When I checked in new roots to the 3.11 branch, I updated the string value of the nssckbi version nuber, but overlooked to increase the numeric values, too. This mistake has not yet been released. I will attach a patch to fix it.
Created attachment 327596 [details] [diff] [review] Patch v1
Comment on attachment 327596 [details] [diff] [review] Patch v1 This patch makes the binary version symbol match the ASCII string version symbol. That's good. I think the contents of nssckbi on the trunk and contents on the branch should match in both the set of certs offered and in the version number. Is that agreed? Is that the situation now?
Attachment #327596 - Flags: superreview?(nelson) → superreview+
Nelson, thanks for the review. Both trunk and branch have identical sets of certs. But the version numbers are different. That's what file nssckbi.h requests in its comments. If you want to propose identical version numbers, I think that discussion should happen in a separate bug. My initial thought is: - it would require a policy change and changing the comments in nssckbi.h - having different version numbers seems reasoable, because the binary module is certs + code, and the code is (probably) different between branch and trunk
I need a second review for landing this obvious and minimal patch on the 3.11 branch. Who could help out reviewing it? Thanks!
Summary: fix nssckbi version number → fix nssckbi version number on 3.11 branch
this blocks the next 3.11 release
Severity: normal → blocker
Comment on attachment 327596 [details] [diff] [review] Patch v1 r=wtc.
Attachment #327596 - Flags: review?(wtc) → review+
fixed Checking in nssckbi.h; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/nssckbi.h,v <-- nssckbi.h new revision: 22.214.171.124; previous revision: 126.96.36.199
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.