|
From: | Christoph Scholtes |
Subject: | Re: bug#10612: GnuTLS bundled with the windows Emacs binaries |
Date: | Sun, 29 Jan 2012 10:08:47 -0700 |
User-agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 |
On 1/29/2012 9:47 AM, Juanma Barranquero wrote:
I agree with Juanma who IIRC said that we are providing an _Emacs binary distribution_.Yes, and only because we're sort of forced to do it.
Why is that?
Apart from politics, the other reason against (whether other people finds it compelling or not, I don't know), is that including the binary means taking responsibility. For example, to release security upgrades as soon as possible, at least for serious bugs. That also means monitoring the GnuTLS lists (or security bulletins). Which is currently done, I think, but what if the people doing it suddently lacks time or just moves to other pursuits? It's easy to start distributing the GnuTLS DLLs, harder to stop doing it.
I agree, but doesn't that also start with compiling support for GnuTLS into the prebuilt Emacs? Don't we start taking responsibility at that point? If there is a security update for GnuTLS that requires the user to use the latest certain version, don't we have to provide support for the latest version in the binary? Assuming that you can't use the fixed binary with the previous versions headers, that is.
Christoph
[Prev in Thread] | Current Thread | [Next in Thread] |