Fixing NSS and p11-kit in Fedora (and beyond)

Ryan Sleevi rsleevi at
Fri May 8 12:39:49 PDT 2015

On Fri, May 8, 2015 at 5:50 AM, David Woodhouse <dwmw2 at> wrote:
> I'd quite like to get NSS fixed, but I'm not entirely averse to just
> going through Fedora packages and switching them to build against
> GnuTLS or OpenSSL instead, if NSS is going to prove too resistant to
> getting fixed :)

s/get NSS fixed/add support for a new feature to NSS/ . Let's call a
spade a spade :)

And yes, switching packages to GnuTLS or OpenSSL is an option,
although an option rife with security and interoperability issues w/
the web at large (NSS is unquestionably the best out of the three for
dealing with the Web PKI, as especially evidenced by Firefox and

It's not even resistant - it's simply clarifying that you're asking
for a new feature, but presenting it as some bug that it doesn't
support said new feature. No, it's a bleeding edge feature only
available on some systems, and while it may be entirely reasonable to
support, let's not phrase it as some bug :)

More information about the p11-glue mailing list