Guys, I'm a bit at a loss here. I'm quite sure the encryption in vim is not strong enough to fall under the US export-laws, but I would like someone to confirm this.. Wichert. ----- Forwarded message from Dan Merillat <harik@chaos.ao.net> ----- Subject: Bug#47735: VIM includes encryption. Needs to become a non-US package. Reply-To: Dan Merillat <harik@chaos.ao.net>, 47735@bugs.debian.org X-Debian-PR-Message: report 47735 X-Debian-PR-Package: vim X-Debian-PR-Keywords: To: submit@bugs.debian.org Date: Mon, 18 Oct 1999 12:37:45 -0400 From: Dan Merillat <harik@chaos.ao.net> Package: vim Version: all I'm not sure when encryption was included, but it probably violates US export laws. The note in the documentation is: "Vim originates from the Netherlands. That is where the sources come from. Thus the encryption code is not exported from the USA." However, Debian is in the USA, so the source IS exported. Further notes (from VIM documentation) - The algorithm used is breakable. A 4 character key in about one hour, a 6 character key in one day (on a Pentium 133 PC). This requires that you know some text that must appear in the file. An expert can break it for any key. - Pkzip uses the same encryption, and US Govt has no objection to its export. Pkzip's public file APPNOTE.TXT describes this algorithm in detail. HOWEVER, PKzip is ONLY a binary. Binaries with weak encryption are exportable. When the source is included, it's not. Remember, those same forigeners who can't type in source from a book are able to modify source to increase the encryption strength... Also, since it uses the same algo as pkzip, it falls under the same restrictions as zip-crypt and unzip-crypt, both of which are non-us. My personal prefrence would be to neuter the source of encryption, since it's neither strong nor standard. No other editor can unlock vim encrypted files (that I know of). Standalone encryption packages are probably better. --Dan ----- End forwarded message ----- -- ________________________________________________________________ / Generally uninteresting signature - ignore at your convenience \ | wichert@liacs.nl http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Attachment:
pgpiiUd7nPTKR.pgp
Description: PGP signature