On Mon, 19 Jan 2026 at 10:43, Kai Engert <[email protected]> wrote: > > Forwarding for Paul. > > > -------- Forwarded Message -------- > Subject: Re: [dev-tech-crypto] A major cleanup effort for NSPR, new > major release version 5 > Date: Mon, 19 Jan 2026 10:22:00 -0500 (EST) > From: Paul Wouters <[email protected]> > To: Lars Eggert <[email protected]> > CC: Kai Engert <[email protected]>, Simon Josefsson <[email protected]>, > [email protected] > > On Mon, 19 Jan 2026, 'Lars Eggert' via [email protected] wrote: > > > On Jan 19, 2026, at 16:25, Kai Engert <[email protected]> wrote: > >> In my understanding, the intention is to remove code and APIs that it no > >> longer needs in NSPR 5, regardless of other software depending on it. > > > > this. The plan roughly would be to strip any code from NSPR that Gecko > > isn't currently using, and support for any platforms that are not currently > > Gecko tier platforms. > > Note there are other users of NSS/NSPR too, such as libreswan's IKE > stack.
Libreswan uses NSS, and NSS then uses NSPR, which should keep the project insulated from these changes. Where NSPR is being called directly (Arena, memory, error) because it is part of the NSS API, so I don't see it being a problem. The only thing that perhaps lives on the edge is libreswan's EAP code. It uses things like PR_CreateIOLayerStub() when calling SSL_BadCertHook() et.al. but, again, that's for the NSS interface (a nice to have item is to revisit the code to see if it can work with libevent, but I digress). Taking a step back. Is the intent to cleave off specific NSPR functionality, or to just pick away at the various APIs removing functions that don't seem to be used? > > (NSPR hasn't had - IMO - have any meaningful way to test that code and > > those platforms for a while now anyway, and I'd rather not ship untested > > code.) > > > >> If other packages depend on the removed code or APIs, a nspr-version-4 > >> package could be introduced, and those requiring nspr-4 could link to that > >> package, instead to the most recent version. Or alternatively, they could > >> make adjustments to avoid the dependencies on the removed code. > > > > This again. I think it would be perfectly reasonable for most current > > non-Gecko users of NSPR to remain on version 4. > > that's just a bandaid that will fail sometime in the future. > > So I am concerned. > > Paul > > -- > You received this message because you are subscribed to the Google Groups > "[email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/5162ee1a-2a7f-46d9-9d4f-d0ca940ef946%40kuix.de. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CAJeAr6u_p1dKOa4V5z_YXUe62gLdK%3DOCQzAGmLOa9y%2BWpZn7Aw%40mail.gmail.com.
