Hi Guix,
We currently have two versions of GnuTLS packaged: 3.7.2 represented by
the `gnutls` variable and 3.7.7 represented by the `gnutls-latest`
variable. `guix refresh -l` reports that changes to the 3.7.2 version
would cause 14770 rebuilds, but only 30 rebuilds for the 3.7.7 version. As
far as I can tell, neither version currently has a replacement (graft).
What is the purpose of these two versions? 3.7.7 is almost the current
release [0], but 3.7.2 is an older release in the same series. GnuTLS does
have two release series [1], stable and next, that correspond to 3.6.x and
3.7.x numbering schemes.
It seems to me that the `gnutls` variable should refer to the latest
"stable" release, and the `gnutls-latest` variable to latest "next"
release. Does that make sense? What am I missing?
It appears that 3.7.2 has some unpatched advisories [2].
[0] https://issues.guix.gnu.org/61064
[1] https://gitlab.com/gnutls/gnutls/-/blob/master/RELEASES.md
[2] https://gnutls.org/security-new.html
Best,
Jack
