There is no legal reason (if there ever was one) to have crypto off by default any more. In addition, I'm pruning all the extra "default mozconfig" files to make them easier to use. So this patch 1) turns crypto on by default 2) moves the default extension list into app-specific territory of the configure script

> There is no legal reason (if there ever was one) to have crypto off by default This makes sense to me, but surely there was a reason for this being the way it was? Is it just vestiges of the days before NSS was opensourced? Do we need Mitchell or Gerv to sign off on this? (I prefer to be cautious.)

thanks for the cautious approach. I don't remember much about this. It might be that crypto is regulated by various countries, not just the US. I recall there used to be some st of restrictions about using crypto in France for example. I guess i should check with the crypto experts. Will send mail now. mitchell

+[ --disable-crypto Enable crypto support (Personal Security Manager)], help text doesn't match. So even with this patch, a firefox --enable-extensions=all build will not be useful?

I'll fix the help text. Yes in Firefox, --enable-extensions=all won't work correctly. Another bug, another time will validate the extension list against compatible apps.

I remember some. It was related to worries about the export license that we had. I think you were concerned that people not be able to complain to the NSA that they had inadvertantly compiled in crypto.

I checked with some expert - type folks and it looks like the topic dmose mentioned is not something we nered to worry about. There are a number of countries that have import and sometimes use control on crypto, I believe including Russia, China and France. So turning on crypto by default could cause some issues, particularly for the localized versions. We might also want or be well advised to tell users users and distributors that many countries regulate encryption and they are responsible for making sure the software can be lawfully used as configured. I'm not sure how we would notify people about this. Is there an easy way? Mitchell

We control the official builds, so I think the default build option is not really relevant in the context of the official builds. Therefore, given that the issue dmose raised is not a concern, there shouldn't be any problem with this patch. Sound good?

Comment on attachment 167319 [details] [diff] [review] Crypto on, and prune default mozconfigs r=darin

Checked in, with announcments posted to npm.builds and to my blog, which shows up on planet mozilla.

Comment on attachment 167319 [details] [diff] [review] Crypto on, and prune default mozconfigs >+MOZ_ARG_DISABLE_BOOL(crypto, >+[ --disable-crypto Enable crypto support (Personal Security Manager)], >+ MOZ_PSM=, >+ MOZ_PSM=1 ) You meant to update the descriptive text to also say "Disable", right?

The checked-in patch says "disable".

Please also update the explanation about "--enable-crypto" and "--enable-extensions=...". http://www.mozilla.org/build/configure-build.html