Why Operating Systems don't always upgrade GnuPG

Peter Lebbing peter at digitalbrains.com
Tue Feb 20 11:30:44 CET 2018

On 19/02/18 19:45, Daniel Kahn Gillmor wrote:
> But shrugging and suggesting it's uncontroversial to upgrade arbitrary
> machines to the latest version of GnuPG doesn't appreciate the scope of
> the problem involved with software maintenance in an active and
> interdependent ecosystem.

You are right and I feel stupid for suggesting it is uncontroversial.
Hell, you'd think running Debian stretch/stable (with its 2.1.18) on a
plethora of servers would be uncontroversial, but even that isn't
totally free of controversy. There are people having problems with
adjusting their process to use GnuPG 2.1+.

I am very grateful for all the work you put in to not only fix programs
in Debian depending on /usr/bin/gpg2 being 2.0, but also fix programs
depending on /usr/bin/gpg being 1.4. Because even though
co-installability was considered while designing 2.1, in practice 1.4
and 2.1+ don't mix well.

Thank you.

If done with care and attention, there are still situations where
installing GnuPG 2.2 on what is the most recent version of CentOS/RHEL
is a good thing to do. You have to carefully consider which software
will be using GnuPG, though.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180220/c78633f6/attachment-0001.sig>

More information about the Gnupg-users mailing list