aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/why-gnupg
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/why-gnupg')
-rw-r--r--contrib/why-gnupg80
1 files changed, 80 insertions, 0 deletions
diff --git a/contrib/why-gnupg b/contrib/why-gnupg
new file mode 100644
index 000000000..289b9af8c
--- /dev/null
+++ b/contrib/why-gnupg
@@ -0,0 +1,80 @@
+Why to use GnuPG and not PGP.
+-----------------------------
+
+ * PGP 2 is nearly Free Software but encumbered by the IDEA patent.
+
+ * PGP 2 is old, hard to maintain and limited to one set of
+ encryption algorithms (RSA + IDEA)
+
+ * PGP 2 is not a GNU or Unix Program and threfore not easy to use in
+ those environments
+
+ * PGP 2 has a couple of minor security flaws
+
+ * PGP 5 and 6 are more or less OpenPGP conform but proprietray
+ software. Source code is available but there is no way to be sure
+ that the distributed binary versions do match the source code.
+ Parts of the source code are not published. It is illegal to
+ build versions of PGP from source and distribute them (IIRC, there
+ is an exception for private users).
+
+ * PGP 5 and 6 are not fullty OpenPGP compliant
+
+ * PGP 7 is claimed to be OpenPGP compliant but the source code is
+ not anymore published.
+
+ * At least versions before 6.5.8 had severe coding bugs. We don't
+ know about PGP 7.
+
+ * PGP 5, 6 and 7 implement complicated methods for key recovering in
+ corporate environments. Although this is not a hidden feature,
+ this leads to more code and bugs.
+
+ * NAI as the vendor of PGP seems to be a major government contractor.
+
+ * Given the history of known backdoors in other proprietary software
+ (e.g. Lotus Notes), some folks claim that there might also be
+ backdoors in PGP 5, 6 and 7. Now there are even more rumors after
+ Phil Zimmermann left NAI.
+
+ * GnuPG is Free Software under the GNU GPL. It does not use
+ patented algorithms.
+
+ * Everyone is able to scrutinize the source code, build, distribute
+ and use versions of his own or from a trusted party he chooses.
+
+ * The build environment is also Free Software and therefore less
+ likely tampered with malicious code. The exception here is the MS
+ Windows version of GnuPG where the OS is proprietary. The binary
+ version however is build using an entirely Free Software OS and
+ toolchain (cross-platfrom development under GNU/Linux).
+
+ * Security fixes are provided very fast.
+
+ * GnuPG is a standard tool in all GNU/Linux systems and used in many
+ different environments.
+
+ * GnuPG gives reasonable messages and not just "Error encrypting".
+
+ * GnuPG supports most of the optional features of the OpenPGP standard.
+
+ * GnuPG comes with internationalization support for 16 languages.
+
+ * Graphical frontends are available and they divert the task of
+ the actual cryptographic operations to GnuPG as a specialized tool
+ for this. A library called GPGME is available which makes
+ interfacing of GnuPG with other programs quite easy.
+
+ * GnuPG is available for all GNU and Unix platforms as well as for
+ all MS Windows Operating systems. Porting to VMS, MAC OSX and
+ OS/2 is nearly finished.
+
+
+
+
+
+
+
+
+
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 09:15:16 +0000