On 8/26/11 6:46 PM, Justin Wood (Callek) wrote: > On 8/26/2011 8:49 PM, NoOp wrote: >> On 08/26/2011 01:33 PM, Robert Kaiser wrote: >>> David E. Ross schrieb: >>>> Is there an official, end-user release of SeaMonkey 2.3.1? I've seen >>>> some discussion about it, but there has been no announcement here. >>> >>> The surroundings have already been pointed out by Callek et al., and >>> http://www.seamonkey-project.org/ has it listed. >>> >>> This is a very small update to 2.3, but important to install as the only >>> change is to ensure that we can still send future updates even once the >>> current certificate of our update server expires. >>> >>> Robert Kaiser >>> >>> >> >> That's more than a little disconcerting: "we can still send future >> updates even once the current certificate of our update server expires". >> >> If your certificate has expired then you *shouldn't* be sending *updates >> at all*. You should *fix* your certificate instead! >> >> Are you stating that SeaMonkey doesn't adhere to these: >> http://www.mozilla.org/projects/security/certs/policy/ >> <http://www.mozilla.org/projects/security/certs/policy/EnforcementPolicy.html> >> >> <http://www.mozilla.org/projects/security/certs/policy/MaintenancePolicy.html> >> > > A bit overdramatic, (our release notes for 2.3.1 explicitly say what > change we made, with a link to the bug). But it was not in KaiRo's mail. > Let me briefly explain. > > Our current certificate will expire soon. > We have a new certificate that we would have already switched to if not > for this issue. > > The two (old and new) certificates have a different CA Root. > SeaMonkey currently only accepts the *old* CA Root (and thus the new > certificate would never give current "SeaMonkey 2.1+" an update offer). > We are unable to renew the old certificate with the same CA Root, as > they no longer issue new certs with that root. > > The change is simply *adding* our new root (and another backup root) to > our "acceptable certificate" list for our updates, we are *not* simply > serving updates without a certificate. >
Does this mean SeaMonkey 2.3.1 contains a new version of NSS with the new root certificate? If so, please update the Wiki at <https://wiki.mozilla.org/NSS:Release_Versions>. -- David E. Ross <http://www.rossde.com/> On occasion, I might filter and ignore all newsgroup messages posted through GoogleGroups via Google's G2/1.0 user agent because of spam from that source. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
