M14 to Contain Crypto Code!Monday February 28th, 2000That's right, Mozilla.org plans to land the newly opened crypto code on the M14 branch, which will "allow [mozilla.org] to get crypto out to the public, without affecting stability of the tip." But before they push a final M14 out, they want to get some good testing done of the crypto-enabled builds, and we plan to help them out with surveys or polls to gauge user opinion. We should know more Tuesday about when crypto will land in the branch; we'll let you know as soon as we hear anything. You can read more about the crypto landing in Christine Begle's post to the n.p.m.seamonkey newsgroup. n/t Just what i was waiting for to become a 100% Mozilla user!!!!!! Thank you :-) . Slightly off topic: I posted this under the "progress to beta" article, and got no response. I think it's an important question, so I'm going to be annoying and post it again. There are still a lot of bugs marked for M14 (500+ last i checked). With M14 coming out in a few days, my question is: what happens to the M14 bugs? Is the milestone plan falling apart? With M15 planned to be the beta, the work will probably continue on only the beta-stopper bugs. This is the way it should be, but when will the M14 bugs be worked on, let alone the M15 ones? If you read the article from about 10 days ago ("Whither M14?"), they already said that they were changing the way they were going to determine when a build is a milestone. Both the news article and the MozillaZine article. For the second and third time. And they do not answer my question. I understand that they are presently tagging daily builds as M14 candidates. I understand that they have started an M15 branch. I do not understand WHEN the remaining M14 bugs will be worked on. They will get pushed back. Almost any bug which slips once will slip again, so there is "milestone inflataion". At one point I predicted that this would kill Mozilla, but hard working people are moz..org have proved me wrong. Most of this weeks OPEN M14s will be next weeks OPEN M15s. So long as measurable progress is made in the resulting builds, and Netscape engineers are being paid to do heavy lifting, we will eventually get a Mozilla Beta worth the name. I like pleasant surprises. A late (rather than cancelled) Mozilla is a pleasant surprise. That will be a very welcomed addition to an already great browser. By the way, I took a look at the "progress to beta" page not long ago and the M14 release date has slipped until tomorrow. What's a "nonCartman", btw? There was some confusing stuff earlier about crypto meaning that it would include hooks and stuff but not actual cryptographic code... So does this announcement mean that it will really, out-of-the-box just work with secure sites, when I download a binary? Will I be able to just go and buy a book? (Not from amazon.com, of course, because I'm boycotting them re patents, as everyone else should be. But from somewhere else. :) I think the answer is yes, but I just wanted to check :) BTW, as for the person who asked about the remaining M14 bugs, I don't know anything specific about it, but I imagine the answer as to when they will be fixed is "later". They'll slip to a later milestone - M15, M16, M17, etc., as usual: that happens every milestone. I'm sure there are some M14 bugs that were originally M10 bugs or so ;) I'm really impressed with the bug-fixing recently; the two most critical bugs I've been concerned about for ages (incorrect font size and referrer) have both been squelched. The only two things that make it a pain to use Mozilla right now [well, apart from severe crashes in the last nightly build I picked up but I assume that's a temporary thing] are (a) lack of drag-and-drop of links between windows, which means you can't "reuse" windows when you have more than one open, and (b) lack of security support... at least *one* of these will be fixed. :) --sam To answer your questions: The "crypto code" that is being added includes a Mozilla protocol handler for https (HTTP over SSL) support; the protocol handler will call out to a Personal Security Manager (PSM) implementation which will actually perform the SSL protocol and the accompanying encryption and decryption. Some of the PSM source code has already been released at http://www.mozilla.org/projects/security/pki/ but the third-party source code for RSA, etc., has not been. Thus in the meantime the PSM developers at iPlanet E-Commerce Solutions (formerly the Sun-Netscape Alliance) will be releasing a binary-only version of PSM which contains all the necessary RSA, etc., code and which can be installed and used with Mozilla M14, once the necessary https hooks are added to it. So, yes, the plan is to create binary M14 releases that when installed with the binary PSM releases will be able to connect to secure sites using https, so that M14 users will be able to buy books, connect to banking or stock trading sites, or anything else that requires SSL support. (As a side note, the SSL support in PSM includes support for SSL client authentication, for anyone who cares about that feature. Also, the current PSM version will _not_ support S/MIME secure email with Mozilla; that feature will have to wait for future development.) As for release dates, the final "M14 plus crypto" plans are still in the process of being hashed out. For the latest news check out the netscape.public.mozilla.crypto newsgroup. Yay for crypto! Is https implementation included in this? Mozilla currently doesn't have https implemented (so I can't visit the Symantec beta tester's page). This is not good. Anybody know if https will be included in crypto? |