[gnutls-help] gnutls 3.7.7

Daiki Ueno ueno at gnu.org
Fri Sep 2 08:39:01 CEST 2022


Hello Marius,

Marius Schamschula <lists at schamschula.com> writes:

> I’m the maintainer of the gnutls package for MacPorts.
>
> Repology just tagged gnutls 3.6.16 as vulnerable.
>
> It seems that the security fix(es) in gnutls 3.7.7 have not been back ported to the 3.6.x
> branch, which is still listed as the stable branch.
>
> The gnutls website suggests all users upgrade to version 3.7.7, even those on the
> stable branch, while 3.7.x has not been declared as the stable branch.
>
> What gives?

I would say we could declare 3.7.x as stable, given the amount of
backward incompatible changes since 3.6.x is limited.  Any thoughts on
that?

If we want to keep 3.6.x, someone would need to invest on updating the
CI infrastructure (either porting the recent changes or switching a
simpler CI configuration for the old branch), which may require
significant effort.

Regards,
-- 
Daiki Ueno



More information about the Gnutls-help mailing list