28.04.2022 15:27, Ondřej Surý wrote: ..
Yes, it’s the old one. The 2012 hasn’t been specified for use in DNSSEC - there was a draft, but it has expired.
Ok, that makes sense. Thank you for clarification.
Please note there are at least 4 symbols in the libldns3 library which are gost-related:
..
We can keep the symbols as dummy shims, so the package doesn’t have to bump SOVERSION.
Yeah. Formally we should do either one or another. In practice I *highly* doubt anyone is using these 4 symbols, so maybe we can just disable the thing without doing anything. I'm too lazy now to provide the stubs :) ..
There are no GOST signatures used in real world deployments, there’s no need to have validation enabled anywhere. Keeping obsoleted algorithm alive is not doing anybody any favor.
I for one have no objections whatsoever against removal it besides the extra work which is needed. To me it is like, don't touch it if it does not disturb anyone. FWIW, for me the whole GOST thing is weird, I'd not have/use it at all to begin with. In some contexts it is required though. /mjt