Control: tag -1 moreinfo On Fri, May 20, 2016 at 18:32:41 +0200, Guido Günther wrote: > Hi, > as put out in more detail in > > https://lists.debian.org/debian-release/2016/02/msg00753.html > > we discussed in the LTS and security team the possibility to use the > same NSS and NSPR upstream version in all suites to be able to handle > things like CVE-2014-3566 and CVE-2015-4000 in a consistent manner. > > I'd like to propose this here again via a bug report so we have easier > means of tracking/tagging. Would it be o.k. with the release team to update > nss/nspr to the versions currently in sid/testing and continue to do so > from here on. If it works out for jessie we'll do the same in LTS via > wheezy-security. > In order to increase confidence in the backports I've enabled the > internal testsuites in nspr and nss. > > If this is o.k. I'm happy to attach debdiffs and provide a matching bug > for nss as well. > Hi Guido,
I'd want to see debdiffs first. And have some description of what the regression testing looks like, both of the upstream releases and of the debian packages. Cheers, Julien
