[gnutls-help] guile-gnutls orphaned?
Simon Josefsson
simon at josefsson.org
Mon Nov 11 19:27:44 CET 2024
Andreas Metzler <ametzler at bebt.de> writes:
> On 2024-11-11 Simon Josefsson <simon at josefsson.org> wrote:
>> Andreas Metzler <ametzler at bebt.de> writes:
>
>>> is guile-gnutls still alive/supported? I am mainly asking because of
>>> <https://gitlab.com/gnutls/guile/-/issues/25>.
>
>> I'm happy to make releases, but I mostly rely on people creating merge
>> requests that pass the pipeline (which seems to be in a poor state) for
>> making changes, although my time for this project is a bit stachastic.
>> I've pushed this particular fix now, thank you! Would a new release
>> help?
>
> Hello Simon,
>
> thank you, yes I would appreciate a release.
I have released 4.0.1 now.
> The original question is less about releases than whether the project is
> alive. I care about that because I would rather not ship (especially
> security-sensitive) software without upstream support in a Debian stable
> release.
>
> I do hope my original mail did not sound like a rebuke - It was intended as
> a honest question, I am on a fact-finding mission.
The project is supported, and I believe (Ludovic/Vivien can correct me)
that guile-gnutls is an important component in the Guix bootstrap. So I
think there are more people caring about guile-gnutls than some other
projects. Guix still uses GnuTLS 3.8.3 (plus patches) which is why Guix
didn't notice the build problem with 3.8.4+. We could add a
Debian:testing GitLab pipeline job to notice problems with the recent
GnuTLS release, if that would help? Maybe that would have cought this
problem earlier.
Of course, I'm not saying the project couldn't use more help from
volunteers. I'll be happy to rotate the release duty too. Vivien or
Ludovic, do you have cycles for this? I followed README-release,
manually added the GitLab release through the web interface, and
customized the announcement e-mail and sent it off. On the other hand,
we just made a release so I'm not sure if there is anything more to be
done at this point. I have a recipe to get a reproducible source
tarball in other projects (compare libntlm and oath-toolkit), so making
that happen together with publishing a minimal git-archive tarball would
be a nice near-term improvement though.
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 255 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20241111/b1d7a2b5/attachment.sig>
More information about the Gnutls-help
mailing list