[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using the same nss in all suites

On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote:
> * Mike Hommey:
> > On ABI stability, both NSPR and NSS have a very strict policy. NSPR
> > receives very few ABI changes, and it's only adding new functions. NSS
> > has much more ABI changes, but also only adding new functions.
> This is incorrect, there have been unplanned ABI changes related to
> SSL_ImplementedCiphers variable:
>   <http://openwall.com/lists/oss-security/2015/09/07/6>

Urgh. That would have been unintentional.

> I will fix the glibc warning to be much more explicit about this.
> > The biggest issue with NSS version bumps is that defaults change,
> > such as cyphers, protocols, etc. That can have unexpected
> > consequences on existing setups.
> The typical complaint with NSS is the opposite, tha the defaults do
> not change fast enough.  Iceweasel/Mozilla PSM overrides basically all
> the settings, so what you see there does not reflect upstream NSS
> defaults.

One of the things I had in mind is bug 561918. Things like this happen
from time to time, and merely upgrading NSS shouldn't have such
unintended consequences, but it does.

(BTW, 5 years later, I can probably flip the pref back to the NSS


Reply to: