Stop signing NSS libraries
Categories
(Firefox Build System :: General, task)
Tracking
(firefox75 fixed)
Tracking | Status | |
---|---|---|
firefox75 | --- | fixed |
People
(Reporter: glandium, Assigned: glandium)
References
Details
Attachments
(1 file)
Assignee | ||
Comment 1•4 years ago
|
||
The signatures are used for Firefox's FIPS mode. But they are actually
mostly a longstanding lie: people interested in the FIPS mode ought to
use a FIPS-validated version of the affected NSS libraries, and the last
validated version is now more than 10 years old. Needless to say,
Firefox doesn't ship anything close to the validated version anymore.
Furthermore, at the moment, the build system doesn't support generating
these signature while cross compiling. We have been cross compiling
Firefox for Mac for 5 years give or take, which means it hasn't been
possible to enable FIPS mode in Firefox on Mac out of the box for that
long.
As we are moving towards cross compiling for Windows, the question
whether we should keep those signatures has risen again. And if we're
going to remove them for the cross compiled platforms, we might as well
remove them everywhere.
Assignee | ||
Updated•4 years ago
|
Pushed by mh@glandium.org: https://hg.mozilla.org/integration/autoland/rev/3d44a4c31863 Stop signing NSS libraries. r=keeler,froydnj
Comment 3•4 years ago
|
||
bugherder |
Description
•