I've approved a bug of new CAs to have their root CA certificates added to Mozilla, Firefox, Thunderbird, etc. Nelson Bolyard has created an NSS patch to add those new CA certs to the NSS built-in cert library (see bug 271585). I'm requesting that this NSS patch for the new CA certs be added to future versions of Thunderbird. (Nelson can explain more about the actual patch and how it relates to the official NSS releases.)
frank, isn't this just a works for me? The NSS stuff is pulled by our trunk builds right? Why wouldn't the next (not 1.0) release not just get it?
Scott, in the last week, numerous people have explained to me that the aviary branch now has its own copy of NSS, and that I "must" checkin my NSS enhancements (new certs) on the aviary branch. I replied saying that I have checked-in on the NSS trunk and NSS 3.9 branches, and if the owners of any other branches wish to take these changes onto their branches, then they must do so. I *think* (Frank can confirm, or not) that this bug exists as a request that someone who works on the aviary branch should merge my changes onto the aviary branch. See bug 271585 for details. Note that the NSS trunk and the NSS 3.9 branch patches are not the same. So, if the aviary branch is based on the NSS 3.9 branch, then it should take that version of the patch, but if aviary is based on NSS trunk (which I doubt), then it should take the trunk version of the patch.
Thanks Nelson. I'm pretty sure we decided before this all got started that this was too late for the 1.0 train anyway so there is no need to port anything to the aviary branch. All the apps will ship with it in their next release which is from the trunk. Sounds like we are all in the same page. I'll won't fix this. Frank speak up if I'm misunderstanding anything.
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → WONTFIX
Just to clarify: I am *not* requesting that this patch be added to Thunderbird 1.0. What I requesting is two things: First, that this patch be included in Thunderbird 1.1. As I understand it, that's a done deal given that a) by 1.1 Thunderbird will be created from the main Mozilla trunk and b) Mozilla trunk releases are (or will be) pulling NSS code from the NSS trunk. (Someone please correct me if I'm in error on either point.) Second, I'm also asking if it's possible to apply this patch to the aviary branch post-TB 1.0, so that it could be picked up in any TB 1.0.x releases that might be done (e.g., to fix security vulnerabilities). This could potentially get the new CA certs out there and in default use earlier than 1.1, which I think would be a plus for TB users. (For example, two of the new CA certs are for CAs in Denmark and the Netherlands that will be enabling country-wide issuance of individual email certs.) As I understand it this patch is pretty low risk as these things go, given that it only changes the static data in the shared library that encapsulates the list of builtin CA certs (e.g., nssckbi.dll for Windows). Hence my suggestion that it be considered for the branch. But of course ultimately that's your call... Re-opening the bug to reflect my comments above.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
This is branch-only, since trunk is pulling NSS_CLIENT_TAG (see http://lxr.mozilla.org/seamonkey/source/client.mk#183). Branch pulls AVIARY_1_0_20040515_BRANCH, though (see http://lxr.mozilla.org/aviarybranch/source/client.mk#60).
Summary: Add root CA certificate NSS patch to Thunderbird → Add root CA certificate NSS patch to Thunderbird 1.0 branch.
Scott, hopefully Thunderbird is now using NSS 3.11.something and this bug can be resolved fixed or worksforme or something.
Nelson's right, this can be marked as fixed and has been for quite some time :)
Status: REOPENED → RESOLVED
Last Resolved: 13 years ago → 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.