The GnuPG group has announced the release of GPG version 2.1.9, which addresses a number of technical issues within the components of the code. The update of any encryption component should be carefully planned, as the impact is often not fully understood until some data cannot be accessed because of encryption issues. Having worked with GPG before, it is very straightforward to implement and get running; harder to develop a long term strategy, thus we can easily paint ourselves in a corner due to a lack of planning.
If you are running a version of GPG older than version 2.1, i strongly recommend taking a look at the changes “What’s new in GnuPG 2.1”. Changes introduced in version 2.1 could have serious impact, such as “support for PGP-2 is removed”. And, as always, we strongly recommend testing all updates in a non-production environment before pointing the update machines at any production environment.
tony d0t carothers --gmail
Oct 11th 2015
2 years ago