bug#27708: [PROPOSED] Simplify configuration of HAVE_GNUTLS3 etc.

[Ted Zlatanov]

On Sun, 16 Jul 2017 19:08:45 +0300 Eli Zaretskii <eliz@gnu.org> wrote: 

EZ> Yes, that's what I meant, but I think this won't be useful unless we
EZ> also introduce some fallbacks into the code which uses those new
EZ> functions.  AFAICT, it is the case in some of the new APIs that almost
EZ> all of the GnuTLS functions they use are available even before v3.X,
EZ> but then just one function they call needs 3.2.X or 3.4.X.  This makes
EZ> the entire API useless (it returns nil), which is a pity, since I'm
EZ> guessing we could code some workaround or maybe provide partial
EZ> functionality instead.  Alas, I don't know enough about these
EZ> functions to code such fallbacks.

I think the risk of providing broken or subtly insecure functionality is
bigger if we do workarounds. Also the maintenance effort will be lower
if we pin to specific versions instead of features. I'm inclined to take
Paul's advice on this since he knows this area so well.

Another point is that I'd rather not support GnuTLS 2.x for the new
functionality; 2.12 is deprecated and won't get new updates according to
https://lists.gnupg.org/pipermail/gnutls-devel/2016-November/008220.html
so we should make an effort not to rely on it. I'd even recommend
dropping 2.x support altogether in Emacs 26.

So maybe Paul's approach was best after all :)

Ted