How can we utilize latest GPG from RPM repository?

helices gpg at mdsresource.net
Sun Feb 18 00:06:54 CET 2018


I will probably never understand why wanting to run the most current
version of gnupg on a plethora of servers is controversial.

Nevertheless, the two (2) greatest reasons are:

   1. PCI DSS v3.2
   2. PCI DSS compliance audits

Being able to demonstrate that we are using the latest, greatest encryption
available on every one of our hosts, simplifies that portion of the audit
equation more than you probably believe.

Furthermore, following feature not availabe in 2.0.22 are more than
nice-to-haves:

   - The file secring.gpg is not used to store the secret keys anymore.
   - All support for PGP-2 keys has been removed for security reasons.
   - The standard key generation interface is now much leaner.
   - Commands to create and sign keys from the command line without any
   extra prompts are now available.
   - There is no more need to manually start the gpg-agent.
   - A new format for locally storing the public keys is now used.
   - Revocation certificates are now created by default.
   - The format of the key listing has been changed to better identify the
   properties of a key.


Apparently, there is no current solution to our problem similar to that we
found for our rsyslog example. That is too bad. We will get over our
disappointment.

However, let it be said here and now, if the gnupg community wants the use
of gnupg to spread far further than a clique of geeks, making its use
easier for non-geeks is probably the simplest and most direct way.

Yes, that is my opinion, humble or otherwise.

YMMV

Are there any other questions before I get a direct answer to my original
subject question?

Thank you.


On Wed, Feb 14, 2018 at 2:20 PM, helices <gpg at mdsresource.net> wrote:

> CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer.
>
> We want to move to v2.2.x, and stay current, but we don't want to download
> source and compile for dozens of systems.
>
> We want all users to be using the same version all of the time.
>
> Please, advise. Thank you.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180217/e7ec682f/attachment.html>


More information about the Gnupg-users mailing list