On 11/20/22 17:40, Simo Sorce wrote: > On Sun, 2022-11-20 at 17:22 -0500, Demi Marie Obenour wrote: >> On 11/20/22 07:24, Bojan Smojver via devel wrote: >>> Now that nss 3.85 has been built, I thought I'd have a go at building >>> FF 107.0, given that's been out for a few days and original builds >>> failed in koji, because nss was too old at the time. >> >> Has switching to bundled NSS been considered? For browsers anything >> that holds up an update is very, *very* bad. > > Casually handling crypto libraries is very, *very* worse. Has there ever been a case where Fedora’s NSS was not vulnerable to something that the bundled NSS was vulnerable to? To be clear, I am referring to the NSS shipped by Mozilla as a part of Firefox. Another option would be to ensure that NSS is promptly updated. -- Sincerely, Demi Marie Obenour (she/her/hers) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
