[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS for W32

From: Juanma Barranquero
Subject: Re: GnuTLS for W32
Date: Sat, 7 Jan 2012 14:14:21 +0100

On Sat, Jan 7, 2012 at 11:24, Chong Yidong <address@hidden> wrote:

> - First of all, any change involving distributing GnuTLS with Emacs
>  should be post-24.1.
> - Phoning home on startup by default is out of the question.  [...]
> - I am open to improvements to package.el to implement _periodic_ update
>  checking, [...]

I 100% agree with all the points above.

>  If a really serious security flaw is found in GnuPG, and we are
>  distributing GnuPG with Emacs, we should make an Emacs security
>  release, exactly as though it was a security flaw in Emacs itself.

I think that's clear. But IMO, in the case we are discussing, we
should not distribute the GnuTLS DLL, just as we don't distribute
libpng or libxml2. If we make it available through ELPA (which I don't
like, but like much more than the alternative), then of course
security releases of the relevant package would be available through
ELPA too.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]