Closed Bug 1620158 Opened 4 years ago Closed 4 years ago

Stop signing NSS libraries

Categories

(Firefox Build System :: General, task)

task
Not set
normal

Tracking

(firefox75 fixed)

RESOLVED FIXED
mozilla75
Tracking Status
firefox75 --- fixed

People

(Reporter: glandium, Assigned: glandium)

References

Details

Attachments

(1 file)

No description provided.

The signatures are used for Firefox's FIPS mode. But they are actually
mostly a longstanding lie: people interested in the FIPS mode ought to
use a FIPS-validated version of the affected NSS libraries, and the last
validated version is now more than 10 years old. Needless to say,
Firefox doesn't ship anything close to the validated version anymore.

Furthermore, at the moment, the build system doesn't support generating
these signature while cross compiling. We have been cross compiling
Firefox for Mac for 5 years give or take, which means it hasn't been
possible to enable FIPS mode in Firefox on Mac out of the box for that
long.

As we are moving towards cross compiling for Windows, the question
whether we should keep those signatures has risen again. And if we're
going to remove them for the cross compiled platforms, we might as well
remove them everywhere.

Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/3d44a4c31863
Stop signing NSS libraries. r=keeler,froydnj
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla75
Blocks: 1621885
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: