Hi,
Martin Michlmayr:
>
> libgnutls11 was added to debootstrap a few days ago (10 and 11 are
> installed),
Really? It's not even in testing yet, was not built on all arches until
today, and somebody (vorlon*) told me it needs to be in testing before
being eligible for debootstrap.
> but libgcrypt7 is installed instead of 10/11. Is that a
> major problem, Matthias?
libgcrypt7 has the same "Upstream asks us not to distribute this
unsupported and buggy crud in Sarge PLEASE" problem that gnutls10 has.
In addition, gnutls11 depends on opencdk8 which still depends on
gcrypt7. Obviously I can't change that before gcrypt11 is installed by
debootstrap.
I'm probably repeating myself here, but IMHO every step we can take
towards the state of "no package in Sarge uses gcrypt7 or gnutls10"
is a Good Thing.
The changelog from gcrypt7 to 11 does contain a bunch of memory
leakages, a doubly-freed lock of secure memory, and other equally
interesting things.
Thus, we're trading off minor inconvenience now against the possibility
of major problems later.
I'm somewhat sorry that I didn't get around to doing this a week
earlier. I needed time to become familiar with the packages and to
actually understand the nontrivial library interdependencies. :-/
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | smurf@smurf.noris.de
Attachment:
signature.asc
Description: Digital signature