Re: apt.postgresql.org repo via https will fail will some users starting 2021-10-01

Re: Stefan Huehner
> sending this here as looks like https://apt.postgresql.org is affected by this so this could trigger some
support/userquestions.
 
> 
> Note this only (!) happens when using https:// in sources.list for the pgdg repo.

Hi,

thanks for sharing this.

We aren't advertising https:// for apt.postgresql.org anywhere, but
the download instructions tell users to "wget" the repository key from
https://www.postgresql.org, so we are at least somewhat affected.
(wget is using gnutls at least in unstable.)

> Ideas:
> - Do nothing apt.postgresql suggest http:// in the instructions
> - Some on the website
> - Think on reconfiguring certbot/Let's Encrypt on the server to switch to the alternative chain (avoiding this bug
butbreaking compatibility with old Android
 

That's probably rather the ca-certificates package?

> - Raise as bug to debian also (against openssl/gnutls) to maybe patch both in stable also to avoid this ?
>   - Not sure if that is a interesting/acceptable material for stable/old-stable?

If stretch/buster/bullseye are affected, these should be fixed, yes.

Though none of this is material for the PostgreSQL packages, can you
raise the issue with the LTS team?

Christoph