On Tue, Feb 20, 2018 at 10:16 PM, Ben McGinnes <b...@adversary.org> wrote: > On Sat, Feb 17, 2018 at 05:06:54PM -0600, helices wrote: >> I will probably never understand why wanting to run the most current >> version of gnupg on a plethora of servers is controversial. >> >> Nevertheless, the two (2) greatest reasons are: >> >> 1. PCI DSS v3.2 >> 2. PCI DSS compliance audits > > Ah, now *this* is a pertinent fact that would've helped at the > beginning of the thread and the fact that it wasn't is a clear > demonstration of a tangential point I made further along about getting > people to step back from their drilled in focus so we can identify the > actual needs. > > Because these two lines explain *precisely* why you need something like > RHEL or CentOS (certified systems to go with the auditing) *and* > updated crypto.
And when you're on those certified, curated systems, you have access to tools like https://www.open-scap.org/resources/documentation/make-a-rhel7-server-compliant-with-pci-dss/ to help make sure you're in compliance, I think. I suspect that kind of approach would make passing audits a lot easier than building the latest gnupg release yourself... and is less likely to break things. - Dan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
