Closed Bug 1666645 Opened 4 years ago Closed 3 years ago

KnownRootHashes.json and RootHashes.inc are out-of-date in 82 Beta

Categories

(Core :: Security: PSM, defect, P1)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox82 + fixed
firefox83 --- unaffected

People

(Reporter: jcj, Assigned: jcj)

References

Details

Attachments

(1 file)

Bug 1666645 - Update KnownRootHashes and RootHashes in 82 Beta NOBUILD r?keeler
47 bytes, text/x-phabricator-request
jcristau
: approval-mozilla-beta+
Details | Review

[Tracking Requested - why for this release]:

The first NSS uplift for Nightly 83 wanted to update KnownRootHashes.json and RootHashes.inc -- some technical limitations caused our uplift script to fail to update them for the 82 cycle, and possibly the cycle before that.

Since they're out of date, telemetry using the new roots will be out-of-date. If we can, we should uplift a quick fix to beta for it. We can just carve the .inc file changes out of that commit and uplift those. It's even a NOBUILD scenario.

The first NSS uplift for Nightly 83 wanted to update KnownRootHashes.json and RootHashes.inc -- some technical limitations caused our uplift script to fail to update them for the 82 cycle, and possibly the cycle before that.

Since they're out of date, telemetry using the new roots will be out-of-date. If we can, we should uplift a quick fix to beta for it. We can just carve the .inc file changes out of that commit and uplift those. It's even a NOBUILD scenario.

Comment on attachment 9177248 [details]
Bug 1666645 - Update KnownRootHashes and RootHashes in 82 Beta NOBUILD r?keeler

Beta/Release Uplift Approval Request

  • User impact if declined: The telemetry for the new roots added in 82 will be misclassified
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This is a telemetry metadata fix pulled out of https://phabricator.services.mozilla.com/D91070 for 83. We can wait for it to land in 83 before taking this, I think this risk is actually negligible. (and you know I never write that)
  • String changes made/needed: n/a
Attachment #9177248 - Flags: approval-mozilla-beta?

Comment on attachment 9177248 [details]
Bug 1666645 - Update KnownRootHashes and RootHashes in 82 Beta NOBUILD r?keeler

approved for 82.0b3

Attachment #9177248 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: