| From: | Christoph Berg <myon(at)debian(dot)org> |
|---|---|
| To: | Stefan Huehner <stefan(at)huehner(dot)org> |
| Cc: | pgsql-pkg-debian(at)postgresql(dot)org |
| Subject: | Re: apt.postgresql.org repo via https will fail will some users starting 2021-10-01 |
| Date: | 2021-09-09 12:33:49 |
| Message-ID: | YTn/LRZEtVi38f5G@msg.df7cb.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-debian |
Re: Stefan Huehner
> sending this here as looks like https://apt.postgresql.org is affected by this so this could trigger some support/user questions.
>
> Note this only (!) happens when using https:// in sources.list for the pgdg repo.
Hi,
thanks for sharing this.
We aren't advertising https:// for apt.postgresql.org anywhere, but
the download instructions tell users to "wget" the repository key from
https://www.postgresql.org, so we are at least somewhat affected.
(wget is using gnutls at least in unstable.)
> Ideas:
> - Do nothing apt.postgresql suggest http:// in the instructions
> - Some on the website
> - Think on reconfiguring certbot/Let's Encrypt on the server to switch to the alternative chain (avoiding this bug but breaking compatibility with old Android
That's probably rather the ca-certificates package?
> - Raise as bug to debian also (against openssl/gnutls) to maybe patch both in stable also to avoid this ?
> - Not sure if that is a interesting/acceptable material for stable/old-stable?
If stretch/buster/bullseye are affected, these should be fixed, yes.
Though none of this is material for the PostgreSQL packages, can you
raise the issue with the LTS team?
Christoph
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stefan Huehner | 2021-09-09 15:15:08 | Re: apt.postgresql.org repo via https will fail will some users starting 2021-10-01 |
| Previous Message | apt.postgresql.org Repository Update | 2021-09-09 10:50:59 | pgxnclient updated to version 1.3.2-1.pgdg+1 |