Which GnuPG?

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
User avatar
eatenimpinia
Level 3
Level 3
Posts: 146
Joined: Thu Sep 10, 2015 9:29 pm

Which GnuPG?

Post by eatenimpinia »

I guess I need to start figuring out this encryption thing. So, I'd like to start with GnuPG and some of its add-ons. From Software Manager, I see that I've currently got both versions 1.4.16 (classic) and 2.0.22 (stable) installed. From several posts on these forums, I understand that I need to leave 1.4 there for Mint's use. But, the GnuPG site also talks about their 2.1.x (modern) versions. In their Announcements for these versions, they say that the classic version can co-exist with either the stable or modern versions, but the stable and modern versions are mutually exclusive (i.e., chose one of those two). In their release Announcements for the stable versions, they say:
If you are new to GnuPG please consider to use the "modern" version 2.1.7.
Since I AM new to this, should I uninstall 2.0.22 and make an attempt at somehow installing the latest modern version (2.1.16 according to

https://gnupg.org/download/index.html )

Also, since this is security software, should I make the attempt to update the classic version to the latest release (1.4.20 according to

https://gnupg.org/news.html )

Similarly, if I should keep the stable version over the modern version, should I update that to it's latest (2.0.30)?
Distro: (back to) Linux Mint 17.3 Rosa, Kernel: 4.4.0-51-generic x86_64 (64 bit), Desktop: Cinnamon 2.8.8

User avatar
xenopeek
Level 24
Level 24
Posts: 24338
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Which GnuPG?

Post by xenopeek »

You do not need to manually install upstream newer releases. The Ubuntu package maintainers for gnupg and gnupg2 backport security fixes to the release they are maintaining. So yes you are on the 1.4.16 and 2.0.22 upstream releases but Ubuntu package maintainers have already released 5 updates for the former and 3 for the latter.

http://changelogs.ubuntu.com/changelogs ... /changelog
http://changelogs.ubuntu.com/changelogs ... /changelog

Thus important issues are being fixed and because you are using the version from the repositories you will see updates for other important issues in Update Manager. If you would manually install from upstream you would be responsible for doing all that work (constantly checking both gnupg projects for newer releases / important issues and again manually installing them each time). Who has time for that. You may also run into issues when you manually install things, where other packages won't install or work with that newer release as they have not been tested and packaged for it.
Image

Cosmo.
Level 23
Level 23
Posts: 17825
Joined: Sat Dec 06, 2014 7:34 am

Re: Which GnuPG?

Post by Cosmo. »

At first: leaving gnupg(1) is mandatory for the system otherwise the package management will break, as it can no longer verify the authenticity of pckages.

At second: If you have the need for gnupg2 you will most likely have a reason for that. The most common reason is encrypting / signing e-mails. If you use Thunderbird - more precisely the extension Enigmail - gnupg2 is needed. Install it from the repositories Enigmail will usually find it and does the rest.

User avatar
eatenimpinia
Level 3
Level 3
Posts: 146
Joined: Thu Sep 10, 2015 9:29 pm

Re: Which GnuPG?

Post by eatenimpinia »

xenopeek: Thanks. I wasn't aware of the updates to the repository. That makes life a lot easier.

Cosmo: No problem with the 1.4 version. But, for the 2.x, which is a better choice for someone just trying to get started with GnuPG? The 2.0 stable (already installed) or the 2.1 modern (recommended by the developer but I'd have to figure out how to install it)?
Distro: (back to) Linux Mint 17.3 Rosa, Kernel: 4.4.0-51-generic x86_64 (64 bit), Desktop: Cinnamon 2.8.8

Cosmo.
Level 23
Level 23
Posts: 17825
Joined: Sat Dec 06, 2014 7:34 am

Re: Which GnuPG?

Post by Cosmo. »

You need to compile 2.1 yourself, also you have to keep it up-to-date yourself.

User avatar
eatenimpinia
Level 3
Level 3
Posts: 146
Joined: Thu Sep 10, 2015 9:29 pm

Re: Which GnuPG?

Post by eatenimpinia »

That's probably a bit beyond me right now. I guess I'll just stick with what's already on the machine. It's just a learning experience at this point. So, if I can learn these versions, I should be able to handle the new version in a couple of years (or if needed earlier). Thanks.
Distro: (back to) Linux Mint 17.3 Rosa, Kernel: 4.4.0-51-generic x86_64 (64 bit), Desktop: Cinnamon 2.8.8

User avatar
xenopeek
Level 24
Level 24
Posts: 24338
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Which GnuPG?

Post by xenopeek »

Or upgrade to Linux Mint 18; it has gnupg 1.4.20 and gnupg2 2.1.11 (again both maintained by Ubuntu developers, to backport any important issues from newer upstream releases).
Image

User avatar
eatenimpinia
Level 3
Level 3
Posts: 146
Joined: Thu Sep 10, 2015 9:29 pm

Re: Which GnuPG?

Post by eatenimpinia »

I had issues with Mint 18 (drives wouldn't necessarily mount and wired Ethernet wouldn't necessarily connect) and had to go back to 17.3. I might give Mint 18.1 a try at some point.
Distro: (back to) Linux Mint 17.3 Rosa, Kernel: 4.4.0-51-generic x86_64 (64 bit), Desktop: Cinnamon 2.8.8

Post Reply

Return to “Software & Applications”