Require GnuTLS 3.4.7 for Samba 4.12 in March 2020?

Andreas Schneider asn at
Wed Jul 31 05:56:23 UTC 2019

On Wednesday, July 31, 2019 6:25:55 AM CEST Andrew Bartlett via samba-
technical wrote:
> I'm reviewing "Use GnuTLS AES ciphers if supported by the installed
> GnuTLS version" for Andreas.
> The one thing I really don't like is the #ifdef on HAVE_GNUTLS_AEAD.  I
> would prefer we just chose to rely on GnuTLS. [1]
> Duplicated code is bad, duplicated crypto code is particularly bad and
> I would really like to remove our existing duplicates rather than add
> more.  
> Not only are we short on maintainece resources, we would also need to
> restructure our testuite to force a non-GnuTLS build to ensure we
> actually test this at all.
> In doing so I know many folks really like running current Samba (both
> as an AD DC and fileserver) on older enterprise distributions.
> In this case, RHEL 8, Ubuntu 16.04 and current debian stable
> all have GnuTLS versions later than 3.4.7.

Also SLE15 offers newer GnuTLS via an update.

Also note that the older the distro the more likely it is that there is no 
python3 available. RHEL7 will have to stick to 4.10 as it is the last version 
supporting python2.

That you can build a newer Samba version with python3 support is only possible 
because of EPEL7 repositories. I'm not sure something like that is offered.



Andreas Schneider                      asn at
Samba Team                   
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

More information about the samba-technical mailing list