Re: [dev-tech-crypto] NSS 3.69 Release

Fri, 20 Aug 2021 01:44:39 -0700 

Hello Bob,
you didn't say which ESR version your report is about. Is it about the old ESR 78, or the new ESR 91? 

It seems old ESR 78 didn't have any changes recently.

The most recent changes to new ESR 91 were:

- use NSS 3.68 on 2021-07-13

https://hg.mozilla.org/releases/mozilla-esr91/log/tip/security/nss/TAG-INFO

- use of NSPR 4.32 on 2021-07-13
  https://hg.mozilla.org/releases/mozilla-esr91/log/tip/nsprpub/TAG-INFO

I don't see any changes to NSPR/NSS in ESR 91 after it was released.

The above changes were done prior to the ESR 91 beta date.


Can you please clarify which of the above changes was problematic for 
you, and why?



Furthermore, you are responding to an email about the NSS 3.69 release. 
ESR 91 doesn't use that, it's on NSS 3.68.


https://kuix.de/mozilla/versions/

Kai




On 18.08.21 19:29, Robert Relyea wrote:

On 8/8/21 10:12 PM, Martin Thomson wrote:

Network Security Services (NSS) 3.69 was released on 5 August 2021.

The HG tag is NSS_3_69_RTM. NSS 3.69 requires NSPR 4.32 or newer.



Hey, was there a bump in the version requirements on NSS for ESR? This
is a serious problem for us. It takes us a month or so go get new
versions of NSS through our release process, so we need that runway
before we can pick up a new version of NSS. Dumping new requirements of
ESR makes it impossible for us to really plan that landing, as well as
makes it impossible to meet our new ESR release requirements before the
old ESR runs out.

Do you know what requirements forced the bump. Can we get dispensation
to release with the older version of NSS. Also I'm not seeing a release
announcement for NSS 3.68, so there's no record of what the changes were.

Please, in the future, do not pick up new version of NSS into ESR once
the schedule is made. It's better for us to pick up individual fixes
than rebase to a new version, and if you need to, please give us lots of
warning.

Thanks,


bob




--
You received this message because you are subscribed to the Google Groups 
"dev-tech-crypto@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dev-tech-crypto+unsubscr...@mozilla.org.
To view this discussion on the web visit 
https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/53843384-9fb6-e08b-1f05-fd6142fa8a08%40kuix.de.






















					Reply via email to