Closed Bug 272189 Opened 19 years ago Closed 19 years ago

Enable Crypto by default, and specify default extensions per-app


(Core Graveyard :: Embedding: GRE Core, defect)

Not set


(Not tracked)



(Reporter: benjamin, Assigned: benjamin)




(1 file)

There is no legal reason (if there ever was one) to have crypto off by default
any more. In addition, I'm pruning all the extra "default mozconfig" files to
make them easier to use. So this patch

1) turns crypto on by default
2) moves the default extension list into app-specific territory of the
configure script
Attachment #167319 - Flags: review?(darin)
> There is no legal reason (if there ever was one) to have crypto off by default

This makes sense to me, but surely there was a reason for this being the way it
was?  Is it just vestiges of the days before NSS was opensourced?  Do we need
Mitchell or Gerv to sign off on this?  (I prefer to be cautious.)
thanks for the cautious approach.  I don't remember much about this.  It might
be that crypto is regulated by various countries, not just the US.  I recall
there used to be some st of restrictions about using crypto in France for
example.  I guess i should check with the crypto experts.  Will send mail now.

+[  --disable-crypto        Enable crypto support (Personal Security Manager)],

help text doesn't match.

So even with this patch, a firefox --enable-extensions=all build will not be useful?
I'll fix the help text. Yes in Firefox, --enable-extensions=all won't work
correctly. Another bug, another time will validate the extension list against
compatible apps.
I remember some.  It was related to worries about the export license that we
had.  I think you were concerned that people not be able to complain to the NSA
that they had inadvertantly compiled in crypto.
I checked with some expert - type folks and it looks like the topic dmose
mentioned is not something we nered to worry about.  

There are a number of countries that have import and sometimes use control on
crypto, I believe including Russia, China and France.  So turning on crypto by
default could cause some issues, particularly for the localized versions.  We 
might also want or be well advised to tell users users and distributors that
many countries regulate encryption and they are responsible for making sure the
software can be lawfully used as configured.

I'm not sure how we would notify people about this.  Is there an easy way?


We control the official builds, so I think the default build option is not
really relevant in the context of the official builds.

Therefore, given that the issue dmose raised is not a concern, there shouldn't
be any problem with this patch.

Sound good?
Comment on attachment 167319 [details] [diff] [review]
Crypto on, and prune default mozconfigs

Attachment #167319 - Flags: review?(darin) → review+
Checked in, with announcments posted to npm.builds and to my blog, which shows
up on planet mozilla.
Closed: 19 years ago
Resolution: --- → FIXED
Comment on attachment 167319 [details] [diff] [review]
Crypto on, and prune default mozconfigs

>+[  --disable-crypto        Enable crypto support (Personal Security Manager)],
>+    MOZ_PSM=,
>+    MOZ_PSM=1 )

You meant to update the descriptive text to also say "Disable", right?
The checked-in patch says "disable".
Please also update the explanation about "--enable-crypto" and
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.