[vlc-devel] 0.8.6d Release schedule
Rémi Denis-Courmont
rdenis at simphalempin.com
Fri Nov 23 17:14:27 CET 2007
Le Friday 23 November 2007 17:55:42 Rafaël Carré, vous avez écrit :
> > > What would be the extra weight of embedding cryptographic software in
> > > VLC, and then just serve checksums and their signature over an insecure
> > > channel, then the client do check the checksums' signature with the
> > > embedded public key ?
> >
> > OpenPGP is not trivial to implement, or even integrate.
> >
> > > My point is: TLS is used for transport, but I would prefer a solution
> > > like the GPG-signing of debian APT repositories.
> >
> > Of course, OpenPGP would be a lot better than TLS here.
> > But it ain't going to happen within 0.9.0 let alone 0.8.6d timeframe.
>
> libgcrypt can do public key verification, and is already used in gnutls.
libgcrypt provides the *raw* DSA and RSA algorithms. That's pretty far from
what, say, gnupg does.
--
Rémi Denis-Courmont
http://www.remlab.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20071123/b242076c/attachment.sig>
More information about the vlc-devel
mailing list