 support
+
+    * New translations: Danish, Estonian, Indonesian, Portuguese and
+      Turkish.
+
+Serious bug fixes:
+------------------
+
+    * Fixed a serious bug which could lead to false signature
+      verification results when more than one signature is fed to gpg.
+      This is the primary reason for releasing this version.
+
+    * Protection against the recent Klima/Rosa attck on secret key
+      rings.
+
+    * Corrected hash calculation for input data larger than 512M - it
+      was just wrong, so you might notice bad signature in some very
+      big files.  It may be wise to keep an old copy of GnuPG around.
+
+    * Secret keys are no longer imported unless you use the new option
+      --allow-secret-key-import.
+
+PGP quirks
+----------
+
+    * Can handle (but not display) PGP's photo IDs. 
+
+    * Better default values to increase compatibilty with PGP.
+
+    * Many other small enhancements to support the not fully-OpenPGP
+      compliant PGP versions.
+
+Manual
+------
+
+    * The manual called GNU Privacy Handbook (GPH) is a separate
+      package and available preformatted in English, German, Italian,
+      Russian and Spanish at http://www.gnupg.org/docs.html.
+      [Due to the complicated build process, the source is currently
+      on available from CVS]
+
+
--- a/contrib/why-gnupg
+++ b/contrib/why-gnupg
@ -0,0 +1,80 @@
+Why to use GnuPG and not PGP.
+-----------------------------
+
+  * PGP 2 is nearly Free Software but encumbered by the IDEA patent.
+   
+  * PGP 2 is old, hard to maintain and limited to one set of
+    encryption algorithms (RSA + IDEA)
+
+  * PGP 2 is not a GNU or Unix Program and threfore not easy to use in
+    those environments
+
+  * PGP 2 has a couple of minor security flaws 
+
+  * PGP 5 and 6 are more or less OpenPGP conform but proprietray
+    software.  Source code is available but there is no way to be sure
+    that the distributed binary versions do match the source code.
+    Parts of the source code are not published.  It is illegal to
+    build versions of PGP from source and distribute them (IIRC, there
+    is an exception for private users).
+
+  * PGP 5 and 6 are not fullty OpenPGP compliant
+
+  * PGP 7 is claimed to be OpenPGP compliant but the source code is
+    not anymore published.
+
+  * At least versions before 6.5.8 had severe coding bugs.  We don't
+    know about PGP 7.
+
+  * PGP 5, 6 and 7 implement complicated methods for key recovering in
+    corporate environments.  Although this is not a hidden feature,
+    this leads to more code and bugs.
+
+  * NAI as the vendor of PGP seems to be a major government contractor.
+
+  * Given the history of known backdoors in other proprietary software
+    (e.g. Lotus Notes), some folks claim that there might also be
+    backdoors in PGP 5, 6 and 7.  Now there are even more rumors after
+    Phil Zimmermann left NAI.
+
+  * GnuPG is Free Software under the GNU GPL.  It does not use
+    patented algorithms.
+
+  * Everyone is able to scrutinize the source code, build, distribute
+    and use versions of his own or from a trusted party he chooses.
+
+  * The build environment is also Free Software and therefore less
+    likely tampered with malicious code.  The exception here is the MS
+    Windows version of GnuPG where the OS is proprietary.  The binary
+    version however is build using an entirely Free Software OS and
+    toolchain (cross-platfrom development under GNU/Linux).
+
+  * Security fixes are provided very fast.
+
+  * GnuPG is a standard tool in all GNU/Linux systems and used in many
+    different environments.
+
+  * GnuPG gives reasonable messages and not just "Error encrypting".
+
+  * GnuPG supports most of the optional features of the OpenPGP standard.
+
+  * GnuPG comes with internationalization support for 16 languages.
+
+  * Graphical frontends are available and they divert the task of 
+    the actual cryptographic operations to GnuPG as a specialized tool
+    for this.  A library called GPGME is available which makes
+    interfacing of GnuPG with other programs quite easy.
+ 
+  * GnuPG is available for all GNU and Unix platforms as well as for
+    all MS Windows Operating systems.  Porting to VMS, MAC OSX and
+    OS/2 is nearly finished.
+ 
+
+  
+
+
+
+
+
+
+