Re: How to build GNUTLS Guile bindings on Xubuntu

[Alex Vong]

Mark H Weaver <address@hidden> writes:

> Hi Alex,
>
> Alex Vong <address@hidden> writes:
>
>> Maybe what I wrote is not clear. What I mean is that since Debian build
>> of gnutls does not include the guile bindings, we have to build gnutls
>> from the source tarball ourselves.
>>
>> The flag "--with-guile-site-dir=/usr/local/share/guile/site/2.2"
>> instructs the build script to install the guile bindings into
>> "/usr/local/share/guile/site/2.2".
>
> Sure.  This is reasonable, but for the sake of completeness, I'll point
> out two disadvantages with this approach, namely that (1) it entails
> effectively overriding Debian's GnuTLS library with your manually built
> version, which potentially affects the operation of any Debian package
> that links to GnuTLS and (2) it means staying on top of security updates
> yourself, i.e. recompiling and installing new versions of GnuTLS or the
> bundled copies of libtasn1 and libunistring when security flaws are
> discovered in those versions.  Ditto for the other packages that you
> build and install manually.
>
Agree, while (1) seems to not causing problems for me in practice, (2)
is a very important point to keep in mind. Btw, this bug report[0]
explains why the guile bindings were removed. Although it's mark as
wontfix, should we encourage the maintainers to re-enable the guile
bindings in the experimental repository? The problems could perhaps be
solved by building the bindings with guile 2.2.

[0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863147

>      Regards,
>        Mark

signature.asc
Description: PGP signature