How can we utilize latest GPG from RPM repository?
Dan Kegel
dank at kegel.com
Wed Feb 21 16:36:08 CET 2018
On Tue, Feb 20, 2018 at 10:16 PM, Ben McGinnes <ben at adversary.org> wrote:
> On Sat, Feb 17, 2018 at 05:06:54PM -0600, helices wrote:
>> I will probably never understand why wanting to run the most current
>> version of gnupg on a plethora of servers is controversial.
>>
>> Nevertheless, the two (2) greatest reasons are:
>>
>> 1. PCI DSS v3.2
>> 2. PCI DSS compliance audits
>
> Ah, now *this* is a pertinent fact that would've helped at the
> beginning of the thread and the fact that it wasn't is a clear
> demonstration of a tangential point I made further along about getting
> people to step back from their drilled in focus so we can identify the
> actual needs.
>
> Because these two lines explain *precisely* why you need something like
> RHEL or CentOS (certified systems to go with the auditing) *and*
> updated crypto.
And when you're on those certified, curated systems, you have
access to tools like
https://www.open-scap.org/resources/documentation/make-a-rhel7-server-compliant-with-pci-dss/
to help make sure you're in compliance, I think.
I suspect that kind of approach would make passing audits a lot easier
than building the latest gnupg release yourself...
and is less likely to break things.
- Dan
More information about the Gnupg-users
mailing list