[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is anyone opposed to GnuTLS with DANE by default?
|
From: |
Leo Famulari |
|
Subject: |
Re: Is anyone opposed to GnuTLS with DANE by default? |
|
Date: |
Tue, 14 Nov 2017 15:13:23 -0500 |
|
User-agent: |
Mutt/1.9.1 (2017-09-22) |
On Tue, Nov 14, 2017 at 08:22:54PM +0100, Tobias Geerinckx-Rice wrote:
> ng0,
>
> What a coincidence! I was slogging through some very old mail, had just
> read your original gnutls/dane message, and was about to post the very
> same question. Then I ran ‘guix size’.
>
> ng0 wrote on 14/11/17 at 19:54:
> > If no one is opposed to this change, I will
> > prepare a patch tomorrow.
>
> I certainly don't object, but am forced to note that ’gnutls-dane’ more
> than doubles the closure size of ‘gnutls’ proper (294.2 MiB vs. 138.5).
>
> The only new input is ‘unbound’, but that manages to pull in both
> Pythons 2 and 3. It would be nice™ if it could first be -minimalised...
I have no opinion about DANE, but if this brings unbound into the GnuTLS
closure, we should make sure we can build it reliably. So far this is
not the case on Hydra (not sure about Berlin):
https://lists.gnu.org/archive/html/guix-devel/2017-10/msg00182.html
https://hydra.gnu.org/job/gnu/master/unbound-1.6.3.x86_64-linux
https://hydra.gnu.org/job/gnu/master/unbound-1.6.7.x86_64-linux
Also, it would be a bit of a shame to make GnuTLS depend on Python, thus
making it depend on OpenSSL ;)
signature.asc
Description: PGP signature