[gnutls-help] gnutls 3.7.7

Simon Josefsson simon at josefsson.org
Fri Sep 2 08:54:02 CEST 2022

Daiki Ueno <ueno at gnu.org> writes:

> Hello Marius,
> Marius Schamschula <lists at schamschula.com> writes:
>> I’m the maintainer of the gnutls package for MacPorts.
>> Repology just tagged gnutls 3.6.16 as vulnerable.
>> It seems that the security fix(es) in gnutls 3.7.7 have not been back ported to the 3.6.x
>> branch, which is still listed as the stable branch.
>> The gnutls website suggests all users upgrade to version 3.7.7, even those on the
>> stable branch, while 3.7.x has not been declared as the stable branch.
>> What gives?
> I would say we could declare 3.7.x as stable, given the amount of
> backward incompatible changes since 3.6.x is limited.  Any thoughts on
> that?

Could you release the 3.7.x branch as 3.8.0 and declare that stable?
That would effectively turn all code in 3.7.x (that is still around)
into stable and supported code via the 3.8.x branch.  I'm happy to help,
although it was years since I last did significant work on GnuTLS.

> If we want to keep 3.6.x, someone would need to invest on updating the
> CI infrastructure (either porting the recent changes or switching a
> simpler CI configuration for the old branch), which may require
> significant effort.

The GnuTLS CI takes hours to complete - this seems detrimental to

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 255 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20220902/7232775d/attachment.sig>

More information about the Gnutls-help mailing list