Re: Bug#921663: Please add python-certbot update to jessie-backports

2019-02-11 Thread Brad Warren 
I agree with the concerns about updating python3-cryptography in jessie.

If we can’t update jessie, I’d ideally love to see the packages in 
jessie-backports updated. Despite the announcement that jessie-backports was 
discontinued ~6 months ago, tens of thousands of users and many more domains 
continue to rely on these packages as I wrote earlier in this thread. It would 
be great if a simple package upgrade was all they needed to do to prevent their 
TLS configurations from breaking.

With that said, I am not deeply familiar with the processes here and I am 
unsure how painful this would be to do.

Brad

> On Feb 11, 2019, at 2:28 AM, Ian Campbell  wrote:
> 
> On Mon, 2019-02-11 at 12:06 +0200, Adrian Bunk wrote:
>> certbot is not in jessie, so nothing to fix/update there.
> 
> Oh, I hadn't realised that bit, thanks for clarifying.
> 
> I have no advice/suggestions then.
> 
> Ian.
> 
>

Re: Bug#921663: Please add python-certbot update to jessie-backports

2019-02-09 Thread Brad Warren 
Thanks for looking into that Ola.

I think we could work around the python3-sphinx problem. It’s just used for 
building the docs and python3-sphinx (>= 1.6) is not in Stretch despite the 
Certbot package being updated there. It seems to me like something similar 
could be done here.

python3-cryptography certainly might be a problem though.

> On Feb 9, 2019, at 12:27 PM, Ola Lundqvist  wrote:
> 
> Hi Holger and Brad
> 
> Here is a little more extensive list of dependencies:
> 
> python-certbot (of course as it is the one providing certbot)
> python3-acme (>= 0.26.0~) - not in jessie, available in backports
> python3-configargparse - not in jessie, available in backports
> python3-cryptography (>= 1.2) - update needed (affecting something else?), 
> available in backports
> python3-josepy - not in jessie
> python3-rfc3339 - not in jessie, available in backports
> python3-sphinx (>= 1.6) - update needed (affecting something else?)
> python-certbot-nginx
> python-certbot-apache
> 
> python-certbot-nginx and python-certbot-apache do not seem to add any 
> additional dependencies that are not already in jessie.
> 
> I have not checked if any of the above packages require further dependencies 
> so the list may grow larger.
> 
> Best regards
> 
> // Ola
> 
> On Sat, 9 Feb 2019 at 20:58, Brad Warren  wrote:
> 
> 
> > On Feb 9, 2019, at 6:19 AM, Holger Levsen  wrote:
> > 
> > On Sat, Feb 09, 2019 at 02:54:43PM +0100, Ola Lundqvist wrote:
> >> I can also add that I have looked into this for myself and the number of
> >> needed dependencies is rather large. So it is not just certbot that need an
> >> update, we also need to include quite a few other packages too.
> > 
> > how large exactly?
> > 
> All of:
> 
> - python-acme
> - python-certbot
> - python-certbot-apache
> - python-certbot-nginx
> - python-josepy
> 
> would need to be added/updated like they were in Stretch. (The new 
> python-josepy package comes from it being split out of python-acme.)
> 
> We have spent a lot of time upstream keeping compatibility with older 
> versions of our dependencies and not adding new dependencies with the goal of 
> making situations like this easier.
> 
> With that said, these Debian packages have switched from Python 2 to Python 3 
> since the last time they were updated in jessie-backports. The switch to 
> Python 3 would either need to be undone (as we have kept compatibility with 
> Python 2 upstream) or Python 3 versions of some of our dependencies would 
> need to be added. I am not sure how many packages would be affected if the 
> latter approach was taken.
> 
> > 
> > -- 
> > tschau,
> >   Holger
> > 
> > ---
> >   holger@(debian|reproducible-builds|layer-acht).org
> >   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
> 
> 
> 
> -- 
>  --- Inguza Technology AB --- MSc in Information Technology 
> /  o...@inguza.comFolkebogatan 26\
> |  o...@debian.org   654 68 KARLSTAD|
> |  http://inguza.com/Mobile: +46 (0)70-332 1551 |
> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>  ---
>

Re: Bug#921663: Please add python-certbot update to jessie-backports

2019-02-09 Thread Brad Warren 



> On Feb 9, 2019, at 6:19 AM, Holger Levsen  wrote:
> 
> On Sat, Feb 09, 2019 at 02:54:43PM +0100, Ola Lundqvist wrote:
>> I can also add that I have looked into this for myself and the number of
>> needed dependencies is rather large. So it is not just certbot that need an
>> update, we also need to include quite a few other packages too.
> 
> how large exactly?
> 
All of:

- python-acme
- python-certbot
- python-certbot-apache
- python-certbot-nginx
- python-josepy

would need to be added/updated like they were in Stretch. (The new 
python-josepy package comes from it being split out of python-acme.)

We have spent a lot of time upstream keeping compatibility with older versions 
of our dependencies and not adding new dependencies with the goal of making 
situations like this easier.

With that said, these Debian packages have switched from Python 2 to Python 3 
since the last time they were updated in jessie-backports. The switch to Python 
3 would either need to be undone (as we have kept compatibility with Python 2 
upstream) or Python 3 versions of some of our dependencies would need to be 
added. I am not sure how many packages would be affected if the latter approach 
was taken.

> 
> -- 
> tschau,
>   Holger
> 
> ---
>   holger@(debian|reproducible-builds|layer-acht).org
>   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C