<div dir="ltr"><div>I will probably never understand why wanting to run the most current version of gnupg on a plethora of servers is controversial.</div><div><br></div><div>Nevertheless, the two (2) greatest reasons are:</div><div><ol><li>PCI DSS v3.2<br></li><li>PCI DSS compliance audits<br></li></ol></div><div>Being able to demonstrate that we are using the latest, greatest encryption available on every one of our hosts, simplifies that portion of the audit equation more than you probably believe.<br></div><div><br></div><div>Furthermore, following feature not availabe in 2.0.22 are more than nice-to-haves:</div><div><ul><li>The file secring.gpg is not used to store the secret keys anymore.<br></li><li>All support for PGP-2 keys has been removed for security reasons.<br></li><li>The standard key generation interface is now much leaner.<br></li><li>Commands to create and sign keys from the command line without any extra prompts are now available.<br></li><li>There is no more need to manually start the gpg-agent.<br></li><li>A new format for locally storing the public keys is now used.<br></li><li>Revocation certificates are now created by default.<br></li><li>The format of the key listing has been changed to better identify the properties of a key.<br></li></ul></div><div><br></div><div>Apparently, there is no current solution to our problem similar to that we found for our rsyslog example. That is too bad. We will get over our disappointment.</div><div><br></div><div>However, let it be said here and now, if the gnupg community wants the use of gnupg to spread far further than a clique of geeks, making its use easier for non-geeks is probably the simplest and most direct way.</div><div><br></div><div>Yes, that is my opinion, humble or otherwise.</div><div><br></div><div>YMMV</div><div><br></div><div>Are there any other questions before I get a direct answer to my original subject question?</div><div><br></div><div>Thank you.</div><div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 14, 2018 at 2:20 PM, helices <span dir="ltr"><<a href="mailto:gpg@mdsresource.net" target="_blank">gpg@mdsresource.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer.<br><br>We want to move to v2.2.x, and stay current, but we don't want to download source and compile for dozens of systems.<br><br>We want all users to be using the same version all of the time.<br><br>Please, advise. Thank you.<br><br></div>
</blockquote></div><br></div></div>