Re: apt.postgresql.org repo via https will fail will some users starting 2021-10-01

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Christoph Berg <[email protected]>
To: Stefan Huehner <[email protected]>
Cc: [email protected]
Subject: Re: apt.postgresql.org repo via https will fail will some users starting 2021-10-01
Date: Thu, 9 Sep 2021 14:33:49 +0200
Message-ID: <YTn/[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>

Re: Stefan Huehner
> sending this here as looks like https://apt.postgresql.org is affected by this so this could trigger some support/user questions.
> 
> Note this only (!) happens when using https:// in sources.list for the pgdg repo.

Hi,

thanks for sharing this.

We aren't advertising https:// for apt.postgresql.org anywhere, but
the download instructions tell users to "wget" the repository key from
https://www.postgresql.org, so we are at least somewhat affected.
(wget is using gnutls at least in unstable.)

> Ideas:
> - Do nothing apt.postgresql suggest http:// in the instructions
> - Some on the website
> - Think on reconfiguring certbot/Let's Encrypt on the server to switch to the alternative chain (avoiding this bug but breaking compatibility with old Android

That's probably rather the ca-certificates package?

> - Raise as bug to debian also (against openssl/gnutls) to maybe patch both in stable also to avoid this ?
>   - Not sure if that is a interesting/acceptable material for stable/old-stable?

If stretch/buster/bullseye are affected, these should be fixed, yes.

Though none of this is material for the PostgreSQL packages, can you
raise the issue with the LTS team?

Christoph

view thread (8+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: apt.postgresql.org repo via https will fail will some users starting 2021-10-01
  In-Reply-To: <YTn/[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox