How can we utilize latest GPG from RPM repository?
gpg at mdsresource.net
Thu Feb 15 15:10:07 CET 2018
Yes, I know that.
In general, that scheme works well.
However, in another case, rsyslog, a certain function has been broken for
many years, and the only fix is to track the developers' most recent
versions. In that case, the developers maintain their own repository:
http://rpms.adiscon.com ; which is easy to incorporate into:
We are hoping something similar is available for gnupg. I have not found
that; which is the reason for my posts here.
What am I missing?
Please, advise. Thank you.
On Thu, Feb 15, 2018 at 7:56 AM, Lightner, Jeffrey <JLightner at dsservices.com
> CentOS isn't a vendor. It is a project that does binary compiles of RHEL
> RedHat is the vendor that creates RHEL and its source is used to make
> CentOS. RHEL is supported by RedHat if you have a subscription. CentOS
> has no direct support though RedHat hosts the project nowadays.
> RHEL (and therefore CentOS) major versions such as 7 start with base
> upstream versions of packages. RedHat modifies that base upstream package
> to backport bug and security fixes from later upstream packages if relevant
> to the original base. They then add extended versioning to the RPM name.
> For example on a test system I just looked at "yum list gnupg2" shows:
> Installed Packages
> gnupg2.x86_64 2.0.22-3.el7 @anaconda/7.0
> Available Packages
> gnupg2.x86_64 2.0.22-4.el7
> Notice the base upstream for both the installed and the available is
> 2.0.22 but the extended versioning is different (3.el7 vs 4.el7). You'd
> have to examine the errata to see what is different about the latter.
> In general unless there is a specific feature in upstream you need that is
> not in the RHEL/CentOS provided version you should use the RHEL/CentOS
> version on your RHEL/CentOS system.
> If you really want the latest of everything you should use Fedora instead
> of CentOS. Just be aware that Fedora is bleeding edge and releases a new
> version twice a year. Generally that means you HAVE to do a full upgrade
> at least once a year as they won't offer updated packages for more than two
> major versions at a time. For a Production environment that pace of
> upgrade is usually not desirable which is why people use RHEL/CentOS
> -----Original Message-----
> From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of
> Daniel Kahn Gillmor
> Sent: Wednesday, February 14, 2018 5:31 PM
> To: helices; gnupg-users at gnupg.org
> Subject: Re: How can we utilize latest GPG from RPM repository?
> On Wed 2018-02-14 14:20:10 -0600, helices wrote:
> > CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer.
> > We want to move to v2.2.x, and stay current, but we don't want to
> > download source and compile for dozens of systems.
> > We want all users to be using the same version all of the time.
> This sounds like a problem for your operating system and/or package
> manager. GnuPG has a chain of build dependencies which often makes it
> difficult to just import directly from a single RPM.
> If you were running a more recent operating system, you'd likely get
> something from the GnuPG "modern" branch as well anyway.
> Perhaps you want to ask your operating system vendor what their
> recommendation is for "backports" of specific packages?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users