Our company is part of a highly regulated industry, and our security policy requires us to use commercially supported software wherever possible. While I think that Remi is doing a great job with his repository, it unfortunately does not fall into that category. We had enough problems getting an exception for EPEL…
passbolt use gnupg PHP extension (PECL / Github project) and unfortunately this extension is not provided as a php package in RHEL distribution and its clones (Rocky, Alma, etc.).
There is 2 ways to install this PHP extension:
pecl install gnupg: This is not a RHEL trusted source and you need to install building tools such as make, gcc, etc. It is not ideal and recommended to install build tools on a production server.
Build a php-gnupg RPM package.
You thought first build php-gnupg RPM package ourselves, but as we used Remi’s rpm spec sources, and as he is a well known and trusted PHP maintainer in RPM world, we decided to rely on his repository for the gnupg php extension.
If you really need a php gnupg package provided by passbolt, to avoid the use of Remi’s repository, it is maybe something we can consider. You can contact us at contact@passbolt.com to discuss more about that.