Hm.  Yes, that's true.  This is because the python-requests dependency
on python-ndg-httpsclient is only a Recommends, but the part of the
code that certbot depends on (the requests "security" extra) has a
hard dependency.

I'll add a patch to put it in our dependencies for now; because of the
freeze, it'll take several days or longer to make it into
jessie-backports and stretch.  I've also opened up a wishlist item
against python-requests to ship something that we can add a Depends on
to help prevent this in the future.  (That's bug #861517, if you want
to follow along at home.)

That being said... there's a sense these days that systems which don't
install Recommends' may be subject to breakage.  I know a lot of
support channels will simply refuse to help on systems without
recommends enabled, just because of the bizarre behavior that can
result.  I agree this case a Depends is certainly the right
designation, but... in general, hic sunt draconis.

Sincerely,

-- 
Harlan Lieberman-Berg
~hlieberman

_______________________________________________
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel

Reply via email to