freeipa team mailing list archive

Thread
Date

[Bug 1858967] Re: RM: dogtag-pki RC buggy, not in testing or stable

To: freeipa@xxxxxxxxxxxxxxxxxxx
From: Timo Aaltonen <tjaalton@xxxxxxxxxx>
Date: Thu, 09 Jan 2020 05:47:52 -0000
Reply-to: Bug 1858967 <1858967@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

dogtag-pki is in unstable because openjdk-8 will never migrate in
Debian, whereas on Ubuntu it is supported again since eoan

and it works just fine with current nss, and supports TLS 1.3 via jss
but has issues with jdk11 as the upstream bug shows

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1858967

Title:
  RM: dogtag-pki RC buggy, not in testing or stable

Status in dogtag-pki package in Ubuntu:
  Fix Released
Status in freeipa package in Ubuntu:
  Fix Released

Bug description:
  RM: RC buggy, not in testing or stable

  pki-base: Does not work with Java 11
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921926
  Does not support TLS 1.3/Java 11
  https://pagure.io/dogtagpki/issue/3088

  pki-base-java: Depends on openjdk-8-jre-headless which will not be in buster
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920725

  pki-server: Dogtag stopped starting after libnss3 upgrade to 2:3.35-2
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920725

  Please remove dogtag-pki and its only reverse-depends freeipa

  nss now uses tls v1.2 min, and v1.3 max, potentially exposing above
  issues further.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dogtag-pki/+bug/1858967/+subscriptions

References

[Bug 1858967] [NEW] RM: dogtag-pki RC buggy, not in testing or stable
From: Dimitri John Ledkov, 2020-01-09