On Thu, Mar 25, 2021 at 05:21:40PM +0100, Niels Möller wrote: > Changes to gostdsa and ed448 will not apply, since those curves didn't > exist in nettle-3.5. Changes to ed25519 might not apply cleanly, due to > refactoring when adding ed448.
Okay. > > I’m asking because in Guix, the easiest way for us to deploy the fixes > > on the ‘master’ branch would be by “grafting” a new Nettle variant > > ABI-compatible with 3.5.1, which is the one packages currently depend on. > > I still recommend upgrading to the latest version. There were an abi > break in 3.6 (so you'd need to recompile lots of guix packages), but no > incompatible changes to the (source level) api. Unfortunately, non-ABI compatible upgrades of nettle cannot be done quickly in Guix. As you point out, we'd have to recompile over >10000 packages, and then we'd have to fix any breakage that might occur from the upgrade. We will have to try to cherry-pick the bug fix patches.
