On Sat, Jul 24, 2004 at 05:35:59PM +0200, Matthias Urlichs wrote: > * gnutls10 and gcrypt7 are *seriously* out-of-date Upstream; > * Upstream urges us to not distribute them in Sarge (cf. bug #258975): > >> FWIW, I want to restate that I consider it a *very bad idea* to go > >> with libgcrypt7 for the Sarge release. We did not declared that > >> release stable [...] PLEASE, reconsider this decision and drop > >> libgcrypt7 in favor of libgcrypt11 - the required changes to the > >> source are minimal if at all required. Rebuilding will do it in > >> allmost all cases > * gnutls10 does not support multithreaded programs correctly; gnutls11 > has a more generic callback mechanism (cf. bug #244827); > * the API changes are minor and only require recompilation; > I would like to ask for reconsideration of the D-I package freeze. > Specifically, I would like to > * add gnutls11 and gcrypt11 to the list of D-I packages, > * Rebuild everything, or at least the packages with Priority<optional, > to use grypt11 and gnutls11. > * Drop gcrypt7 and gnutls10 from the list of base packages, downgrade > them to Optional status. > gnutls11 has been uploaded to Experimental and currently waits for > NEW processing. The packages are also available at - The packages need to be present in unstable and testing before we can make any such decision. - We currently do not have any way of *removing* packages from debootstrap's list of base packages without causing harmful d-i churn; therefore, whether or not gnutls11 is added to the list, gnutls10 would still be installed. - I don't believe there are any multithreaded applications in base that use gnutls. I understand upstream's concerns about shipping an outdated library, but I don't believe there's any way to avoid that now. If you would like to propose that gnutls11 be included in base *as well*, you would need to talk to the debootstrap maintainers -- but there's no sense in doing so until gnutls11 has made it at least into unstable. I would recommend re-uploading gnutls11 and gcrypt11 to unstable immediately; I don't see any reason why the addition of new library packages needs to be staged in experimental, this would be more of an issue for packages *depending* on such libraries. -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature