need help for GPG 1.2.1 binary for REHL 5.8

Robert J. Hansen rjh at sixdemonbag.org
Wed Aug 21 15:53:22 CEST 2013


On 08/20/2013 05:43 PM, Snehendu Ghosh wrote:
> We are not expecting any of the third party will make any changes in 
> their side. That is the reason we want to go with the 1.2.1 version
> to minimize the risk.

Although I certainly understand the desire to minimize risk, the
possibility of being hit by one of the dozens of bugs that have been
found in 1.2.1 (and fixed since) needs to be considered as well.

GnuPG 1.4 has no trouble interoperating with 1.2.1.  The OpenPGP
specification (which GnuPG implements) includes the ability to discover
what features the other party/parties support and to automatically use
compatible features.

> Now assume a scenario, where we implement 1.4 version in our to-be 
> system, encrypt a file with 1.4 version and send it to a third party.
> We are not sure if that third party will able to do decryption using
> a lower version.

If you are not able to, that would strike me as a very serious bug in
GnuPG and one that will be soon fixed.





More information about the Gnupg-users mailing list