From randall at randallsquared.com  Sun Sep  1 18:13:46 2002
From: randall at randallsquared.com (Randall Randall)
Date: Sun, 1 Sep 2002 11:13:46 -0500
Subject: [PYTHON-CRYPTO] missing signature for package
Message-ID: <3D723CBA.7020200@randallsquared.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, all.

I'm cc'ing this to Andrew M. Kuchling, in case he doesn't read
this list.

On his page http://www.amk.ca/python/code/crypto.html ,
there is a link to pycrypto-1.9a4.tar.gz , along with
a link to a signature of that package.  The signature
link is broken.

As I'm sure you all understand, this doesn't inspire
me to trust this package, though I'm sure it's only
an oversight.

- --
Randall Randall <randall at randallsquared.com>
"[The] poetic justice of cause and effect compels
 respect, compassion." -- Faithless, God is a DJ.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9cjy1G+UBxdZLtn0RAvfLAJ9oi7+QXsvuk/ZDFec0SC3oA7ytPQCeO7fy
ztDfxcpd4lhS39uqOagnT5A=
=tkWj
-----END PGP SIGNATURE-----




From a.rottmann at GMX.AT  Fri Sep  6 14:09:04 2002
From: a.rottmann at GMX.AT (Andreas Rottmann)
Date: Fri, 6 Sep 2002 14:09:04 +0200
Subject: [PYTHON-CRYPTO] Licence issues
Message-ID: <8765xj1frz.fsf@alice.rhinosaur.lan>

Hi!

I've made a python-crypto Debian package and already have uploaded it
to Debian unstable. Unfortunatly, I was alarmed that parts of the code
are not DFSG (Debian Free Software Guidelines) - Free, meaning an
inclusion of python-crypto (or the non-DFSG-free parts) in the Debian
main distribution would be invalid. The part I was alarmed about was
the RIPEMD implementation:

--RIPEMD.c-----------------
 * Copyright (c) Katholieke Universiteit Leuven 1996, All Rights Reserved
 * The Katholieke Universiteit Leuven makes no representations concerning
 * either the merchantability of this software or the suitability of this
 * software for any particular purpose. It is provided "as is" without
 * express or implied warranty of any kind. These notices must be retained
 * in any copies of any part of this documentation and/or software.
--------------------------

IANAL, but it seems 'All rights reserved' means that all actions
(distribution, modification, ...), unless explicitly stated otherwise
are prohibited. This clearly violates DFSG
(http://www.debian.org/social_contract.html#guidelines).

I would like to have this clarified, since the LICENCE file in the
source states:

<snip>
===================================================================
Distribute and use freely; there are no restrictions on further
dissemination and usage except those imposed by the laws of your
country of residence.  This software is provided "as is" without
warranty of fitness for use or suitability for any purpose, express
or implied. Use at your own risk or not at all.
===================================================================

Incorporating the code into commercial products is permitted; you do
not have to make source available or contribute your changes back
(though that would be nice).
</snip>

Regards, Andy
--
Andreas Rottmann         | Dru at ICQ        | 118634484 at ICQ | a.rottmann at gmx.at
http://www.8ung.at/rotty | GnuPG Key: http://www.8ung.at/rotty/gpg.asc
Fingerprint              | DFB4 4EB4 78A4 5EEE 6219  F228 F92F CFC5 01FD 5B62




From itamarst at YAHOO.COM  Tue Sep 17 11:48:16 2002
From: itamarst at YAHOO.COM (Itamar S.-T.)
Date: Tue, 17 Sep 2002 02:48:16 -0700
Subject: [PYTHON-CRYPTO] PyOpenSSL 0.5.1 is out
Message-ID: <20020917094816.43964.qmail@web40204.mail.yahoo.com>

PyOpenSSL is my favorite Python SSL library, and the
one we used for Twisted.

==================================
From: Martin Sjogren

The bugfix-release, 0.5.1, of pyOpenSSL is out. This
version fixes the
python 1.5 and 2.1 breakage ;) and also introduces
some basic PKCS12
support.

The release is on SourceForge:
http://sf.net/project/showfiles.php?group_id=31249&release_id=111204


Regards,
Martin


http://pyopenssl.sourceforge.net/
http://lists.sourceforge.net/lists/listinfo/pyopenssl-list


=====
Itamar Shtull-Trauring, itamar(at)shtull-trauring.org

__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com




From peter_shannon at YAHOO.COM  Wed Sep 18 17:08:51 2002
From: peter_shannon at YAHOO.COM (=?iso-8859-1?q?Peter=20Shannon?=)
Date: Wed, 18 Sep 2002 16:08:51 +0100
Subject: [PYTHON-CRYPTO] POW release - Python X509v3 DER encoder
Message-ID: <20020918150851.33077.qmail@web13306.mail.yahoo.com>

Hello Everyone,

I've just released a new version of POW.  The main
change is the inclusion of a pure Python DER
encoding/decoding library I wrote to make it easier to
support v3 extensions.

Features:
     Certificates/CRLs can be created using either POW

     or POW.pkix(the python encoder).

     Extensions can be created using POW.pkix and if
     you look added to certificates/CRLs/revocations
     created using POW.

     Signing and verification(RSA only for the moment)

     is also available through both POW and POW.pkix.

I'll complete the PKIX profile soon but for now the
following extensions are supported:
     BasicConstraints
     SubjectAltName
     IssuerAltNam
     AuthorityKeyIdentifier
     PrivateKeyUsagePeriod
     CertificatePolicies
     CRLDistributionPoints
     SubjectKeyIdentifier
     KeyUsage
     CrlNumber
     DeltaCrlIndicator
     InvalidityDate
     CrlReason

If any of you find it useful but really don't want POW
with it I've no objection to moving it to a stand
alone module.

Let me know what you think.

Regards,

Peter Shannon

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com