On Thu, Nov 05, 2015 at 09:00:51PM +0100, Florian Weimer wrote: > * Mike Hommey: > > > On ABI stability, both NSPR and NSS have a very strict policy. NSPR > > receives very few ABI changes, and it's only adding new functions. NSS > > has much more ABI changes, but also only adding new functions. > > This is incorrect, there have been unplanned ABI changes related to > SSL_ImplementedCiphers variable: > > <http://openwall.com/lists/oss-security/2015/09/07/6>
Urgh. That would have been unintentional. > I will fix the glibc warning to be much more explicit about this. > > > The biggest issue with NSS version bumps is that defaults change, > > such as cyphers, protocols, etc. That can have unexpected > > consequences on existing setups. > > The typical complaint with NSS is the opposite, tha the defaults do > not change fast enough. Iceweasel/Mozilla PSM overrides basically all > the settings, so what you see there does not reflect upstream NSS > defaults. One of the things I had in mind is bug 561918. Things like this happen from time to time, and merely upgrading NSS shouldn't have such unintended consequences, but it does. (BTW, 5 years later, I can probably flip the pref back to the NSS default) Mike