OT: PGP,
commercial product vs opensource stuff - viability/usability
Bill Akers
billa at mgmindustries.com
Mon Oct 31 05:23:45 PST 2005
John Esak wrote:
> We are about to *buy* PGP. Reasons... simple, we were told if we gather the
> source and make our own version for either SCO or Windows... we will have
> "limited to no success". Exact words. I am certainly capable of doing the
> make. Okay, let's put a "we" there instead of "I"... These days, being a
> decade after I last stop making every damn thing I needed in the world, I
> would most probably rely on others when hit with snags... especially on O/S
> 5.6 where they abound. We are not yet fully on O/S 6 for other reasons. In
> any case if hearing from the developer/owner of PGP that even once we get a
> good compile there would be problems with making things work all the time...
> and no support from them, I begin to wonder why I want to go the opensource
> route yet again. Why? Well, one reason might be that the price/retail (and
> it's not much better through dealers) is $3,150 for one partnership key,
> send and receive. To add another partner is another $3,150. To buy an
> unlimited version (both send and receive) is $7,500... and there is
> absolutely NO upgrade path from one to the other. Should we by a 1 partner
> version first, the full price would be expected to ever go to unlimited
> partners. This is a pretty good hook and I wish I could do something like
> this on products I sell, it almost mandates buying the higher priced item. I
> guess I have to say kudos on good marketing technique.
>
> By the way, this all refers to command-line PGP... which for obvious reasons
> is the only type we would want. (For those who don't know why I say
> "obvious". The other flavors (seemingly every other version) all are GUI
> type things that you must physically enter and select a manual
> encryption/decryption of your file every time you want to use it. Our
> procedures have to be automated, again for obvious reasons... this time no
> explanation. :-)
>
> We will be doing encrypted FTP both send and receive along with some
> encrypted email stuff in the bargain.
John
We use PGP and ftp from SCO O/S 5.0.6 to transmit payroll
information to the bank every week and EOM bonuses at end of
month. The only problems we have had appearerd to come from our
telephone system computer thinking it was a gateway. Telephone
system installer goof. We have PGP verson 1.2.1 and came
precompiled for SCO from the GnuPG website at
http://gnupg.unixsecurity.com.br/sco.html.
Of course, you might want to compile the latest version for more
security since the version on the website appears to be a couple
or three versions back.
>
> I'm just questioning if what we are being told is right or even makes sense.
> I don't mind paying the going price for any product (and expecting the
> associated support), but jeez, this seems REALLY high for a (what I might
> call) simple encryption algorithm. Perhaps, I'm wrong, both about the simple
> and the high price... but this is just my HO. The meat of the question I'm
> asking has two few aspects. First, can we know if they are being honest and
> up front about us having problems even once we have successfully compiled
> the opensource thing? Two, sort of the same, but slightly different... are
> they inferring that people who BUY the commercial product (like *our* huge
> trading partners) will have something slightly *different* in the way of the
> process/methodology/algorithm, etc.? Are they hinting that they know
> something we don't know, and the entire excursion for us (which is
> extremely, time sensitive - like hours away) would be a big waste of time?
> (In this, I am reminded of how in the olden days, things like free zmodem
> became all of a sudden incompatible with purchased zmodem... and so forth.)
>
> Hence, the real and only meaningful actual question I'm asking is: Does
> anyone here actually use PGP currently to encrypt ftp files, send and
> receive them with real data to real business partners... transacting real
> business that would say replace the same which might normally be done with
> straight EDI documents, VANS... i.e., external/unknowable
> encryption/security?
>
> The particular partner we have chosen has specified PGP and ftp, so
> unfortunately, should you rush to suggest some other scenario that works,
> don't bother, we already have. It's this, or nothing.
>
> I know it is way off topic for the filePro forum, but I stand on all the
> usual good reasons for asking here and not elsewhere. Besides, I don't
> really want to broach this topic out in the real world :-). It may start a
> huge thread here all by itself, can you imagine how much traffic there is
> about such things on the appropriate forums? Besides, to the uninitiated
> reader, it might seem like I am untrusting of the PGP people, or completely
> unhappy with their right to do business at the prices they think fair...
> absolutely nothing further from the mark. I found the people at www.pgp.com
> to be very helpful, nice and as you might expect technically superb. So, I'm
> just asking for testimonials if you use the purchased command-line product,
> or maybe you have compiled the thing on some platform and use it
> successfully without having had the need to buy it... one of the "reasons
> for being" for opensource in the first place. It's just too big a buy-in to
> not ask these questions.
>
> Thanks,
>
> --
> John Esak
> (570) 384-2444
>
> Visit The FP Room www.tinyurl.com/97y9u 24/7
>
> Author of:
> The filePro Survivor Series
> Video Training For FilePro On CD
> See samples at : www.valar.com/training
>
> Publisher of:
> The FP Survivor Addendum CD (quarterly)
> Learn more: www.valar.com/fpsa
>
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> http://mailman.celestial.com/mailman/listinfo/filepro-list
>
>
>
--
William P. Akers E-mail: billa at mgmindustries.com
Web Site: http://www.mgmindustries.com/
More information about the Filepro-list
mailing list