Re: Using the same nss in all suites
Hi,
On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote:
> * Mike Hommey:
>
> > On ABI stability, both NSPR and NSS have a very strict policy. NSPR
> > receives very few ABI changes, and it's only adding new functions. NSS
> > has much more ABI changes, but also only adding new functions.
>
> This is incorrect, there have been unplanned ABI changes related to
> SSL_ImplementedCiphers variable:
>
> <http://openwall.com/lists/oss-security/2015/09/07/6>
>
> I will fix the glibc warning to be much more explicit about this.
Wow, that one is ugly.
>
> > The biggest issue with NSS version bumps is that defaults change,
> > such as cyphers, protocols, etc. That can have unexpected
> > consequences on existing setups.
>
> The typical complaint with NSS is the opposite, tha the defaults do
> not change fast enough. Iceweasel/Mozilla PSM overrides basically all
> the settings, so what you see there does not reflect upstream NSS
> defaults.
>
> (This is a significant concern for Fedora and its downstream because
> of the attempt crypto consolidation to NSS and greater NSS usage
> there.)
But is this worse than backporting? In this case conservative would be
good for what we want to do.
Cheers,
-- Guido
Reply to: