From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: 03/03: gnu: nss, nss-certs: Update to 3.27.2. Date: Tue, 20 Dec 2016 14:39:26 -0500 Message-ID: <20161220193926.GB5450@jasmine> References: <20161214151942.11288.43191@vcs.savannah.gnu.org> <20161214151942.79CB12201D1@vcs.savannah.gnu.org> <878traa0qk.fsf@netris.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="8P1HSweYDcXXzwPJ" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37003) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cJQG4-0007ok-OD for guix-devel@gnu.org; Tue, 20 Dec 2016 14:39:33 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cJQG1-0008DP-KV for guix-devel@gnu.org; Tue, 20 Dec 2016 14:39:32 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:60543) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cJQG1-0008A6-CQ for guix-devel@gnu.org; Tue, 20 Dec 2016 14:39:29 -0500 Content-Disposition: inline In-Reply-To: <878traa0qk.fsf@netris.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Mark H Weaver Cc: guix-devel@gnu.org --8P1HSweYDcXXzwPJ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 20, 2016 at 01:56:03PM -0500, Mark H Weaver wrote: > > gnu: nss, nss-certs: Update to 3.27.2. > > =20 > > * gnu/packages/gnuzilla.scm (nss): Update to 3.27.2. > > * gnu/packages/certs.scm (nss-certs): Update to 3.27.2. >=20 > Thanks for this, but unfortunately this version of 'nss' seems to > consistently fail its test suite on armhf, or at least it has failed 3 > times in a row. >=20 > https://hydra.gnu.org/build/1712083 Thanks for pointing this out. > Given the importance of the proper functioning of this package, I'm not > comfortable disabling the tests. I agree. > Do we have reason to believe that this update fixes security flaws? Is > there a compelling reason not to revert this update until a version is > released that passes the test suite on our supported systems? Not as far as I know, although I assume there are some sort of trust "problems" fixed in each release of nss-certs. I'll revert it and investigate. I'd rather not wait for an upstream fix if we can help it. I notice know that this release appears to require a newer version of nspr than we package [0]: "The HG tag is NSS_3_27_2_RTM. NSS 3.27.2 requires NSPR 4.13 or newer." What do you recommend I do? How about I make an nss-updates branch with updates to nspr, nss, nss-certs, and possibly other updates in (gnu packages gnuzilla), and build it on Hydra when resources are available? [0] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27.2_Re= lease_Notes --8P1HSweYDcXXzwPJ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlhZiO4ACgkQJkb6MLrK fwhDoBAA5Mcxlc/CsPygLCeZ27ofecD7Ig/Mm/aU8FDQyz2Fs7Rvs+79s/gOYDz/ ymuhD8s/seh7i4o071eN1FpjH2bhiVC4pyxi9U+oNNMU5cP76FW8sI+9adID8Vgs eaawlS4ENxvReIXnMYcPQmQOdAq1XL/GCfy4+/4XOsB1+98RpTjXDa67ziQakKf6 qdmhVbUbAk7kLRjmVhOLI0M3gnUMi6v4BUltBwPM4OjW3ppnvvWOfGs7FsQscmmk pouuQE88PwkqaG0tlshCFFTK7LbfZdodTAdh29fbjuReVf1b6TIhWOv1ThSidYkl scwbwC+q/VH9yUOa7uk73x2P929I0cWC61a2qpSDLMThYsTBHpTpKuFh7mPaKW8Q yZcRLCwhDaOu9SxeFLW4xEp/GAs0QyfnSaIMieFIm0bmjYs/p+4U0gPN8IeRG+lp f8vNKmsNifVT7foZzy8UcLQAcJ0F386EoqltEptGsFEDA6mrGdFigYr///7vB1MU WuNRlv81I+fk8sTDUkiAxLamrbv9gN8E7tm5XmFh4Dx2dy5jbpZ1o/C3hJqepn1r T7bziLEy9Y5rUYtEuF7oXrV7gT1PccvAR1QFE3Mb91pzV9CxeYMCoYujTlRfNATc 8gXucYAXhYBOq/8p1SmT1DlZEdfcgMONR59hAvg4dCn5eWcdVgk= =YIKJ -----END PGP SIGNATURE----- --8P1HSweYDcXXzwPJ--