This document describes the policy for updating the Certbot-related packages (currently the source packages python-acme, python-certbot, python-certbot-apache and python-certbot-nginx) to new upstream versions in a stable, supported distro (including LTS releases). This is an exception to the standard SRU process and includes new features under the SRU "new features for LTS" exception.

The primary purpose of certbot is to automatically obtain and configure SSL certificates. Certificates are obtained using the ACME protocol, which involves a validation step to "prove" ownership of a configured domain, for example by configuring a web server to respond with a correct token when queried using the domain requested. Once obtained, certbot then configures the web server with the issued certificate.

Certbot is under active development upstream. Feature work generally involves better integration with the platform (eg. web server daemons). For example, a recent update enhanced certbot to correctly configure web server daemons in the case that multiple virtual domains are configured. As Ubuntu Server LTS is one of the most commonly used platforms for serving websites, and we want to promote the "HTTPS everywhere" initiative, it makes sense for the LTS to be updated with these types of enhancements.

Requesting the SRU

The SRU should be done with a single process bug, instead of individual bug reports for individual bug fixes. See bug 1640978 for an example. The one bug should have the following:

Reviewing the SRU

In addition to normal SRU review checks, the SRU team should additionally consider if any major changes are still appropriate to be automatically updated by Ubuntu users.

QA Process

Upstream carries out extensive testing:

Packaging includes a dep8 smoke test.

SRU Verification Process

The following must be verified before a proposed update is marked verification-done-<series>:

SRU Template

This bug tracks an update for the Certbot family of packages, version TODO.

This update includes [TODO: remove one] bugfixes only/new features following the SRU policy exception defined at https://wiki.ubuntu.com/StableReleaseUpdates/Certbot.

[Impact]

Not directly applicable; see the exception policy document at https://wiki.ubuntu.com/StableReleaseUpdates/Certbot

TODO: explain why we need this particular update

[Major Changes]

TODO: explain what changes users receiving the SRU will experience. In the case of a backport, this should summarize all changes from the version currently available in the stable releases to the uploads being proposed.

[Test Plan]

See https://wiki.ubuntu.com/StableReleaseUpdates/Certbot#SRU_Verification_Process

[Regression Potential]

Upstream performs extensive testing before release, giving us a high degree of confidence in the general case. There problems are most likely to manifest in Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters.

TODO: consider any other regression potential specific to the version being updated.

StableReleaseUpdates/Certbot (last edited 2019-09-12 14:38:14 by racb)