dogtag-pki is in unstable because openjdk-8 will never migrate in Debian, whereas on Ubuntu it is supported again since eoan
and it works just fine with current nss, and supports TLS 1.3 via jss but has issues with jdk11 as the upstream bug shows -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1858967 Title: RM: dogtag-pki RC buggy, not in testing or stable Status in dogtag-pki package in Ubuntu: Fix Released Status in freeipa package in Ubuntu: Fix Released Bug description: RM: RC buggy, not in testing or stable pki-base: Does not work with Java 11 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921926 Does not support TLS 1.3/Java 11 https://pagure.io/dogtagpki/issue/3088 pki-base-java: Depends on openjdk-8-jre-headless which will not be in buster https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920725 pki-server: Dogtag stopped starting after libnss3 upgrade to 2:3.35-2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920725 Please remove dogtag-pki and its only reverse-depends freeipa nss now uses tls v1.2 min, and v1.3 max, potentially exposing above issues further. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dogtag-pki/+bug/1858967/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
