[[ Resending to correct debian-lts, I forgot the "lists." bit... ]]
On Fri, 2019-02-08 at 11:18 -0800, Brad Warren wrote:
> To provide a little more information as an upstream maintainer of
> Certbot, the lack of an upgrade here will affect a lot of Debian
> Jessie users.
>
> Let’s Encrypt started sending out multiple emails telling affected
> users they needed to upgrade their client or they will become unable
> to renew their certificates 3 weeks ago. Looking at server side data
> from the past week on how many Jessie users continue to rely on these
> soon to be broken packages, I estimate it is 20,000 users maintaining
> 37,000 certificates for 64,000 domains.
>
> Is there really nothing that can be done here? Is it possible to make
> an exception to Debian’s normal policy to prevent TLS configurations
> from breaking on tens of thousands of websites?
There is no need for an exception, jessie-backports is not the right
place to be fixing this issue even if it were still open. It should be
fixed by an update to either Jessie itself of the security suite.
Jessie(-security) is currently maintained (until June 2020) by the LTS
team[0], who I've cc-d here.
There was a similar thread on the backports list which ended with [1]
but I don't know if this ever formally came to the LTS team.
Ian (not involved with LTS nor backports nor letsencrypt team).
[0] https://wiki.debian.org/LTS/
[1] https://lists.debian.org/debian-backports/2019/01/msg00052.html