Control: tag -1 - moreinfo On Mon, May 29, 2017 at 01:11:47PM +0100, Jonathan Wiltshire wrote: > None of these issues seem to have corresponding BTS bugs. If they did, > which severity would you choose? (hint: if they're not at least > 'serious'...)
I would assign the following severities: * Validate hostnames in 'acmetool want' [1] Severity: normal This improves the error handling when the user passes an invalid host name. https://github.com/hlandau/acme/issues/204 * Allow environment variables to be passed to challenge hooks [2] Severity: normal https://github.com/hlandau/acme/issues/166 * Allow acmeapi to obtain new nonces if nonce pool is depleted [3] Severity: important This fixes a potential failure to acquire certificates. https://github.com/hlandau/acme/issues/214 * Don't attempt fdb permission tests on non-cgo builds [4] Severity: serious This fixes an FTBFS on architectures using gcc-go. https://github.com/hlandau/acme/issues/219 * Add read/write timeouts to redirector server [5] Severity: serious This fixes a denial-of-service in the HTTP-to-HTTPS redirector. * Allow hidden files within the state directory [6] Severity: important This ignores dot files in /var/lib/acme, e.g., .git/. https://github.com/hlandau/acme/issues/153 I strongly believe the users of the acmetool package would be best served by Debian if all of the above fixes were included in stretch. Regards, Peter [1] https://github.com/hlandau/acme/commit/96126c04eb76c1921127731ea3ae562a67459b2d [2] https://github.com/hlandau/acme/commit/c8f5d91e3b1d5fab90fda1298a65f5f283555097 [3] https://github.com/hlandau/acme/commit/a087733bf7567b224b8d192e2747f794fc93a27c [4] https://github.com/hlandau/acme/commit/ca02f4791ab63b92907c2dfcf7d1f9a1f62b7b87 [5] https://github.com/hlandau/acme/commit/b9637d98466b45de1b7fc848474d1fc10ef60667 [6] https://github.com/hlandau/acme/commit/677aa28007341961102375d45857e26fac149e80