Il giorno sab 8 gen 2022 alle 01:52:47 +0000, Wookey <wookey@wookware.org> ha scritto:
However, I have already packaged v3.0.0. It's not been uploaded yet because it fails some tests intermittently, and I am in discussion with upstream about why this only happens sometimes. That has been stalled for a while so maybe I should just upload this 2.28, but it might be worth me giving them a prod and us waiting another week or so to see if v3.0.0 will happen?
Hi, thank you for your reply! I have not packaged 3.0.0 myself because it is not an LTS release, and I believe that packaging an LTS version is preferable for how Debian releases work. Also, this is the same approach that the original maintainer adopted, and until the package gets officially orphaned I'd like to do things similarly, so that if he comes back he'll find the package more or less how he left it.
Also, packaging LTS versions is preferable for licensing issues. MbedTLS is usually released under the terms of the Apache 2.0 license, while LTS versions are licensed under the Apache-2.0 OR GPL-2.0-or-later, a thing that many users really appreciate (correct me if I'm wrong, but I believe that using Apache-2.0 libraries in GPL software is not allowed).
Packaging LTS versions has the downside of only having "old" versions of the library available, without all the cool features of the newest releases, but I believe that Debian is not about this, right? :)
When the MbedTLS developers will release an LTS version of the 3.x branch I'll be happy to work on it, and we could help each other too - we could even unofficially co-maintain the MbedTLS package starting from now, as the original maintainer has not responded to my emails in months...
Thanks for your interest, have a nice day :)