Hi Jack, Jack Hill <[email protected]> skribis:
> We currently have two versions of GnuTLS packaged: 3.7.2 represented > by the `gnutls` variable and 3.7.7 represented by the `gnutls-latest` > variable. `guix refresh -l` reports that changes to the 3.7.2 version > would cause 14770 rebuilds, but only 30 rebuilds for the 3.7.7 > version. As far as I can tell, neither version currently has a > replacement (graft). ‘gnutls-latest’ was initially added to provide up-to-date Guile bindings, since Guile bindings were part of GnuTLS. Since a couple of months ago, Guile bindings live in a separate repo, but the new ‘guile-gnutls’ package depends on ‘gnutls-latest’, which no longer depends on Guile (whereas ‘gnutls’ still depends on Guile). > It seems to me that the `gnutls` variable should refer to the latest > "stable" release, and the `gnutls-latest` variable to latest "next" > release. Does that make sense? What am I missing? As Simon pointed out, that’s for ‘core-updates’. > It appears that 3.7.2 has some unpatched advisories [2]. Ouch, then we probably need a ‘replacement’. Would you like to give it a try? Thanks for the heads-up! Ludo’.
