Re: FF 107.0 scratch builds - just for fun

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/21/22 09:23, Simo Sorce wrote:
> On Sun, 2022-11-20 at 19:24 -0500, Demi Marie Obenour wrote:
>> On 11/20/22 17:40, Simo Sorce wrote:
>>> On Sun, 2022-11-20 at 17:22 -0500, Demi Marie Obenour wrote:
>>>> On 11/20/22 07:24, Bojan Smojver via devel wrote:
>>>>> Now that nss 3.85 has been built, I thought I'd have a go at building
>>>>> FF 107.0, given that's been out for a few days and original builds
>>>>> failed in koji, because nss was too old at the time.
>>>>
>>>> Has switching to bundled NSS been considered?  For browsers anything
>>>> that holds up an update is very, *very* bad.
>>>
>>> Casually handling crypto libraries is very, *very* worse.
>>
>> Has there ever been a case where Fedora’s NSS was not vulnerable to
>> something that the bundled NSS was vulnerable to?  To be clear, I am
>> referring to the NSS shipped by Mozilla as a part of Firefox.
>> Another option would be to ensure that NSS is promptly updated.
> 
> NSS is generally updated in order to release Firefox, I am not aware of
> a chronic issue here.
> 
> We compile NSS differently than what Mozilla does, for example we use
> the Fedora OS trust anchors, and the Fedora Crypto-Policies, etc.. it
> is not just about vulnerabilities, system integration matters too.
> 
> But we *have* released patches for security vulnerabilities in NSS w/o
> requiring also a full recompile and retesting of Firefox.

In that case, can NSS be pushed out to stable immediately, along with
the new Firefox?  Several days is too long a delay already.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux