Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Pending roots and EV enablements

2 views
Skip to first unread message

Eddy Nigg

unread,
May 10, 2009, 10:38:42 AM5/10/09
to
Currently there are a bunch of CA roots to be included into NSS and EV
enablements to be made at PSM. I was not successful in contacting Kai
Engert and I'm not aware that anybody else does it.

Would it be acceptable if I would start to submit patches for all
outstanding inclusions and updates, attach them to the corresponding
bugs and request review (by whom)?

--
Regards

Signer: Eddy Nigg, StartCom Ltd.
Jabber: star...@startcom.org
Blog: https://blog.startcom.org

Eddy Nigg

unread,
May 10, 2009, 9:23:39 PM5/10/09
to
On 05/10/2009 05:38 PM, Eddy Nigg:

> Currently there are a bunch of CA roots to be included into NSS and EV
> enablements to be made at PSM. I was not successful in contacting Kai
> Engert and I'm not aware that anybody else does it.
>
> Would it be acceptable if I would start to submit patches for all
> outstanding inclusions and updates, attach them to the corresponding
> bugs and request review (by whom)?
>

I submitted a patch for the StartCom EV OID:
https://bugzilla.mozilla.org/show_bug.cgi?id=490492#c1

Seems to be working correctly. I intend to submit more patches of
outstanding EV OIDs. Still not sure how to reach Kai and if to submit
also patches to NSS?

Eddy Nigg

unread,
May 11, 2009, 11:44:10 AM5/11/09
to
On 05/11/2009 04:23 AM, Eddy Nigg:

> On 05/10/2009 05:38 PM, Eddy Nigg:
>> Currently there are a bunch of CA roots to be included into NSS and
>> EV enablements to be made at PSM. I was not successful in contacting
>> Kai Engert and I'm not aware that anybody else does it.
>>
>> Would it be acceptable if I would start to submit patches for all
>> outstanding inclusions and updates, attach them to the corresponding
>> bugs and request review (by whom)?
>>
>
> I submitted a patch for the StartCom EV OID:
> https://bugzilla.mozilla.org/show_bug.cgi?id=490492#c1
>
> Seems to be working correctly. I intend to submit more patches of
> outstanding EV OIDs. Still not sure how to reach Kai and if to submit
> also patches to NSS?
>

Added also a patch for SwissSign's EV OID:
https://bugzilla.mozilla.org/show_bug.cgi?id=492077#c2

There are quite some roots which should be included and nobody seems to
be working on it. Can Nelson or somebody advise if to provide patches
for those roots or not?

Wan-Teh Chang

unread,
May 11, 2009, 1:32:03 PM5/11/09
to mozilla's crypto code discussion list
On Mon, May 11, 2009 at 8:44 AM, Eddy Nigg <eddy...@startcom.org> wrote:
>
> There are quite some roots which should be included and nobody seems to be
> working on it. Can Nelson or somebody advise if to provide patches for those
> roots or not?

Eddy, thank you very much for offering to help.

EV enablement patches (for the file
mozilla/security/manager/ssl/src/nsIdentityChecking.cpp) are
human-readable (except for the base64-encoded field), so you
can help by submitting patches.

Patches for new root CAs (for the file
mozilla/security/nss/lib/ckfw/builtins/certdata.txt) are not
human-readable. So they really need to be generated by
NSS developers.

Wan-Teh

Eddy Nigg

unread,
May 11, 2009, 1:55:51 PM5/11/09
to
On 05/11/2009 08:32 PM, Wan-Teh Chang:

> On Mon, May 11, 2009 at 8:44 AM, Eddy Nigg<eddy...@startcom.org> wrote:
>
>> There are quite some roots which should be included and nobody seems to be
>> working on it. Can Nelson or somebody advise if to provide patches for those
>> roots or not?
>>
> Eddy, thank you very much for offering to help.
>
> EV enablement patches (for the file
> mozilla/security/manager/ssl/src/nsIdentityChecking.cpp) are
> human-readable (except for the base64-encoded field), so you
> can help by submitting patches.
>

I asked review from Robert Relyea, but if somebody should/could review
the patches I'd appreciate it.

> Patches for new root CAs (for the file
> mozilla/security/nss/lib/ckfw/builtins/certdata.txt) are not
> human-readable. So they really need to be generated by
> NSS developers.
>

I know how to add roots if it's of any help (remember you confirmed such
a patch from me in the past ;-) ). Just advice if it's helpful and I can
invest a few hours to provide patches of the pending roots.

Nelson B Bolyard

unread,
May 11, 2009, 3:32:58 PM5/11/09
to mozilla's crypto code discussion list
On May 11, 2009 at 8:44 AM PDT, Eddy Nigg<eddy...@startcom.org> wrote:
>>
>>> There are quite some roots which should be included and nobody seems
>>> to be working on it. Can Nelson or somebody advise if to provide
>>> patches for those roots or not?

Changes to the built-in root CAs, or the list of EV-enabled CA, involve
a more extensive human protocol than other patches. Not only do they go
through the normal patch review procedures, but also test builds of Firefox
with the change present are generated and the affected CAs are required to
test those test builds and confirm the correctness of the relevant changes
before those changes can be committed. IMO, there's not much point in a
person generating any one of the patches unless that person can carry
through all the steps.

One of the most time consuming aspects of that multi-step process is
building the test builds. Mozilla has a server, known as "tryserver"
that takes a supplied patch and builds Firefox with it on all the platforms
for which Mozilla usually builds Firefox releases. I believe it is open
only to Mozilla committers. At first glance, this seems almost ideal for
generating the test builds for the CA's to use in testing. However ...

Ideally, one could tell Tryserver to "Take Firefox source from the current
branch for FF 3.0.x or FF 3.5 (from CVS or Hg, as appropriate), plus NSS
from CVS tag X, plus this small patch, and build it", but presently that
does not seem possible. Instead, it is necessary to produce a patch that
contains ALL the differences between NSS on the trunk and NSS as it
presently appears on the relevant CVS or Hg branch used by Firefox,
as well as including your own intended changes, and ask TryServer to build
with that enormous patch. This is especially challenging for builds from Hg.

Alternatively, it would be nice if Tryserver could be told to just pull
and build NSS from the CVS trunk plus the additional CVS patch, and build
that for all platforms. But it doesn't seem setup to do that, either.

In short, I cannot tell you how to build a Firefox test build on all
platforms for the CAs to use in testing. I haven't done it myself.
AFAIK, only Kai and perhaps Wan-Teh have done so.

IMO, this is a problem that Mozilla {Co,Fo} must solve.

Eddy Nigg

unread,
May 11, 2009, 3:42:39 PM5/11/09
to
On 05/11/2009 10:32 PM, Nelson B Bolyard:

Thanks Nelson! In that case I'll hold off with trying to create patches
for roots to be included in NSS. Technically I can produce the patch,
but nothing of the rest....

Adding the EV OID of the CAs is a relative small change to PSM when the
root is already included. Still, somebody needs to review the patches
and create a test build as described above - I've been testing them only
with Linux builds so far. In any case it would be nice if they could be
processed at a higher priority.

I think the Secom Trust EV patch still needs to be checked in, StartCom
and SwissSign needs to be reviewed.

Gervase Markham

unread,
May 13, 2009, 5:46:20 PM5/13/09
to
On 11/05/09 20:32, Nelson B Bolyard wrote:
> Ideally, one could tell Tryserver to "Take Firefox source from the current
> branch for FF 3.0.x or FF 3.5 (from CVS or Hg, as appropriate), plus NSS
> from CVS tag X, plus this small patch, and build it", but presently that
> does not seem possible.

Your full message sounds to me ideal for pasting into a bug on
TryServer. I know the system has been changed a bit recently to make it
more useful for people, and this seems like an excellent use case.

Gerv

Nelson B Bolyard

unread,
May 13, 2009, 7:38:45 PM5/13/09
to mozilla's crypto code discussion list

I suppose that, on principle, you're right. In the past, I would have
readily done so. But today my idealism is severely tempered by the
pragmatic realization that there are now hundreds of open bugs and RFEs
that I have filed, some years old, that have gone nowhere. I doubt that
a few more will make any difference. MoCo can't even be bothered to make
Bugzilla's patch diff tool work properly with Hg patches, and Hg is their
primary repository now.

When I consider the ENORMOUS push-back that I got from MoCo when I called
for steps to be taken to allow me to end spam in this mailing list, a
request that seemed to me to have no reasonable opposition, save from
spammers, I have little remaining expectation that any requests to
MoFo/MoCo that are seen as benefiting only NSS will ever come to fruition.

/Nelson

Eddy Nigg

unread,
May 14, 2009, 6:51:16 PM5/14/09
to
On 05/14/2009 12:46 AM, Gervase Markham:

Whatever improvements can be made in the future, I'd really like to see
NSS shipped with the latest approved roots and EV enablements. Just to
remind the valued audience that an enormous effort was made to ship the
leading CAs with EV in the FF 3.0 release, a similar effort should be
made for the 3.5 release as well.

Additionally according to
https://wiki.mozilla.org/CA:Schedule#Requests_in_the_Inclusion_Phase
there are some important CAs which in my opinion should be included with
3.5, but a code freeze is scheduled now for RC1....what else can be done
to move this forward?

Ian G

unread,
May 15, 2009, 5:59:30 AM5/15/09
to mozilla's crypto code discussion list
On 15/5/09 00:51, Eddy Nigg wrote:

> Whatever improvements can be made in the future, I'd really like to see
> NSS shipped with the latest approved roots and EV enablements. Just to
> remind the valued audience that an enormous effort was made to ship the
> leading CAs with EV in the FF 3.0 release, a similar effort should be
> made for the 3.5 release as well.
>
> Additionally according to
> https://wiki.mozilla.org/CA:Schedule#Requests_in_the_Inclusion_Phase
> there are some important CAs which in my opinion should be included with
> 3.5, but a code freeze is scheduled now for RC1....what else can be done
> to move this forward?


Would a dynamic update be possible? Some sort of coding patch, I mean.

iang

Eddy Nigg

unread,
May 18, 2009, 8:26:24 PM5/18/09
to
On 05/15/2009 01:51 AM, Eddy Nigg:

Thank you, Nelson!

Nelson B Bolyard

unread,
May 18, 2009, 9:23:46 PM5/18/09
to mozilla's crypto code discussion list
There are 9 NSS bugs requesting new root CA certs and/or changes to trust
flags on existing root CA certs in NSS. See them at

<https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&product=NSS&component=CA+Certificates&resolution=---&chfieldto=2009-05-17&chfield=%5BBug+creation%5D&order=Bug+Number>

Today, I "took" those bugs and implemented them, creating a large patch,
which I attached to bug 493660. I have the right to do that because I am
one of NSS's module owners. I also attached to that bug a build of
nssckbi.dll that can be tested with any Firefox 3.0.x build for Win32 that
was built and distributed by Mozilla. (It uses Mozilla's custom C run-time
library, which only works with Mozilla's builds for Windows.)

The normal testing procedure also involves building test builds for Linux
and MacOS/X. I didn't build test builds of nssckbi for those platforms.
I would welcome others here to take the patch from bug 493660 and build
optimized builds of nssckbi for MaxOSX or Linux and attach their nssckbi
builds (only that file) to that bug.

The next step is for the CAs to test the nssckbi DLL that I built and
report if it is satisfactory (or more specifically, if it does what their
respective NSS RFE asked for it to do).

Now, I don't want to set unrealistic expectations, so I must inform you
that I have NO idea whether Mozilla Corporation will accept any additional
NSS changes at this point or not. Three weeks ago, Bob Relyea and I wrote
to MoCo powers-that-be asking about this, and we're still awaiting an
answer. Maybe Frank can make something good happen there.


There are 6 PSM bugs, requesting that certain root CA certs be EV-enabled.
You may see those at:

<https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&short_desc_type=allwords&short_desc=Enable+EV&product=Core&component=Security%3A+PSM&resolution=---&bug_severity=enhancement&chfieldto=Now&order=Bug+Number>

I am not a PSM module owner or peer, and do not have the right to take
those bugs. It would be good if one of the PSM module peers would take
those and implement them. But again, I do not know if those changes will
be accepted for FF 3.5 at this late time, or not.

Eddy Nigg

unread,
May 18, 2009, 9:38:36 PM5/18/09
to
On 05/19/2009 04:23 AM, Nelson B Bolyard:

The normal testing procedure also involves building test builds for Linux
and MacOS/X.  I didn't build test builds of nssckbi for those platforms.
I would welcome others here to take the patch from bug 493660 and build
optimized builds of nssckbi for MaxOSX or Linux and attach their nssckbi
builds (only that file) to that bug.
  

Done for Linux.


Now, I don't want to set unrealistic expectations, so I must inform you
that I have NO idea whether Mozilla Corporation will accept any additional
NSS changes at this point or not.  Three weeks ago, Bob Relyea and I wrote
to MoCo powers-that-be asking about this, and we're still awaiting an
answer.  Maybe Frank can make something good happen there.
  

:-)


There are 6 PSM bugs, requesting that certain root CA certs be EV-enabled.
You may see those at:

<https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&short_desc_type=allwords&short_desc=Enable+EV&product=Core&component=Security%3A+PSM&resolution=---&bug_severity=enhancement&chfieldto=Now&order=Bug+Number>

I am not a PSM module owner or peer, and do not have the right to take
those bugs.  It would be good if one of the PSM module peers would take
those and implement them.  But again, I do not know if those changes will
be accepted for FF 3.5 at this late time, or not.
  

I'll create also the missing patch for Cybertrust and/or upon advise a mega patch of all EV enablements. Errr...please advise :-)

Nelson B Bolyard

unread,
May 18, 2009, 10:15:56 PM5/18/09
to mozilla's crypto code discussion list
Eddy Nigg wrote, On 2009-05-18 18:38 PDT:

> I'll create also the missing patch for Cybertrust and/or upon advise a
> mega patch of all EV enablements. Errr...please advise :-)

Thanks Eddy. I see you've already produced patches for 4 of those 6 bugs.
Patches for the remaining two would also be nice. You'll find the info for
the WellsFargo patch in bug 449394 comment 28. It's almost a complete
patch already. You can ask Bob Relyea to review.

As for a "mega patch", Doing one roll-up patch for the 6 would probably
be a big help because it will resolve merge conflicts. Bob could just
review one patch and commit it ... if we ever get approval to do that.

(BTW, it's not a MegaPatch unless it's at least a megabit long :)

Eddy Nigg

unread,
May 18, 2009, 10:28:45 PM5/18/09
to
On 05/19/2009 05:15 AM, Nelson B Bolyard:

> Eddy Nigg wrote, On 2009-05-18 18:38 PDT:
>
>
>> I'll create also the missing patch for Cybertrust and/or upon advise a
>> mega patch of all EV enablements. Errr...please advise :-)
>>
> Thanks Eddy. I see you've already produced patches for 4 of those 6 bugs.
> Patches for the remaining two would also be nice. You'll find the info for
> the WellsFargo patch in bug 449394 comment 28. It's almost a complete
> patch already. You can ask Bob Relyea to review.
>

Going to add a patch for CyberTrust (need to review the build). I can't
see WellsFargo at
https://wiki.mozilla.org/CA:Schedule#Requests_in_the_Inclusion_Phase

Is there a special bug for PSM (enabling EV)? I'll be glad to process
also this one.

> As for a "mega patch", Doing one roll-up patch for the 6 would probably
> be a big help because it will resolve merge conflicts. Bob could just
> review one patch and commit it ... if we ever get approval to do that.
>
> (BTW, it's not a MegaPatch unless it's at least a megabit long :)
>

Hehe...OK. After confirming all patches I'm going to create a combined
patch with r? to Bob.

Nelson Bolyard

unread,
May 18, 2009, 10:53:44 PM5/18/09
to
Eddy Nigg wrote, On 2009-05-18 19:28 PDT:
> On 05/19/2009 05:15 AM, Nelson B Bolyard:
>> Eddy Nigg wrote, On 2009-05-18 18:38 PDT:
>>
>>> I'll create also the missing patch for Cybertrust and/or upon advise a
>>> mega patch of all EV enablements. Errr...please advise :-)
>>>
>> Thanks Eddy. I see you've already produced patches for 4 of those 6 bugs.
>> Patches for the remaining two would also be nice. You'll find the info for
>> the WellsFargo patch in bug 449394 comment 28. It's almost a complete
>> patch already. You can ask Bob Relyea to review.
>
> Going to add a patch for CyberTrust (need to review the build).

Thanks.

Dunno about that. I consider the bug system authoritative. When Frank
or Kathleen creates a bug asking for the work to be done in NSS or PSM,
I consider that authoritative, whether some web page agrees with it or not.

> Is there a special bug for PSM (enabling EV)? I'll be glad to process
> also this one.

The Wells bug is the first one seen at
<https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&short_desc_type=allwords&short_desc=Enable+EV&product=Core&component=Security%3A+PSM&resolution=---&bug_severity=enhancement&chfieldto=Now&order=Bug+Number>

Gervase Markham

unread,
May 19, 2009, 2:32:31 PM5/19/09
to
On 14/05/09 00:38, Nelson B Bolyard wrote:
> I suppose that, on principle, you're right. In the past, I would have
> readily done so. But today my idealism is severely tempered by the
> pragmatic realization that there are now hundreds of open bugs and RFEs
> that I have filed, some years old, that have gone nowhere. I doubt that
> a few more will make any difference. MoCo can't even be bothered to make
> Bugzilla's patch diff tool work properly with Hg patches, and Hg is their
> primary repository now.

Well, Ben Hearsum is working on the TryServer _right_ _now_:
http://blog.mozilla.com/bhearsum/archives/103

> When I consider the ENORMOUS push-back that I got from MoCo when I called
> for steps to be taken to allow me to end spam in this mailing list, a
> request that seemed to me to have no reasonable opposition, save from
> spammers, I have little remaining expectation that any requests to
> MoFo/MoCo that are seen as benefiting only NSS will ever come to fruition.

Well, since you brought it up, I didn't think your approach regarding
spam on the mailing list was either particularly tactful or
proportionate. But anyway, this wouldn't necessarily benefit only NSS;
other bits of Mozilla are pulled by tag or branch.

Gerv

Frank Hecker

unread,
May 19, 2009, 2:35:42 PM5/19/09
to
Nelson B Bolyard wrote:
> Now, I don't want to set unrealistic expectations, so I must inform you
> that I have NO idea whether Mozilla Corporation will accept any additional
> NSS changes at this point or not. Three weeks ago, Bob Relyea and I wrote
> to MoCo powers-that-be asking about this, and we're still awaiting an
> answer. Maybe Frank can make something good happen there.

Unfortunately I don't have any real power with respect to what goes into
Firefox 3.5 :-( However I will do what I can.

Frank

--
Frank Hecker
hec...@mozillafoundation.org

Frank Hecker

unread,
May 19, 2009, 2:38:10 PM5/19/09
to
Nelson Bolyard wrote:
>> I can't see WellsFargo at
>> https://wiki.mozilla.org/CA:Schedule#Requests_in_the_Inclusion_Phase
>
> Dunno about that. I consider the bug system authoritative. When Frank
> or Kathleen creates a bug asking for the work to be done in NSS or PSM,
> I consider that authoritative, whether some web page agrees with it or not.

Correct. The authoritative situation is based on the bugs Kathleen files
against NSS or PSM. The wiki page is simply a summary of those, and is
not always 100% up-to-date (though Kathleen has in general been good
about maintaining it).

Eddy Nigg

unread,
May 19, 2009, 2:59:46 PM5/19/09
to
On 05/19/2009 09:35 PM, Frank Hecker:

OK, combined patches for the roots and EV OIDs are waiting for review on
bug 493660 (NSS) and bug 493709 (PSM). Those are the ones we'd like to
have approved and applied for 3.5.

Eddy Nigg

unread,
May 20, 2009, 1:45:44 PM5/20/09
to
On 05/19/2009 09:35 PM, Frank Hecker:

A good argument in favor is the fact that 20% of users never update
their browser and do so only on major releases. See
https://bugzilla.mozilla.org/show_bug.cgi?id=489139

Gen Kanai

unread,
May 20, 2009, 10:02:07 PM5/20/09
to mozilla's crypto code discussion list, Johnathan Nightingale

On May 19, 2009, at 10:23 AM, Nelson B Bolyard wrote:

> Now, I don't want to set unrealistic expectations, so I must inform
> you
> that I have NO idea whether Mozilla Corporation will accept any
> additional
> NSS changes at this point or not. Three weeks ago, Bob Relyea and I
> wrote
> to MoCo powers-that-be asking about this, and we're still awaiting an
> answer. Maybe Frank can make something good happen there.

Nelson, who were you and Bob in touch with re: that most recent NSS
patch?

Johnathan,

Can we try to see if there's any way we can grease the wheels to
update NSS sooner than later?

Gen

Nelson B Bolyard

unread,
May 21, 2009, 11:24:25 PM5/21/09
to mozilla's crypto code discussion list
I'm happy to report that the NSS changes were committed today to the source
repository from which FF 3.5 will be built. The changes made it in just
"under the wire" (at the last moment). I'm thankful to all the people
who helped make that happen.

However, It appears that the PSM changes, enabling certain root CA certs
for EV, have not yet been committed. I hope it's not too late for FF 3.5
RC0.

Eddy Nigg

unread,
May 22, 2009, 6:11:13 AM5/22/09
to mozilla's crypto code discussion list
On 05/22/2009 06:24 AM, Nelson B Bolyard:

> I'm happy to report that the NSS changes were committed today to the source
> repository from which FF 3.5 will be built. The changes made it in just
> "under the wire" (at the last moment). I'm thankful to all the people
> who helped make that happen.
>

Yes, thanks to all for their effort!

> However, It appears that the PSM changes, enabling certain root CA certs
> for EV, have not yet been committed. I hope it's not too late for FF 3.5
> RC0.
>

That would be unfortunate :S

Eddy Nigg

unread,
May 22, 2009, 6:11:13 AM5/22/09
to mozilla's crypto code discussion list
On 05/22/2009 06:24 AM, Nelson B Bolyard:
> I'm happy to report that the NSS changes were committed today to the source
> repository from which FF 3.5 will be built. The changes made it in just
> "under the wire" (at the last moment). I'm thankful to all the people
> who helped make that happen.
>

Yes, thanks to all for their effort!

> However, It appears that the PSM changes, enabling certain root CA certs


> for EV, have not yet been committed. I hope it's not too late for FF 3.5
> RC0.
>

That would be unfortunate :S

--

Eddy Nigg

unread,
May 22, 2009, 12:07:37 PM5/22/09
to
On 05/22/2009 06:24 AM, Nelson B Bolyard:
> However, It appears that the PSM changes, enabling certain root CA certs
> for EV, have not yet been committed. I hope it's not too late for FF 3.5
> RC0.
>

I think Johnathan took care of this too, which is fantastic! Thanks to
everybody to make it into the RC, well done! :-)

Eddy Nigg

unread,
May 23, 2009, 1:13:13 PM5/23/09
to
On 05/22/2009 07:07 PM, Eddy Nigg:

>
> I think Johnathan took care of this too, which is fantastic! Thanks to
> everybody to make it into the RC, well done! :-)
>

For those wanting to test the roots and EV UI may download the latest
build from
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/

For root inclusions this affects the following CAs:

S-TRUST (bug 478573)
Microsec (bug 483852)
Certigna (bug 483889)
Certicámara bug 486424)
TC TrustCenter (bug 486759)
Deutsche Telekom (bug 487647)
ComSign (bug 490487)
Cybertrust (bug 493258)

For EV:

WellsSecure (bug 449394)
SECOM Trust (bug 477145)
StartCom (bug 490492)
SwissSign (bug 492077)
Cybertrust (bug 493259)
DigiNotar (bug 493265)

It has been reported in bug 493709 that the EV UI doesn't show for some
CAs with the nightly. It will show for the current branch, but the ones
that don't show are affected by a change in the policy of revocation
checking in FF 3.5. See comment
https://bugzilla.mozilla.org/show_bug.cgi?id=493709#c12 for a possible
solution.

Eddy Nigg

unread,
May 23, 2009, 1:15:18 PM5/23/09
to
On 05/23/2009 08:13 PM, Eddy Nigg:

> On 05/22/2009 07:07 PM, Eddy Nigg:
>>
>> I think Johnathan took care of this too, which is fantastic! Thanks
>> to everybody to make it into the RC, well done! :-)
>>
>
> For those wanting to test the roots and EV UI may download the latest
> build from
> http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/
>

I think this URL is better (should be close to the RC build):
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-1.9.1/

0 new messages