[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is anyone opposed to GnuTLS with DANE by default?
From: |
ng0 |
Subject: |
Re: Is anyone opposed to GnuTLS with DANE by default? |
Date: |
Thu, 16 Nov 2017 15:25:38 +0000 |
Ludovic Courtès transcribed 0.5K bytes:
> Tobias Geerinckx-Rice <address@hidden> skribis:
>
> > I certainly don't object, but am forced to note that ’gnutls-dane’ more
> > than doubles the closure size of ‘gnutls’ proper (294.2 MiB vs. 138.5).
> >
> > The only new input is ‘unbound’, but that manages to pull in both
> > Pythons 2 and 3. It would be nice™ if it could first be -minimalised...
>
> Yes, to me that’s a showstopper. (One of the Pythons comes from
> libevent.)
>
> Thanks,
> Ludo’.
Okay, sounds reasonable to me and I agree, especially with Python not being
reproducible at the moment (if I remember the threads right).
Am I in the 'old system design' mindwset when I think that
every application that has applications such as libmicrohttpd
in its direct dependency chain should depend on the GnuTLS
version LMH uses and not the 'normal' GnuTLS
(It also depends on the features of GnuTLS which are being used,
but to be on the safe side)?
--
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dl.n0.is/dist/keys/
WWW: https://we.make.ritual.n0.is
signature.asc
Description: PGP signature