** Description changed: [Impact] - Not directly applicable; see the exception policy document. + Not directly applicable; see the exception policy document: + https://wiki.ubuntu.com/StableReleaseUpdates/Certbot [Major Changes] This bug affects the python-acme package in all released versions of Ubuntu, with the exception of Eoan Ermine which uses a newer version of python-acme. The major change in the package is the backporting of fixes to allow the python-acme package to continue to work with Let’s Encrypt’s “ACMEv2” endpoint, which is their RFC 8555 compliant endpoint for issuing and renewing TLS certificates, after service changes are made on November 1st. See https://community.letsencrypt.org/t/acme-v2-scheduled- deprecation-of-unauthenticated-resource-gets/74380 for more details about this change. The primary concern here is that users of the library, most commonly users of the certbot package, will no longer be able to obtain new certificates and existing certificates issued via certbot will no longer be able to renew, resulting in broken TLS configurations for many users and sites hosted on Ubuntu where certbot is used to request and renew TLS certificates. [Test Plan] See https://wiki.ubuntu.com/StableReleaseUpdates/Certbot#SRU_Verification_Process [Regression Potential] Upstream performs extensive testing before release, giving us a high degree of confidence in the general case. There problems are most likely to manifest in Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. As opposed to upgrading to the newer version of python-acme (0.36.0-1) from Eoan Ermine, and advantage of SRU'ing the 0.31.0-2 version to Xenial, Bionic, Cosmic and Disco, is that there are no breaking API changes between python-acme 0.31.0-2 and the version of python-acme currently in the repositories. Therfore, SRU'ing 0.31.0-2 carries the least risk of regression while enabling the library to function correctly after November 1st. The regression potential of backporting 0.36.0-1 and associated newer dependencies would be higher, as more packages would need to be backported and the risk of introducing breaking API changes to dependant applications would therefore be increased.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836823 Title: python-acme will break on November 1st To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-acme/+bug/1836823/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
