How can we utilize latest GPG from RPM repository?
Ben McGinnes
ben at adversary.org
Thu Feb 22 07:22:45 CET 2018
On Wed, Feb 21, 2018 at 07:36:08AM -0800, Dan Kegel wrote:
> On Tue, Feb 20, 2018 at 10:16 PM, Ben McGinnes <ben at adversary.org> wrote:
>>
>> Because these two lines explain *precisely* why you need something
>> like RHEL or CentOS (certified systems to go with the auditing)
>> *and* updated crypto.
>
> And when you're on those certified, curated systems, you have
> access to tools like
> https://www.open-scap.org/resources/documentation/make-a-rhel7-server-compliant-with-pci-dss/
> to help make sure you're in compliance, I think.
>
> I suspect that kind of approach would make passing audits a lot
> easier than building the latest gnupg release yourself...
> and is less likely to break things.
In all likelihood, yes ... however open-scap.org is a RedHat service
and most likely only supplied to RHEL customers seeking PCI-DSS
compliance along with direct support via their service contract.
If, however, this particular case actually deals with CentOS systems
and not RHEL, then the OP has elected to forego that type of
professional service contract from the vendor in order to do it
themselves.
Which brings us either back to this thread, or a business decision at
their end regarding whether or not bring their systems back to RHEL
(it requires changing two files, IIRC, assuming they haven't massively
modified things) and paying RedHat whatever it takes to get the job
done. I cannot predict which they will choose, nor am I willing to
make a recommendation solely on what's been presented here.
Still, the OP wanted options and now they've been provided. :)
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180222/f1619c11/attachment.sig>
More information about the Gnupg-users
mailing list