[Letsencrypt-devel] Bug#861513: Bug#861513: python-certbot: Missing dependency on python-ndg-httpsclient from jessie-backports

Harlan Lieberman-Berg hlieberman at debian.org
Sun Apr 30 00:19:59 UTC 2017

Hm.  Yes, that's true.  This is because the python-requests dependency
on python-ndg-httpsclient is only a Recommends, but the part of the
code that certbot depends on (the requests "security" extra) has a
hard dependency.

I'll add a patch to put it in our dependencies for now; because of the
freeze, it'll take several days or longer to make it into
jessie-backports and stretch.  I've also opened up a wishlist item
against python-requests to ship something that we can add a Depends on
to help prevent this in the future.  (That's bug #861517, if you want
to follow along at home.)

That being said... there's a sense these days that systems which don't
install Recommends' may be subject to breakage.  I know a lot of
support channels will simply refuse to help on systems without
recommends enabled, just because of the bizarre behavior that can
result.  I agree this case a Depends is certainly the right
designation, but... in general, hic sunt draconis.


Harlan Lieberman-Berg

More information about the Letsencrypt-devel mailing list