Mark H Weaver <m...@netris.org> writes: > Hi Alex, > > Alex Vong <alexvong1...@gmail.com> writes: > >> Maybe what I wrote is not clear. What I mean is that since Debian build >> of gnutls does not include the guile bindings, we have to build gnutls >> from the source tarball ourselves. >> >> The flag "--with-guile-site-dir=/usr/local/share/guile/site/2.2" >> instructs the build script to install the guile bindings into >> "/usr/local/share/guile/site/2.2". > > Sure. This is reasonable, but for the sake of completeness, I'll point > out two disadvantages with this approach, namely that (1) it entails > effectively overriding Debian's GnuTLS library with your manually built > version, which potentially affects the operation of any Debian package > that links to GnuTLS and (2) it means staying on top of security updates > yourself, i.e. recompiling and installing new versions of GnuTLS or the > bundled copies of libtasn1 and libunistring when security flaws are > discovered in those versions. Ditto for the other packages that you > build and install manually. > Agree, while (1) seems to not causing problems for me in practice, (2) is a very important point to keep in mind. Btw, this bug report[0] explains why the guile bindings were removed. Although it's mark as wontfix, should we encourage the maintainers to re-enable the guile bindings in the experimental repository? The problems could perhaps be solved by building the bindings with guile 2.2.
[0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863147 > Regards, > Mark
signature.asc
Description: PGP signature
