Fixing NSS and p11-kit in Fedora (and beyond)
Ryan Sleevi
rsleevi at chromium.org
Fri May 8 12:39:49 PDT 2015
On Fri, May 8, 2015 at 5:50 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
> I'd quite like to get NSS fixed, but I'm not entirely averse to just
> going through Fedora packages and switching them to build against
> GnuTLS or OpenSSL instead, if NSS is going to prove too resistant to
> getting fixed :)
s/get NSS fixed/add support for a new feature to NSS/ . Let's call a
spade a spade :)
And yes, switching packages to GnuTLS or OpenSSL is an option,
although an option rife with security and interoperability issues w/
the web at large (NSS is unquestionably the best out of the three for
dealing with the Web PKI, as especially evidenced by Firefox and
Chrome).
It's not even resistant - it's simply clarifying that you're asking
for a new feature, but presenting it as some bug that it doesn't
support said new feature. No, it's a bleeding edge feature only
available on some systems, and while it may be entirely reasonable to
support, let's not phrase it as some bug :)
More information about the p11-glue
mailing list