Require GnuTLS 3.4.7 for Samba 4.12 in March 2020?
Christof Schmitt
cs at samba.org
Thu Aug 1 18:47:35 UTC 2019
On Wed, Jul 31, 2019 at 07:56:23AM +0200, Andreas Schneider via samba-technical wrote:
> On Wednesday, July 31, 2019 6:25:55 AM CEST Andrew Bartlett via samba-
> technical wrote:
> > I'm reviewing "Use GnuTLS AES ciphers if supported by the installed
> > GnuTLS version" for Andreas.
> >
> > https://gitlab.com/samba-team/samba/merge_requests/669
> >
> > The one thing I really don't like is the #ifdef on HAVE_GNUTLS_AEAD. I
> > would prefer we just chose to rely on GnuTLS. [1]
> >
> > Duplicated code is bad, duplicated crypto code is particularly bad and
> > I would really like to remove our existing duplicates rather than add
> > more.
> >
> > Not only are we short on maintainece resources, we would also need to
> > restructure our testuite to force a non-GnuTLS build to ensure we
> > actually test this at all.
> >
> > In doing so I know many folks really like running current Samba (both
> > as an AD DC and fileserver) on older enterprise distributions.
> >
> > In this case, RHEL 8, Ubuntu 16.04 and current debian stable
> > all have GnuTLS versions later than 3.4.7.
>
> Also SLE15 offers newer GnuTLS via an update.
>
> Also note that the older the distro the more likely it is that there is no
> python3 available. RHEL7 will have to stick to 4.10 as it is the last version
> supporting python2.
>
> That you can build a newer Samba version with python3 support is only possible
> because of EPEL7 repositories. I'm not sure something like that is offered.
FYI, the RHEL 7.7 beta includes Python 3.6:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7-beta/html/7.7_release_notes/new_features#enhancement_compiler-and-tools
Christof
More information about the samba-technical
mailing list