[[email protected]: Bug#47735: VIM includes encryption. Needs to become a non-US package.]

18 Oct 1999 23:12:52 -0000 

Guys, I'm a bit at a loss here. I'm quite sure the encryption in vim is
not strong enough to fall under the US export-laws, but I would like
someone to confirm this..

Wichert.

----- Forwarded message from Dan Merillat <[EMAIL PROTECTED]> -----

Subject: Bug#47735: VIM includes encryption.  Needs to become a non-US package.
Reply-To: Dan Merillat <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
X-Debian-PR-Message: report 47735
X-Debian-PR-Package: vim
X-Debian-PR-Keywords: 
To: [EMAIL PROTECTED]
Date: Mon, 18 Oct 1999 12:37:45 -0400
From: Dan Merillat <[EMAIL PROTECTED]>


Package: vim
Version: all

I'm not sure when encryption was included, but it probably violates
US export laws.  The note in the documentation is:

        "Vim originates from the Netherlands.  That is where the 
        sources come from.  Thus the encryption code is not exported
        from the USA."

However, Debian is in the USA, so the source IS exported.

Further notes (from VIM documentation)

- The algorithm used is breakable.  A 4 character key in about one hour, a 6
  character key in one day (on a Pentium 133 PC).  This requires that you know
    some text that must appear in the file.  An expert can break it for any key.
 - Pkzip uses the same encryption, and US Govt has no objection to its export.
   Pkzip's public file APPNOTE.TXT describes this algorithm in detail.

HOWEVER, PKzip is ONLY a binary.  Binaries with weak encryption are
exportable.  When the source is included, it's not.  Remember, those
same forigeners who can't type in source from a book are able to 
modify source to increase the encryption strength...

Also, since it uses the same algo as pkzip, it falls under the same
restrictions as zip-crypt and unzip-crypt, both of which are non-us.

My personal prefrence would be to neuter the source of encryption, since
it's neither strong nor standard.  No other editor can unlock vim encrypted
files (that I know of).   Standalone encryption packages are probably
better.

--Dan

----- End forwarded message -----

-- 
   ________________________________________________________________
 / Generally uninteresting signature - ignore at your convenience  \
| [EMAIL PROTECTED]                    http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Attachment: pgpTUt9hedjVm.pgp
Description: PGP signature

Reply via email to