The NSS_CLIENT_TAG is a compromise between the Mozilla release team and the NSS team. It is only used by Mozilla trunk builds. Mozilla branch builds pull NSS by the same-named branch tags and Mozilla milestone releases pull NSS by the same-named static (non-floating) tags.
The problems with how Mozilla pulls NSS are: 1. NSS_CLIENT_TAG cannot be pulled by date. So it is difficult to reconstruct a past Mozilla trunk build. To address this issue, I've recently started to document all the changes to NSS_CLIENT_TAG in http://www.mozilla.org/projects/security/pki/nss/nss-client-tag.html and archive past NSS_CLIENT_TAG snapshots in real static tags. 2. Mozilla branch builds and milestone releases aren't pulling the NSS release cvs tags provided by the NSS team. This has not been a serious problem because in general Mozilla's NSS tags, especially the NSS tags in Mozilla milestone final releases, approximate some official NSS release tags or are in between official NSS release tags. The (approximate) NSS version can be found by looking at the NSS_VERSION macro in the nss.h header or running the following commands on libnss3.so: % what libnss3.so | grep NSS % ident libnss3.so | grep NSS (On Windows, you can look at the Version tab in the Properties windows for nss3.dll.) The NSS team would like Mozilla (trunk builds, stable branches, or milestone releases) to always pull NSS by some static (non-floating) cvs tag provided by the NSS team. This is what I believe John Myers suggested. Perhaps we can ask again, but the status quo is not as bad as it seems. The event that started this discussion was that I didn't realize a particular fix was already in the NSS tag used by Mozilla. This is because I had poor memory and the target milestone for that bug was not marked correctly in Bugzilla. It had nothing to do with the NSS_CLIENT_TAG. Wan-Teh _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
