Re: security/gnutls: link against libunbound for DANE support (patch)

["J. Lewis Muir" <jlmuir%imca-cat.org@localhost>]

On 09/18, N wrote:
> J. Lewis Muir transcribed 829 bytes:
> > On 09/16, ng0 wrote:
> > > In a set of software I work on, we highly prefer GnuTLS built
> > > against libunbound to get DANE functionality. Right now this
> > > pulls in at least unbound (and flex via unbound).
> > > There are plans to eventually not depend on unbound for this
> > > in GnuTLS itself.
> > 
> > What does Unbound have to do with this?
> 
> libunbound is required to build this, if you read the build-system of
> GnuTLS and open tickets like https://gitlab.com/gnutls/gnutls/issues/21
> 
> Without the right dependencies in place, GnuTLS does not build this.

Got it.  Thanks for the explanation!

That seems weird to have a library package depend on a non-library
package.  It seems like it would be better if there were a libunbound
package that provided the unbound library and that both the unbound
and the gnutls package could depend on.  But then you have the pain of
splitting the unbound package, and as you said upthread, "there are
plans to eventually not depend on unbound for this in GnuTLS itself," so
maybe it's not worth the trouble and your proposed solution is the best.

Regards,

Lewis