Page 1 of 1

Which GnuPG?

Posted: Mon Nov 21, 2016 1:29 pm
by eatenimpinia
I guess I need to start figuring out this encryption thing. So, I'd like to start with GnuPG and some of its add-ons. From Software Manager, I see that I've currently got both versions 1.4.16 (classic) and 2.0.22 (stable) installed. From several posts on these forums, I understand that I need to leave 1.4 there for Mint's use. But, the GnuPG site also talks about their 2.1.x (modern) versions. In their Announcements for these versions, they say that the classic version can co-exist with either the stable or modern versions, but the stable and modern versions are mutually exclusive (i.e., chose one of those two). In their release Announcements for the stable versions, they say:
If you are new to GnuPG please consider to use the "modern" version 2.1.7.
Since I AM new to this, should I uninstall 2.0.22 and make an attempt at somehow installing the latest modern version (2.1.16 according to

https://gnupg.org/download/index.html )

Also, since this is security software, should I make the attempt to update the classic version to the latest release (1.4.20 according to

https://gnupg.org/news.html )

Similarly, if I should keep the stable version over the modern version, should I update that to it's latest (2.0.30)?

Re: Which GnuPG?

Posted: Mon Nov 21, 2016 1:45 pm
by xenopeek
You do not need to manually install upstream newer releases. The Ubuntu package maintainers for gnupg and gnupg2 backport security fixes to the release they are maintaining. So yes you are on the 1.4.16 and 2.0.22 upstream releases but Ubuntu package maintainers have already released 5 updates for the former and 3 for the latter.

http://changelogs.ubuntu.com/changelogs ... /changelog
http://changelogs.ubuntu.com/changelogs ... /changelog

Thus important issues are being fixed and because you are using the version from the repositories you will see updates for other important issues in Update Manager. If you would manually install from upstream you would be responsible for doing all that work (constantly checking both gnupg projects for newer releases / important issues and again manually installing them each time). Who has time for that. You may also run into issues when you manually install things, where other packages won't install or work with that newer release as they have not been tested and packaged for it.

Re: Which GnuPG?

Posted: Mon Nov 21, 2016 3:26 pm
by Cosmo.
At first: leaving gnupg(1) is mandatory for the system otherwise the package management will break, as it can no longer verify the authenticity of pckages.

At second: If you have the need for gnupg2 you will most likely have a reason for that. The most common reason is encrypting / signing e-mails. If you use Thunderbird - more precisely the extension Enigmail - gnupg2 is needed. Install it from the repositories Enigmail will usually find it and does the rest.

Re: Which GnuPG?

Posted: Mon Nov 21, 2016 6:23 pm
by eatenimpinia
xenopeek: Thanks. I wasn't aware of the updates to the repository. That makes life a lot easier.

Cosmo: No problem with the 1.4 version. But, for the 2.x, which is a better choice for someone just trying to get started with GnuPG? The 2.0 stable (already installed) or the 2.1 modern (recommended by the developer but I'd have to figure out how to install it)?

Re: Which GnuPG?

Posted: Mon Nov 21, 2016 7:05 pm
by Cosmo.
You need to compile 2.1 yourself, also you have to keep it up-to-date yourself.

Re: Which GnuPG?

Posted: Mon Nov 21, 2016 10:50 pm
by eatenimpinia
That's probably a bit beyond me right now. I guess I'll just stick with what's already on the machine. It's just a learning experience at this point. So, if I can learn these versions, I should be able to handle the new version in a couple of years (or if needed earlier). Thanks.

Re: Which GnuPG?

Posted: Tue Nov 22, 2016 2:12 am
by xenopeek
Or upgrade to Linux Mint 18; it has gnupg 1.4.20 and gnupg2 2.1.11 (again both maintained by Ubuntu developers, to backport any important issues from newer upstream releases).

Re: Which GnuPG?

Posted: Tue Nov 22, 2016 2:36 pm
by eatenimpinia
I had issues with Mint 18 (drives wouldn't necessarily mount and wired Ethernet wouldn't necessarily connect) and had to go back to 17.3. I might give Mint 18.1 a try at some point.