Re: Certbot in Debian Stretch
On 23/11/16 09:57, Thijs Kinkhorst wrote:
> Hi Peter,
>
> On Tue, November 22, 2016 02:40, Peter Eckersley wrote:
>> I'm an upstream developer for Certbot, previously known as the Let's
>> Encrypt client (https://certbot.eff.org). Certbot is a flexible and very
> popular
>> way to get certificates from Let's Encrypt;
>
> Thanks a lot for your efforts. This is really useful indeed.
>
>> The ACME protocol that it uses to talk to Let's Encrypt is also rapidly
>> evolving through an IETF working group
>> (https://datatracker.ietf.org/wg/acme/charter/), and the Let's Encrypt
>> server-side codebase (https://github.com/letsencrypt/boulder) is
>> currently working with an ACME backwards compatibilty window of 6-12
>> months, but probably not longer than that.
>
> I'm a bit surprised by this policy. To my knowledge, concepts like automation
> and "hassle-free" are central to the Let's Encrypt concept. Obviously are
> online for more than a year, so installing Let's Encrypt certificates on them
> is not quite automated or hassle-free if you need to upgrade certbot several
> times during the projected lifetime of the server.
>
> Is it really necessary to have such, in my opinion, really short API
> lifetimes?
> Surely you want to extend and develop it, but this can be done while keeping
> compatibility with existing clients in the field.
>
I'm guessing that the Let's Encrypt people eventually hope to achieve
that, but they are saying they are not going to make that level of
commitment before the next Debian freeze.
Reply to: