Why Operating Systems don't always upgrade GnuPG [was: Re: How can we utilize latest GPG from RPM repository?]
Dashamir Hoxha
dashohoxha at gmail.com
Tue Feb 20 13:18:40 CET 2018
On Mon, Feb 19, 2018 at 7:45 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net>
wrote:
> On Sat 2018-02-17 17:06:54 -0600, helices wrote:
> > I will probably never understand why wanting to run the most current
> > version of gnupg on a plethora of servers is controversial.
>
> Here's one last try to explain the situation.
>
> GnuPG (and the libraries it depends on) are used by (aka "depended on
> by") other libraries and tools, both those integrated into the operating
> system itself, and those that might be externally installed. Some of
> these dependencies are "brittle".
>
One solution to this situation may be to install the latest GnuPG
in a Docker container, where it can have all the required libraries
and dependencies that it needs, without disturbing the host OS.
But I am aware that this may present some challenges for normal
usage and may not be suitable except for testing.
Another solution may be to use a "snap", which is a kind of new
software packaging invented by Ubuntu:
- https://snapcraft.io/
- https://docs.snapcraft.io/snaps/intro
The idea is that a software is shipped with all the dependencies,
so it does not matter in which OS it is installed, it will always work.
I don't know the details of snaps. Since it is a "containerized software
package" maybe it is not much different from the docker solution
above and maybe has the same challenges/problems.
If anybody is willing to give a try to any of these solutions I would like
to help.
Regards,
Dashamir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180220/4520994c/attachment.html>
More information about the Gnupg-users
mailing list