Using the same nss in all suites

To: team@security.debian.org, mh@glandium.org
Cc: debian-lts@lists.debian.org
Subject: Using the same nss in all suites
From: Guido Günther <agx@sigxcpu.org>
Date: Thu, 5 Nov 2015 08:25:47 +0100
Message-id: <[🔎] 20151105072547.GA4006@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, team@security.debian.org, mh@glandium.org, debian-lts@lists.debian.org

Hi,

Backporting fixes for nss can become a challenge over time due to:

* Bugs related to MFAs (often containing test cases) being restricted so
  one can only look at hg and try to find all the relevant commits.

* The library has rather frequent security updates

* The code diverges over the years


I haven't found an explicit statement about ABI stability on the nss
site but RedHat and others seem to be doing fine with always using the
latest version in all suites and I wonder if we should do the same. This
would probably include updating the nspr dependency from time to time
too.

I wonder what's the maintainers and security teams stance on this?
Should we do this? Should we start with this during Jessie? If so I
would be happy to prepare packages for the different distributions and
do some testing.

Cheers,
 -- Guido

Reply to:

Follow-Ups:
- Re: Using the same nss in all suites
  - From: Mike Hommey <mh@glandium.org>
- Re: Using the same nss in all suites
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Re: Unsupported packages for Wheezy LTS
Next by Date: Re: Using the same nss in all suites
Previous by thread: Re: Unsupported packages for Wheezy LTS
Next by thread: Re: Using the same nss in all suites
Index(es):
- Date
- Thread