Hi, Leo Famulari <l...@famulari.name> skribis:
> I noticed that some Guix packages depend on LibreSSL, but it seems that > we are not successfully keeping this package up to date with upstream > security releases: > > https://www.libressl.org/releases.html > > Will anyone step up to maintain this package? Or should we remove it > from Guix? At first sight, it looks like an easy-to-maintain package: no dependencies, few users, stable API. I tried to update it to 3.5.1 and was proved wrong though: there’s one test failure in ‘tests/asn1object’ and the Internet doesn’t seem to know how to address the problem. So it would need a bit more work. I’d lean towards keeping it and doing that extra work, collectively, but I understand this very discussion shows that it’s debatable. Ludo’.
