From: Philipp Stephani <address@hidden>To me, the fact that a newer version of GnuTLS doesn't show thisproblem means that the issue was resolved by further development ofthat package. Maybe Ubuntu needs to backport more patches?Anyway, we can continue discussing this here to Kingdom Come, but ifwe want to hear from experts, this issue should be brought on theGnuTLS mailing list, not here.
Date: Sun, 04 Feb 2018 16:48:04 +0000
Cc: Neil Okamoto <address@hidden>, address@hidden
Isn't this an awfully old version of GnuTLS?
It is the version shipped with the current LTS version of Ubuntu: https://packages.ubuntu.com/trusty/gnutls-bin
It’s causing me to introduce workarounds, such as downloading a newer gnutls source package andand
compiling it locally in the Travis CI build. I would really prefer not to do this. It adds unnecessary time
complexity to the CI setup for some Emacs packages, and (conversely) one can imagine otherEmacs
package maintainers may be avoiding the complexity by not implementing CI for their projects.server
Can someone more knowledgable about the standards, the evolution of gnutls since 2.12, and the
configuration of elope.gnu.org please weigh in on this?
I'm not such an expert on this, but in general, security assumes
latest versions of related software and databases.
Security requires *patched* versions, not *updated* versions. That's a big difference. Ubuntu LTS gets
security patches until the end of its lifetime, but no bug fixes or new features. The security patches only fix
Ok, I’m re-posting to gnutls-help.