[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: security/gnutls: link against libunbound for DANE support (patch)
ng0 <ng0%n0.is@localhost> writes:
> In a set of software I work on, we highly prefer GnuTLS built
> against libunbound to get DANE functionality. Right now this
> pulls in at least unbound (and flex via unbound).
> There are plans to eventually not depend on unbound for this
> in GnuTLS itself.
> Would we as pkgsrc prefer for this to be opt-in or opt-out?
> My patch is opt-in but adds a keyword.
Particularly today (almost freeze), I think it should be opt-in (meaning
the option adds it, and the option is not in SUGGESTED, which is what I
think you mean).
Whether it's in some broad best interest averaged over everybody is a
non-obvious question, and generally I like things like this to land as
opt-in first, to allow lower-barrier experience to accumulate a bit.
I'm definitely sympathetic to DANE working, even in a Let's Encrypt
world. And trying gnunet has been on my todo list for a really long
Main Index |
Thread Index |