Slashdot Mirror
Zimmermann Suggests Freeing PGP Source
broody writes "NewsForge has an interesting article detailing Phillip R Zimmermann's lament at selling PGP. Since he cannot afford to buy it back outright, he is pushing for Network Associates to 'open source' it. Well, the GUI and SDK anyway. I'll say this, he's an interesting little capitalist."
not to bash slashdot, but why is it that Linux Today always posts the latest linux stories at least half a day before slashdot does?
anyways, on a side note, i think zimmerman is in the wrong here. if he is so concerned about the concept of pgp, then why isn't he focusing his efforts on GnuPG, which is a completely open version of the PGP concept?
His idea for a Dead Man's Switch license would be very interesting to see implemented. It would be nice to see something like that used in a lot of commercial software.
Think of all the software that might still be available if they had such a clause in their license. Hell, just the games!
-Pete
Soccer Goal Plans
PGP being sold out was the inspiration for the OpenPGP project which generated GPG, a perfectly good alternative to PGP.
The only real problem with GPG is the comparative lack of high quality "mere end user" facilities such as a good GUI.
Let's all dump PGP, it's served its purpose and its time is done. Put your effort into making GPG (real open source!) widely accepted and used.
Since he developed PGP, why not develop a RGP, or Really Good Privacy. He can keep this one open, and it can compete with the closed source version.
.0199999999
It offers the liberty of being Free and Free.
Just my
If we don't fight for ourselves no one will.
I've read on numerous occasions that NA has versions of PGP updated to run on OS X and XP, but aren't releasing them. Something to do with 9/11 maybe? It seems stupid to simply throw away a defacto standard.
Let's hope the geeks here make that problem irrelevant. So far the Mac side is doing *OK* with tools like GPG Tools, GPGMail, and Apple's own AES encrypted volumes using Disk Copy. However, syncing with key servers, file wiping and other functionality available in PGPFreeware is sorely missed. Maybe Phil Z should start a company focused on GPG rather than wasting his energy trying to get PGP open sourced...
We'd really like you to join the work on GnuPG, and on GUI projects like GNOME. I think it would be most productive to write off the PGP code base and continue your work on the existing Free Software projects. We've gotten most of the hard work done already.
Thanks
Bruce
Bruce Perens.
Actually, there is lots of companies that would pay lots of money for a product like that, NAI charged way to little.
There are quite a number of IT-related companies run by people who are just clueless when it comes to business.
I would like to think that someone will eventually pick it up. It's entirely too useful to let it die. It be nice if it turned free, but I would still pay a reasonable amount of money to get a new enhanced version.
You don't get it! There is good reason to believe that NAI has put backdoors in for No Such Agency and/or others, and with only binaries available, it's impossible to be certain. Closed source encryption software is utterly useless, regardless of how much it costs.
Even if you aren't worried about the NSA reading your email (and you should be!), backdoored encryption is a fucking joke, because all it takes is for someone else to figure out the back door and exploit it. Even if nowhere else, at least use open source for your encryption needs.
PGP is dead. Long live GPG!
Ask any (ex) Informix employee about how well the hostile takeover and fire everyone "software company" strategy works. Computer Associates: milking support contracts for all their worth for years now.
The principle issue that faces any developer wishing to integrate GPG is that it is covered by GPL. That means that even if it had an SDK (which the isn't) you couldn't link with it without infecting your own code. Even LGPL libs can't link with it. At present if you wish to use GPG, you must mess around constructing command line arguments, opening pipes etc., invoking it and then parse the results. It is a major pain. There are libraries such as GPGME that hide some of this from you but it is still slower than running in-process and has significant issues running on platforms like Windows or Mac where piping etc. might be done differently.
If PGP were opened up with either a LGPL or BSD style licence I can see it being used in preference to GPG. GPG has the better command-line interface and might be ok for scripts but PGP has an SDK (as well as a great UI on Win32) and would be ultimately faster if software can link directly to it.
PZ should get involved with Mozilla. For literally years I've been waiting for someone to build in some sort of public-key email (and newsgroup) crypto. It's still not there yet, and THAT has prevented several people I know - including myself - from adopting Mozilla as my sole internet access tool. I'd love to be able to dump some of the crap I run for email and usenet.
First it was the export restrictions that were deterring Mozilla crypto. Now it's something else. I guess these projects qualify for some of what's being done today, but I needed Mozilla to do built-in crypto years ago. The standard Mozilla comeback is "do it yourself". Well, I have neither the time nor the skill to do that. But Phil does!
Maybe the NSA will buy it and then open source it, then include it with their SE Linux.
Zoot!
Network Associates is sitting on the code to squash it. They don't want to sell it. They don't want to make money off it. They want to keep it unavailable. Texaco owned the patent for fuel injection systems in cars. Until that patent expired (patents used to expire), no cars had fuel injection. If you don't remember, they might want to look back at the date on the press release that Network Associates (a.k.a. McAffee) released, stating that they planned to discontinue PGP. It's pretty close to September 12, 2001.