On 29.12.2011 03:36, Florian Smeets wrote:
Mikhail,
i'll try to explain our rationale one more time.
Thank you very much for your patience.
a) Sweeping commits are still not allowed as the 9.0-RELEASE process is
NOT finished yet.
I think, this is the key to our disagreement -- I do not think, updating nss
from 3.12.x to 3.13.y qualifies as "sweeping". The shared library numbers do not
change and the new version remains API-compatible and, apparently, even
ABI-compatible.
b) We keep nss and ca_root_nss in sync
Then ca_root_nss should be updated too.
c) not only firefox depends on nss
Actually, firefox does NOT currently depend on nss (nor does thunderbird) -- an
oversight, that should be rectified ASAP. And the first step towards that is
bringing nss up to date.
Now, there is, apparently, a reason, firefox build insists on nss-3.13.1 -- some
sort of attack is possible against the earlier version(s). Comments in
https://bugzilla.mozilla.org/show_bug.cgi?id=669061 mention that.
Instead of protecting just the browser, FreeBSD ought to ship all of the
nss-using software (and you included a long list in your previous e-mail) using
the latest release available. If the API and ABI compatibilities remain, there
is no reason against updating -- and good reasons for it.
Yours,
-mi
_______________________________________________
freebsd-gecko@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-gecko
To unsubscribe, send any mail to "freebsd-gecko-unsubscr...@freebsd.org"
