[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Win32 GnuTLS DLL installer?

From: Eli Zaretskii
Subject: Re: Win32 GnuTLS DLL installer?
Date: Thu, 21 Sep 2017 21:31:55 +0300

> From: Ted Zlatanov <address@hidden>
> Date: Thu, 21 Sep 2017 13:57:46 -0400
> EZ> Available from where?  Surely, we won't want to recommend
> EZ> security-related DLLs whose quality we cannot guarantee, would we?
> As Phillip said,
> https://ftp.gnu.org/gnu/emacs/windows/emacs-25-x86_64-deps.zip and
> whatever other locations on that server are appropriate. I think that's
> the simplest, least surprising solution.

It may be the simplest, but are they good enough for a dedicated,
security-related package?  I'm not sure.  E.g., do the MSYS2 people,
who produce the DLLs which Phillip repackages, habitually run the test
suite of those DLLs, and investigate every failure?

> EZ> Bottom line, I'd really love to see someone volunteer to do this job
> EZ> in a way that we could simply rely on them and point to their site (or
> EZ> copy stuff from there to ELPA), but I'm not holding my breath, having
> EZ> done that several times myself.  It's not an easy job, and requires
> EZ> non-trivial investment of time and effort.
> I understand your concerns. They apply equally to the rest of the W32
> binaries and dependencies and I'm not ignoring them.

They do, but producing a security-catering package brings on
additional concerns.  And I'm not sure our simple practices are up to
the challenge.

> When a GitLab server is available, maybe we can set up a W32 build slave
> to build and test these binaries.

That'd be good progress, but someone will still have to review the
failures in the optional libraries and fix them.  The upstream
developers only do that for GNU/Linux builds.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]