* Mike Hommey: > On ABI stability, both NSPR and NSS have a very strict policy. NSPR > receives very few ABI changes, and it's only adding new functions. NSS > has much more ABI changes, but also only adding new functions.
This is incorrect, there have been unplanned ABI changes related to SSL_ImplementedCiphers variable: <http://openwall.com/lists/oss-security/2015/09/07/6> I will fix the glibc warning to be much more explicit about this. > The biggest issue with NSS version bumps is that defaults change, > such as cyphers, protocols, etc. That can have unexpected > consequences on existing setups. The typical complaint with NSS is the opposite, tha the defaults do not change fast enough. Iceweasel/Mozilla PSM overrides basically all the settings, so what you see there does not reflect upstream NSS defaults. (This is a significant concern for Fedora and its downstream because of the attempt crypto consolidation to NSS and greater NSS usage there.)
