Re: Using the same nss in all suites
* Mike Hommey:
> On ABI stability, both NSPR and NSS have a very strict policy. NSPR
> receives very few ABI changes, and it's only adding new functions. NSS
> has much more ABI changes, but also only adding new functions.
This is incorrect, there have been unplanned ABI changes related to
SSL_ImplementedCiphers variable:
<http://openwall.com/lists/oss-security/2015/09/07/6>
I will fix the glibc warning to be much more explicit about this.
> The biggest issue with NSS version bumps is that defaults change,
> such as cyphers, protocols, etc. That can have unexpected
> consequences on existing setups.
The typical complaint with NSS is the opposite, tha the defaults do
not change fast enough. Iceweasel/Mozilla PSM overrides basically all
the settings, so what you see there does not reflect upstream NSS
defaults.
(This is a significant concern for Fedora and its downstream because
of the attempt crypto consolidation to NSS and greater NSS usage
there.)
Reply to: