[gnutls-devel] [gnutls-help] GnuTLS 3.6.0 released

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Sep 6 17:57:09 CEST 2017

On Wed 2017-09-06 13:12:11 +0200, Nikos Mavrogiannopoulos wrote:
> The options seem to be:
>  * deprecate the API and force applications specify explicitly a hash
> for signing
>  * Update/break the ABI for 3.6 and make the underlying algorithm used
> to be undefined (i.e., a secure but unspecified one).

fwiw, i prefer the second option.  It's always good to have a "do what
you currently think is best" simple API.

This also resolves the request for a "@SYSTEM" mechanism for _sign2(),
since the way to do that would just be to use _sign().  I don't even
think this is a large enough API/behavioral change to _sign() to warrant
an SONAME bump, personally, esp. since SHA1 is deprecated for this

Thanks for thinking this through!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170906/f045b222/attachment.sig>

More information about the Gnutls-devel mailing list