Slashdot Mirror
PGP vs GnuPG in Big Business?
CygnusTM asks: "I work for a Fortune 50 company, and we need to expand our PGP installation. We have a quote from Network Associates, but I'd really like to convince the higher-ups that GnuPG is the way to go. The traditional resistance to open source is that there is no one to call when there is a problem, but I also sense there is a little "You get what you pay for" in there, also. How do I get them past this? With enough ammo, maybe I can open the door for other open source software." What are the real advantages and disadvantages of deploying GnuPG over PGP in a corporate environment?
then its good enough for you.
See the press release.
There's even a section titled 'Why not use PGP?'
Rubbish! Following the herd mentality of corporate america may be smart in the political aspects of business (so is knowing how to golf, but that's just as lame...), but not necessarily in the technical aspects.
Yes, you get what you pay for -- an unreasonable EULA and company that tells you "you're s.o.l." if anything should go wrong enough to cause your business damage, all for the yearly support cost of what could likely pay for a competent admin to deal with the software in-house. At least with GPL'd software, there's no pretense of accountability.
As for the techical comparison to PGP, I don't have the ability to evaluate code myself, so I must rely on those who care about security and have the ability to digest source code. To this end, if GPG support is good enough for users of Mixmaster anonymous remailers (these are some truly smart and paranoid folk) and for the OpenBSD maintaners, I'd have to say its okay for my needs.
And I'm pretty certain that GPG supports more algorithms than PGP, and you can be 100% certain that the out-of-the-box algorithms in GPG are not hindered by patents or license restrictions.
Just read this for how much responsibility software companies have to their paying customers.
Method of processing duck feet