On Fri, 2019-10-25 at 19:21 +0100, Adam D. Barratt wrote: > On Fri, 2019-10-25 at 10:58 -0700, Brad Warren wrote: > > I’m an upstream maintainer of python-acme. > > > > Both Let’s Encrypt [1] and the Certbot client which uses this > > library encourage people to use Let’s Encrypt’s staging endpoint to > > test that they have things working correctly before using Let’s > > Encrypt’s production endpoint which has strict rate limits. Certbot > > uses the staging endpoint when —dry-run is provided which we tell > > all Debian Stretch users to use [2] and we have been doing so for > > years. > > Thanks for the extra context.
I've included a draft for an SUA below; comments welcome. For reference, previous announcements can be found via the web archives at https://lists.debian.org/debian-stable-announce/ Regards, Adam ----------------------------------------------------------------------- Debian Stable Updates Announcement SUA 173-1 https://www.debian.org [email protected] Harlan Lieberman-Berg October 26th, 2019 ----------------------------------------------------------------------- Package : python-acme Version : 0.28.0-1~deb9u2 Importance : high python-acme is part of an implementation of the ACME protocol, as used by the Let's Encrypt certification authority to issue TLS certificates. The ACME protocol has deprecated support for the use of unauthenicated GET requests in favour of authenticated POST requests. On November 1st, Let's Encrypt's staging ACME v2 endpoint will stop supporting the older protocol, with the production endpoint following at a later point. The staging endpoint is used by applications such as certbot in order to perform tests before issuing a certificate. This update moves python-acme to use the newer protocol. If you use python-acme, we strongly recommend that you install this update. Upgrade Instructions -------------------- You can get the updated packages by adding the stable-updates archive for your distribution to your /etc/apt/sources.list: deb http://deb.debian.org/debian stretch-updates main deb-src http://deb.debian.org/debian stretch-updates main You can also use any of the Debian archive mirrors. See https://www.debian.org/mirrors/list for the full list of mirrors. For further information about stable-updates, please refer to https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at [email protected]
