Your message dated Sat, 16 Feb 2019 11:36:33 +0000
with message-id <[email protected]>
and subject line Closing bugs for updates included in 9.8
has caused the Debian Bug report #887399,
regarding stretch-pu: package python-certbot/0.10.2-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
887399: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887399
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: [email protected]
Usertags: pu
Hello Release Team,
Due to a security issue in the underlying Let's Encrypt protocol, one of the
main methods of getting certificates from Let's Encrypt has been disabled (the
TLS-SNI-01 protocol;
https://community.letsencrypt.org/t/tls-sni-challenges-disabled-for-most-new-issuance/50316
for more info).
This puts us in a bit of an awkward spot. The upstream certbot provider is
preparing to do a new release that has support for HTTP-01 inside the
python-certbot-apache and python-certbot-nginx plugins, as well as the required
work in python-acme and python-certbot (and certbot), but I'm not sure
backporting the patches is realistic. A lot of development has been done in
the interim, both in the certbot packaging and in the upstream software.
Without those patches, users with the apache or nginx plugins will fail to
update their certificates starting 2018-04-09.
I can talk to the certbot upstream to see if they'd be willing to help backport
the patches (CCed), but initial conversations seem to indicate that doing so
will be difficult.
The other approach that we can take is to backport the next version that
supports the new challenge through to s-p-u and into stable. I'm guessing that
you will ask me to unwind the work I did to convert to python3 in the last
release (sadface), but I can do that if that's what it needs to get this fixed
in stable.
Gurus and Wise Ones, I beseech you for guidance!
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.14.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Version: 9.8
Hi,
The update referenced by each of these bugs was included in this
morning's stretch point release.
Regards,
Adam
--- End Message ---
