Re: NSS 3.14 release

Fri, 26 Oct 2012 14:26:14 -0700 

--On October 26, 2012 11:52:47 -0700 Brian Smith <bsm...@mozilla.com> wrote:

julien.pie...@oracle.com> wrote:

Oracle still ships NSS with many products even though we are no
longer actively involved with its development.


It is important to have somebody at least monitoring the bugs filed/fixed
in the NSS component in bugzilla. See
https://bugzilla.mozilla.org/userprefs.cgi?tab=component_watch for how
you can subscribe to a feed of all NSS bug discussions.


Thanks, I subscribed.


Chris Newman wrote:

Will vulnerability fixes can be provided on the NSS 3.13.x patch
train? And if so, is there a date when vulnerability fixes will no
longer be provided for that version?


First, I think pretty much everybody agrees that, concerns about backward
compatibility aside, the changes that were made were all positive.



I consider the license change a big negative at a minimum because it will 
cause several engineers to waste time interacting with lawyers. I consider 
the technical changes positive to the degree I understand them, including 
the compatibility changes (I don't share Julien's concerns on that point).



And, so, we have to balance backward compatibility with old versions of 

NSS

with compatibility with websites on the internet and compatibility with
web browsers. Now, there are no people actively contributing to NSS that
are arguing in favor of absolute backward compatibility.

AFAICT, there is no plan to work on 3.13.x any more. IMO, it is better to
continue to focus development on the trunk.

Even if somebody were to backport fixes to 3.13.x, then that work would
also be under the MPL 2.0, for various reasons that, at this point, I
think we cannot do anything about. For example, all the fixes in the new
version are assumed to have been contributed under MPL 2.0. See the MPL
2.0 FAQ that contains the email address to send licensing questions to:
http://www.mozilla.org/MPL/2.0/FAQ.html



I can't provide any MPL 2.0 code to customers with problems unless/until my 
employer's legal department approves doing so.


                - Chris

--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto






















					Reply via email to