Date: Thu, 29 Dec 2011 12:57:38 -0500 From: "Mikhail T." <mi+thun@aldan.algebra.com> To: Florian Smeets <flo@freebsd.org> Cc: gecko@freebsd.org Subject: Re: New nss and firefox Message-ID: <4EFCAA12.6090606@aldan.algebra.com> In-Reply-To: <4EFC2680.4060007@freebsd.org> References: <4EF7C66F.9090005@aldan.algebra.com> <4EF81D1C.3090405@FreeBSD.org> <4EF9BC57.8050605@aldan.algebra.com> <4EFAD049.7000406@freebsd.org> <4EFB3B18.3050001@aldan.algebra.com> <4EFB959F.1030501@FreeBSD.org> <1940105790-1325110775-cardhu_decombobulator_blackberry.rim.net-695667878-@b18.c27.bise6.blackberry> <4EFC2680.4060007@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29.12.2011 03:36, Florian Smeets wrote: > Mikhail, > > i'll try to explain our rationale one more time. Thank you very much for your patience. > a) Sweeping commits are still not allowed as the 9.0-RELEASE process is > NOT finished yet. I think, this is the key to our disagreement -- I do not think, updating nss from 3.12.x to 3.13.y qualifies as "sweeping". The shared library numbers do not change and the new version remains API-compatible and, apparently, even ABI-compatible. > b) We keep nss and ca_root_nss in sync Then ca_root_nss should be updated too. > c) not only firefox depends on nss Actually, firefox does NOT currently depend on nss (nor does thunderbird) -- an oversight, that should be rectified ASAP. And the first step towards that is bringing nss up to date. Now, there is, apparently, a reason, firefox build insists on nss-3.13.1 -- some sort of attack is possible against the earlier version(s). Comments in https://bugzilla.mozilla.org/show_bug.cgi?id=669061 mention that. Instead of protecting just the browser, FreeBSD ought to ship all of the nss-using software (and you included a long list in your previous e-mail) using the latest release available. If the API and ABI compatibilities remain, there is no reason against updating -- and good reasons for it. Yours, -mi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EFCAA12.6090606>