** Description changed: [Impact] + + Not directly applicable; see the exception policy document. + + [Major Changes] This bug affects the python-acme package in all released versions of Ubuntu, with the exception of Eoan Ermine which uses a newer version of python-acme. - After November 1, the current python-acme package will no longer work - with Let’s Encrypt’s “ACMEv2” endpoint, which is their RFC 8555 - compliant endpoint for issuing and renewing TLS certificates. - - See https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation- - of-unauthenticated-resource-gets/74380 for more details about this - change. + The major change in the package is the backporting of fixes to allow the + python-acme package to continue to work with Let’s Encrypt’s “ACMEv2” + endpoint, which is their RFC 8555 compliant endpoint for issuing and + renewing TLS certificates, after service changes are made on November + 1st. See https://community.letsencrypt.org/t/acme-v2-scheduled- + deprecation-of-unauthenticated-resource-gets/74380 for more details + about this change. The primary concern here is that users of the library, most commonly users of the certbot package, will no longer be able to obtain new certificates and existing certificates issued via certbot will no longer be able to renew, resulting in broken TLS configurations for many users and sites hosted on Ubuntu where certbot is used to request and renew TLS certificates. - [Test Case] + [Test Plan] - Given the breaking change will not occur until November the first, it is - not easy to reproduce the failure case. However, testing this package - should include verifying that a certificate can be successfully issued - from the current live letsencrypt endpoints via the certbot command line - utility, installable via the certbot package. + See + https://wiki.ubuntu.com/StableReleaseUpdates/Certbot#SRU_Verification_Process [Regression Potential] + + Upstream performs extensive testing before release, giving us a high + degree of confidence in the general case. There problems are most likely + to manifest in Ubuntu-specific integrations, such as in relation to the + versions of dependencies available and other packaging-specific matters. As opposed to upgrading to the newer version of python-acme (0.36.0-1) from Eoan Ermine, and advantage of SRU'ing the 0.31.0-2 version to Xenial, Bionic, Cosmic and Disco, is that there are no breaking API changes between python-acme 0.31.0-2 and the version of python-acme currently in the repositories. Therfore, SRU'ing 0.31.0-2 carries the least risk of regression while enabling the library to function correctly after November 1st. The regression potential of backporting 0.36.0-1 and associated newer dependencies would be higher, as more packages would need to be backported and the risk of introducing breaking API changes to dependant applications would therefore be increased. - - [Other Information] - - * The package being tested is being introduced from Debian Buster and is currently in use - * The package being SRU'd has minimal changes required to allow building the package on older versions of Ubuntu
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836823 Title: python-acme will break on November 1st To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-acme/+bug/1836823/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
