[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: macPGP

HH> Since that doesn't allow us to verify the code

If heard that argument quite often, but do you really intend to examine
all of the sources?

I'd have the possibility to, but to be honest: I didn't. I got them with a
signature of my predecessor, and I relied on his word.

HH> is there a reason for this?

Yes, there is. After I got the sources I've lost contact to the other
authors of PGP. I don't know whether they've made changes to the sources
as well, so I first didn't release MacPGP at all. But after a while I
decided to release at least the executables - if someone take the chance
to object I'll merge my sources with his. Otherwise I'll release the next
version together with the source code.

HH> How did you sign them? Did you sign the binhex file or the Mac
HH> executeable, etc.?

I put the complete stuff for each language into a Compact Pro archive and
signed these archives. Then I gathered them all in another (uncompressed)
Compact Pro archive.

I'll ask the one who put it into the ftp site where to find it.