Re: bug#14380: 24.3; `network-stream-open-tls' fails in some imap servers on w32

[Ted Zlatanov]

On Sat, 25 May 2013 09:42:56 +0300 Eli Zaretskii <address@hidden> wrote: 

>> From: Ted Zlatanov <address@hidden>
>> Date: Fri, 24 May 2013 17:55:16 -0400
>> 
EZ> You (or someone else) are welcome to take my ports and package them as
EZ> you see fit.  If you do a good job, I will even point to those
EZ> packages in nt/INSTALL etc.
>> 
>> Your work is very good and OK with me (although I can work with you to
>> automate the builds).  I am talking about distributing these binary
>> libraries better, especially critical updates.

EZ> That's exactly what I was talking about, too: take the port packaged
EZ> as drop-in zip files, and package it in some other way you consider to
EZ> be better.

That's great!  I'd love to make it a GNU ELPA package to be installed or
updated like any other such package.

EZ> As for critical updates, if you point me to the place or places where
EZ> these are described, I might consider whether it's time to update the
EZ> port.  (Please don't just point me to the gnutls-devel list, because I
EZ> read that, and have yet to see something like what you seem to allude
EZ> to.)

I would assume you want to automate the builds to some degree, but I
don't mind packaging whatever you produce.  Have you documented the
process anywhere so I can follow it if you can't do it?

There's several lists where critical vulnerabilities are disclosed but I
don't follow them all; currently this seems like the best way:
http://web.nvd.nist.gov/view/vuln/search-results?query=gnutls&search_type=all&cves=on&uscert_ta=on&uscert_vn=on&oval_query=on

Following gnutls-devel is probably sufficient for now and we can tell
the GnuTLS developers we are interested in early disclosure.

Ted