[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proposal: require GnuTLS 3.1.x (previous stable)

From: Glenn Morris
Subject: Re: proposal: require GnuTLS 3.1.x (previous stable)
Date: Sat, 29 Nov 2014 15:02:53 -0500
User-agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)

Ted Zlatanov wrote:

> "Whether you need to support gnutls 2.12.x is up to you. However, I note
> that this version is totally unsupported, if it is broken or has a
> critical bug you are on your own."

Unsupported by _upstream_ gnutls.

However, it is part of the function of LTS distributions to backport
security patches to the versions that they include (or if that is
impossible to update to newer versions). Eg I can assure you that this
is what Red Hat will do for RHEL6 (it was in the context of RHEL6 that
this issue first came up). Debian security, Ubuntu LTS, they all do the
same kind of thing.

It's not Emacs's problem, and not your problem, to worry about these things.
Emacs should just (generally speaking) support whatever library versions
the commonly used distributions support, and let the distributions worry
about security issues in those libraries.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]