[gnutls-devel] Expected timeline for GnuTLS 3.3 to be declared stable

Andreas Metzler ametzler at bebt.de
Mon Jul 7 19:41:19 CEST 2014

On 2014-07-06 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Sun, 2014-07-06 at 18:29 +0200, Andreas Metzler wrote:
> Hello Andreas,
>  The plan is to make it stable as soon as possible. No new features that
> require significant changes will be included, and my plan is to have it
> replace 3.2 by end of summer.

Great, I will switch Debian unstable when it is opportune.

> > (It is probably a little bit early for asking this, since currently we
> > are trying to move to 3.2 from 2.12.)

> There shouldn't be any issue with the move to 3.3 from 3.2. 

> Out of curiosity, what is the major obstacle from abolishing 2.12? Don't
> programs compile out of the box with 3.2?

Many do but some important ones (OpenLDAP, fixed in upstream git) did not.

The most frequent issues are more uglyness than real breakage and related
to swiching of crypto backends:

* If gnutls is available and you need gcrypt you need to
  build-depend on and search for it. It is not always there anymore.
* Configuring gcrypt (quick random, thread handlers) only on the
  assumption that it is used by gnutls is pointless. Drop the
* Calculating a MD5 hash is not be done best by invoking gcrypt, use
  the GnuTLS crypt API and avoid the additional external dependency.

It is alse a  bit of an organizational problem. Due to the license
issues and the timing of the last Debian release we needed to have
both gnutls versions in Debian for a very long time. - If that was not
the case a quick hard cut might have been used instead.

cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Gnutls-devel mailing list