Bug#727660: gnutls28: CVE-2013-4466: GNUTLS-SA-2013-3

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Oct 26 11:56:23 UTC 2013


Hi Andreas--

On 10/26/2013 02:24 AM, Andreas Metzler wrote:
>> On Fri, Oct 25, 2013 at 09:56:58AM -0400, Daniel Kahn Gillmor wrote:
>>> btw, it's not clear to me why we --disable-libdane -- I see that it was
>>> set (along with --without-tpm) in 3.1.3-1, but i don't see the reason
>>> for it.  could that be clarified someplace?
> 
> --without-tpm had some license rationale, --disable-libdane might have
> been related to licensing (I think it was one of the leftover LGPLv3
> GnuTLS parts at this time and I have not completely given up on a
> LGPLv2+ GnuTLS stack.). If there is *strong* interest in libdane I can
> doublecheck and enable if feasible (or else document).

I am interested in libdane, and would like to know what the rationale
is.  I'd also be curious to know more about "some license rationale" for
--without-tpm, though i consider TPM of much lower interest compared to
DANE.

Thanks for all your ongoing work on gnutls for debian.

	--dkg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20131026/05408b86/attachment.sig>


More information about the Pkg-gnutls-maint mailing list