Re: How can we utilize latest GPG from RPM repository?

Sat, 17 Feb 2018 18:40:20 -0800 


On 02/17/18 17:06, helices wrote:

I will probably never understand why wanting to run the most current 
version of gnupg on a plethora of servers is controversial.


Nevertheless, the two (2) greatest reasons are:

 1. PCI DSS v3.2
 2. PCI DSS compliance audits


Being able to demonstrate that we are using the latest, greatest 
encryption available on every one of our hosts, simplifies that 
portion of the audit equation more than you probably believe.



Furthermore, following feature not availabe in 2.0.22 are more than 
nice-to-haves:


  * The file secring.gpg is not used to store the secret keys anymore.
  * All support for PGP-2 keys has been removed for security reasons.
  * The standard key generation interface is now much leaner.
  * Commands to create and sign keys from the command line without any
    extra prompts are now available.
  * There is no more need to manually start the gpg-agent.
  * A new format for locally storing the public keys is now used.
  * Revocation certificates are now created by default.
  * The format of the key listing has been changed to better identify
    the properties of a key.



Apparently, there is no current solution to our problem similar to 
that we found for our rsyslog example. That is too bad. We will get 
over our disappointment.



However, let it be said here and now, if the gnupg community wants the 
use of gnupg to spread far further than a clique of geeks, making its 
use easier for non-geeks is probably the simplest and most direct way.


Yes, that is my opinion, humble or otherwise.

YMMV


Are there any other questions before I get a direct answer to my 
original subject question?


Thank you.



On Wed, Feb 14, 2018 at 2:20 PM, helices <g...@mdsresource.net 
<mailto:g...@mdsresource.net>> wrote:


    CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer.

    We want to move to v2.2.x, and stay current, but we don't want to
    download source and compile for dozens of systems.

    We want all users to be using the same version all of the time.

    Please, advise. Thank you.



Pay someone to package it for you.



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users























					Reply via email to