Hello Marius, Marius Schamschula <[email protected]> writes:
> I’m the maintainer of the gnutls package for MacPorts. > > Repology just tagged gnutls 3.6.16 as vulnerable. > > It seems that the security fix(es) in gnutls 3.7.7 have not been back ported > to the 3.6.x > branch, which is still listed as the stable branch. > > The gnutls website suggests all users upgrade to version 3.7.7, even those on > the > stable branch, while 3.7.x has not been declared as the stable branch. > > What gives? I would say we could declare 3.7.x as stable, given the amount of backward incompatible changes since 3.6.x is limited. Any thoughts on that? If we want to keep 3.6.x, someone would need to invest on updating the CI infrastructure (either porting the recent changes or switching a simpler CI configuration for the old branch), which may require significant effort. Regards, -- Daiki Ueno _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
