There's a general move away from nss now that openssl is better maintained. Fedora for a lot of usecases has moved to either openssl or gnutls. In Fedora 29 this is the only user of nss in a minimal install.
There was an effort to replace NSS in volume_key by OpenSSL, but it was abandoned mainly due to two backward compatibility issues:
volume_key
libvolume_key
PK11_SetPasswordFunc
So if breaking the backward compatibility is not a problem, (lib)volume_key can be still ported to something else than NSS (in case of volume_key utility, this also means to abandon the ability of working with NSS key and cert databases).
(lib)volume_key
NSS API is exposed in libvolume_key API.
Looks like kind of bad abstraction. Nevertheless at the moment nss is only required by volume_key on minimal system install profile
Just checked on one of my systems with minimal set of installed packages. If volume_key would be ported to openssl it will be possible completely remove nss/nspr from such system image as looks like now volume_key is only package which still requires nss/nspr. I really thing that it would be good to cut off that dependency.
[root@tin]# rpm -e nspr nss nss-softokn nss-sysinit nss-softokn-freebl nss-util error: Failed dependencies: libnspr4.so()(64bit) is needed by (installed) volume_key-libs-0.3.12-4.fc31.x86_64 libnss3.so()(64bit) is needed by (installed) volume_key-libs-0.3.12-4.fc31.x86_64 libnss3.so(NSS_3.2)(64bit) is needed by (installed) volume_key-libs-0.3.12-4.fc31.x86_64 libnss3.so(NSS_3.3)(64bit) is needed by (installed) volume_key-libs-0.3.12-4.fc31.x86_64 libsmime3.so()(64bit) is needed by (installed) volume_key-libs-0.3.12-4.fc31.x86_64 libsmime3.so(NSS_3.2)(64bit) is needed by (installed) volume_key-libs-0.3.12-4.fc31.x86_64
Login to comment on this ticket.