Re: security/gnutls: link against libunbound for DANE support (patch)

[ng0 <ng0%n0.is@localhost>]

Greg Troxel transcribed 911 bytes:
> ng0 <ng0%n0.is@localhost> writes:
> 
> > In a set of software I work on, we highly prefer GnuTLS built
> > against libunbound to get DANE functionality. Right now this
> > pulls in at least unbound (and flex via unbound).
> > There are plans to eventually not depend on unbound for this
> > in GnuTLS itself.
> >
> > Would we as pkgsrc prefer for this to be opt-in or opt-out?
> > My patch is opt-in but adds a keyword.
> 
> Particularly today (almost freeze), I think it should be opt-in (meaning
> the option adds it, and the option is not in SUGGESTED, which is what I
> think you mean).
> 
> Whether it's in some broad best interest averaged over everybody is a
> non-obvious question, and generally I like things like this to land as
> opt-in first, to allow lower-barrier experience to accumulate a bit.

Okay, understood.
 
> I'm definitely sympathetic to DANE working, even in a Let's Encrypt
> world.  And trying gnunet  has been on my todo list for a really long
> time.

Good to read.


Is the latest patch good to go as it is? I'd like to commit this
soon.