Regression problem, call for advice Re: Call for advice and testing of nss (and nspr) and intention to upload correction
J. R. Okajima
hooanon05g at gmail.com
Fri Nov 4 14:38:27 UTC 2016
Hello all,
Ola Lundqvist:
> As I can see it there are the following options:
> 1) Do nothing. Let it be like this. We have a regression problem but only
> for software that fork and use nss in several threads.
> 2) Try to reverse the library split. This is a non-trivial task.
> 3) Try to fix the dlopen problem. I have tried in many ways but always
> fail. If anyone have a really good idea about this, please let me know.
> 4) Reverse the whole nss update. I'm not 100% sure how to do that as we did
> a version update and it is hard to "downgrade". We can certainly fix the
> CVE that this update solved. It should not be too hard.
>
> What do you all think is the best option?
I'd suggest a variation of 4, which is
- keep the latest NSS pkgs as is, which is equivalent to your option 1.
- for the oldstable users who suffer from this problem (like me),
provide the previous NSS pkgs so that they can downgrade as their own
choice.
- "provide" here means just to put the previous versions somewhere on
Debian site as "hold-pkgs-for-oldstable" or something.
> The investigation have taken a considerable amount of time so I do not want
> to continue with this unless you really think it is important.
I appricate your effort, Ola.
J. R. Okajima
More information about the pkg-mozilla-maintainers
mailing list