Re: How can we utilize latest GPG from RPM repository?

On Thu, Feb 22, 2018 at 08:09:31AM -0800, Dan Kegel wrote: > > https://www.open-scap.org/download/ shows they provide an > open source tool which is in repositories for four redhat-ish distros and > two debian-ish distros; on Ubuntu, I was able to walk down the > path of using it a bit, looks a

Re: How can we utilize latest GPG from RPM repository?

On Wed, Feb 21, 2018 at 10:22 PM, Ben McGinnes wrote: >> And when you're on those certified, curated systems, you have >> access to tools like >> https://www.open-scap.org/resources/documentation/make-a-rhel7-server-compliant-with-pci-dss/ >> to help make sure you're in

Being civil costs you nothing (was: How can we utilize latest GPG from RPM repository?)

On 22/02/18 15:18, helices wrote: > Let's cut through these ill-informed suppositions once and for all You are rapidly squandering good will here. Your hostile tone will not motivate anyone to help you any further. You are asking people to spend their spare time on your issues, you should not

Re: How can we utilize latest GPG from RPM repository?

Let's cut through these ill-informed suppositions once and for all: If host compliance was our problem, I would not have posted here at all. Also, nowhere in this thread have I stated any inability to compile myself. Having been doing such for 40+ years, that is not our problem either. Defending

Re: How can we utilize latest GPG from RPM repository?

On Wed, Feb 21, 2018 at 07:36:08AM -0800, Dan Kegel wrote: > On Tue, Feb 20, 2018 at 10:16 PM, Ben McGinnes wrote: >> >> Because these two lines explain *precisely* why you need something >> like RHEL or CentOS (certified systems to go with the auditing) >> *and* updated

Re: How can we utilize latest GPG from RPM repository?

On Tue, Feb 20, 2018 at 10:16 PM, Ben McGinnes wrote: > On Sat, Feb 17, 2018 at 05:06:54PM -0600, helices wrote: >> I will probably never understand why wanting to run the most current >> version of gnupg on a plethora of servers is controversial. >> >> Nevertheless, the two

Re: How can we utilize latest GPG from RPM repository?

On Sat, Feb 17, 2018 at 05:06:54PM -0600, helices wrote: > I will probably never understand why wanting to run the most current > version of gnupg on a plethora of servers is controversial. > > Nevertheless, the two (2) greatest reasons are: > >1. PCI DSS v3.2 >2. PCI DSS compliance

Re: Why Operating Systems don't always upgrade GnuPG [was: Re: How can we utilize latest GPG from RPM repository?]

On Tue 2018-02-20 13:18:40 +0100, Dashamir Hoxha wrote: > One solution to this situation may be to install the latest GnuPG > in a Docker container, where it can have all the required libraries > and dependencies that it needs, without disturbing the host OS. I think this misses the point that

Re: Why Operating Systems don't always upgrade GnuPG [was: Re: How can we utilize latest GPG from RPM repository?]

On Mon, Feb 19, 2018 at 10:45:52AM -0800, Daniel Kahn Gillmor wrote: > > How can GnuPG contribute to fixing this problem? The traditional way > that many other projects have taken is to define their core programmatic > functionality into a library with a strict interface guarantees, and > have

Re: Why Operating Systems don't always upgrade GnuPG [was: Re: How can we utilize latest GPG from RPM repository?]

On 02/20/2018 01:18 PM, Dashamir Hoxha wrote: > If anybody is willing to give a try to any of these solutions I would > like to help. I would be generally cautious for both approaches without proper support in the surrounding infrastructure. In particular an upgrade to a depending library would

Re: Why Operating Systems don't always upgrade GnuPG [was: Re: How can we utilize latest GPG from RPM repository?]

On Mon, Feb 19, 2018 at 7:45 PM, Daniel Kahn Gillmor wrote: > On Sat 2018-02-17 17:06:54 -0600, helices wrote: > > I will probably never understand why wanting to run the most current > > version of gnupg on a plethora of servers is controversial. > > Here's one last try

Re: Why Operating Systems don't always upgrade GnuPG [was: Re: How can we utilize latest GPG from RPM repository?]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 19 February 2018 at 8:51:08 PM, in a message with no id, ed...@pettijohn-web.com wrote:- > I think gpgme is the answer here as well. If you mean > specifically > a python interface to gpgme then it's probably up to > a python

Re: Why Operating Systems don't always upgrade GnuPG [was: Re: How can we utilize latest GPG from RPM repository?]

On Feb 19, 2018 12:45 PM, Daniel Kahn Gillmor wrote: > > On Sat 2018-02-17 17:06:54 -0600, helices wrote: > > I will probably never understand why wanting to run the most current > > version of gnupg on a plethora of servers is controversial. > > Here's one last try to

Why Operating Systems don't always upgrade GnuPG [was: Re: How can we utilize latest GPG from RPM repository?]

On Sat 2018-02-17 17:06:54 -0600, helices wrote: > I will probably never understand why wanting to run the most current > version of gnupg on a plethora of servers is controversial. Here's one last try to explain the situation. GnuPG (and the libraries it depends on) are used by (aka "depended

Re: How can we utilize latest GPG from RPM repository?

On 02/19/18 04:53, Werner Koch wrote: > On Fri, 16 Feb 2018 14:38, konstan...@linuxfoundation.org said: > >> (if someone can recommend a better way that only statically links >> gnupg's own libraries like libassuan and libgpg-error, but uses shared >> objects for other system libraries, please

Re: How can we utilize latest GPG from RPM repository?

On Fri, 16 Feb 2018 14:38, konstan...@linuxfoundation.org said: > (if someone can recommend a better way that only statically links > gnupg's own libraries like libassuan and libgpg-error, but uses shared > objects for other system libraries, please let me know, as I didn't find > any quickie

Re: How can we utilize latest GPG from RPM repository?

On 18/02/18 00:06, helices wrote: > I will probably never understand why wanting to run the most current > version of gnupg on a plethora of servers is controversial. I don't think it is. I'm sorry your question didn't get answered satisfactorily; that's just how things can go on community

Re: How can we utilize latest GPG from RPM repository?

On 02/17/18 17:06, helices wrote: I will probably never understand why wanting to run the most current version of gnupg on a plethora of servers is controversial. Nevertheless, the two (2) greatest reasons are: 1. PCI DSS v3.2 2. PCI DSS compliance audits Being able to demonstrate that

Re: How can we utilize latest GPG from RPM repository?

I will probably never understand why wanting to run the most current version of gnupg on a plethora of servers is controversial. Nevertheless, the two (2) greatest reasons are: 1. PCI DSS v3.2 2. PCI DSS compliance audits Being able to demonstrate that we are using the latest, greatest

Re: How can we utilize latest GPG from RPM repository?

On 02/14/18 15:20, gpg at mdsresource.net (helices) wrote: > CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer. > > We want to move to v2.2.x, and stay current, but we don't want to download > source and compile for dozens of systems. I had a similar need (because my users started

RE: How can we utilize latest GPG from RPM repository?

users-boun...@gnupg.org] On Behalf Of Daniel Kahn Gillmor Sent: Wednesday, February 14, 2018 5:31 PM To: helices; gnupg-users@gnupg.org Subject: Re: How can we utilize latest GPG from RPM repository? On Wed 2018-02-14 14:20:10 -0600, helices wrote: > CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't

RE: How can we utilize latest GPG from RPM repository?

time.   For a Production environment that pace of upgrade > is usually not desirable which is why people use RHEL/CentOS instead. > > > -Original Message- > From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Daniel > Kahn Gillmor > Sent: Wednesday, Fe

Re: How can we utilize latest GPG from RPM repository?

; looked at rpmfind? rpmbone? > > > > And of course YOU could create the rpm and share it on EPEL yourself so > others will have it. > > > > > > *From:* Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] *On Behalf Of * > helices > *Sent:* Thursday, February 15, 2018 9:10

RE: How can we utilize latest GPG from RPM repository?

? And of course YOU could create the rpm and share it on EPEL yourself so others will have it. From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of helices Sent: Thursday, February 15, 2018 9:10 AM To: gnupg-users@gnupg.org Subject: Re: How can we utilize latest GPG from RPM repository

Re: How can we utilize latest GPG from RPM repository?

e of > upgrade is usually not desirable which is why people use RHEL/CentOS > instead. > > -Original Message- > From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of > Daniel Kahn Gillmor > Sent: Wednesday, February 14, 2018 5:31 PM > To: helices; gnu

Re: How can we utilize latest GPG from RPM repository?

Hi. Am Mittwoch, den 14.02.2018, 14:20 -0600 schrieb helices: > CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer. > We want to move to v2.2.x, and stay current, but we don't want to > download > source and compile for dozens of systems. > We want all users to be using the same

Re: How can we utilize latest GPG from RPM repository?

On Wed 2018-02-14 14:20:10 -0600, helices wrote: > CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer. > > We want to move to v2.2.x, and stay current, but we don't want to download > source and compile for dozens of systems. > > We want all users to be using the same version all of

How can we utilize latest GPG from RPM repository?

CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer. We want to move to v2.2.x, and stay current, but we don't want to download source and compile for dozens of systems. We want all users to be using the same version all of the time. Please, advise. Thank you.