* Moritz Muehlenhoff: (NSS backwards compatibility)
>> Yes, for mere backporting of new versions, this can be helpful. > > OTOH, new Iceweasel ESR releases also deprecate insecure crypto features, > so doing the same in nss seems somewhat acceptable to me. NSS is far more radical than that: Upstream does not enable new algorithms and protocol versions by default (which are generally considered improvements, such as TLS 1.2). This is gradually changing, but it is an extremely slow process. Firefox basically overrides *every* NSS default.
