Re: Using the same nss in all suites
On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote:
> * Mike Hommey:
>
> > On ABI stability, both NSPR and NSS have a very strict policy. NSPR
> > receives very few ABI changes, and it's only adding new functions. NSS
> > has much more ABI changes, but also only adding new functions.
>
> This is incorrect, there have been unplanned ABI changes related to
> SSL_ImplementedCiphers variable:
>
> <http://openwall.com/lists/oss-security/2015/09/07/6>
Urgh. That would have been unintentional.
> I will fix the glibc warning to be much more explicit about this.
>
> > The biggest issue with NSS version bumps is that defaults change,
> > such as cyphers, protocols, etc. That can have unexpected
> > consequences on existing setups.
>
> The typical complaint with NSS is the opposite, tha the defaults do
> not change fast enough. Iceweasel/Mozilla PSM overrides basically all
> the settings, so what you see there does not reflect upstream NSS
> defaults.
One of the things I had in mind is bug 561918. Things like this happen
from time to time, and merely upgrading NSS shouldn't have such
unintended consequences, but it does.
(BTW, 5 years later, I can probably flip the pref back to the NSS
default)
Mike
Reply to: