|
| From: | Lapo Luchini |
| Subject: | Re: Official snapshot with Botan 2 |
| Date: | Wed, 21 Jul 2021 01:18:44 +0200 |
| User-agent: | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 |
On 2021-05-08 13:22, Michael Raskin wrote:
Hello
I am trying to maintain a Monotone package in Nixpkgs. Currently
the Botan 1 version needed to build the latest Monotone release seems to
get a bunch of vulnerabilities reported (and so is marked insecure in
Nixpkgs). I have used net.venge.monotone.lapo.botan2 branch and the PCRE
8.42 patch by Petr Písař to build Monotone with fresher versions and
indeed it works fine, syncs with 1.1 releases etc. However, right now
the only way I can grab it is via Monotone netsync, which is not good
for a Monotone package in a distribution package repository.
If a bit of testing effort can be put together I think we better create a proper new release with those patches included, as when I fixed botan2 patch in April I just didn't have enough time to ensure it was working for everyone (I only checked it was working "enough for me").
Basically, I don't have time to be a proper maintainer, but if patches are created and tested together… I think I can take time to create new releases from time to time.
Last releases were cut by Markus but with some reading docs I could do it given enough time, I think. (I am the maintainer of the server that host's the website too, so accesses are not a problem)
-- Lapo Luchini lapo@lapo.it
| [Prev in Thread] | Current Thread | [Next in Thread] |