{"update": {"autokarma": false, "autotime": false, "stable_karma": 3, "stable_days": 14, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Update to 23.2.0, resolves rhbz#2181444", "type": "bugfix", "status": "obsolete", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": false, "critpath": true, "critpath_groups": "critical-path-compose", "close_bugs": true, "date_submitted": "2023-08-11 20:25:02", "date_modified": null, "date_approved": null, "date_testing": "2023-08-12 04:42:47", "date_stable": null, "alias": "FEDORA-2023-6fc894ef59", "test_gating_status": "failed", "from_tag": null, "date_pushed": "2023-08-12 04:42:47", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-6fc894ef59", "title": "pyOpenSSL-23.2.0-1.fc38", "version_hash": "31dfd7905799255334ebaff858013b482a0d659c", "release": {"name": "F38", "long_name": "Fedora 38", "version": "38", "id_prefix": "FEDORA", "branch": "f38", "dist_tag": "f38", "stable_tag": "f38-updates", "testing_tag": "f38-updates-testing", "candidate_tag": "f38-updates-candidate", "pending_signing_tag": "f38-signing-pending", "pending_testing_tag": "f38-updates-testing-pending", "pending_stable_tag": "f38-updates-pending", "override_tag": "f38-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": "2024-05-21", "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "pwouters", "email": "paul.wouters@aiven.io", "id": 114, "avatar": "https://seccdn.libravatar.org/avatar/12ef75fb47f92a3229508b53bac42a2816df9eb03bf969dd05fc78d8fb3cb06c?s=24&d=retro", "openid": "pwouters.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "sysadmin"}, {"name": "sysadmin-dns"}, {"name": "dns-sig"}, {"name": "crypto-team"}, {"name": "clamav"}, {"name": "trust admins"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by pwouters. ", "timestamp": "2023-08-11 20:25:02", "update_id": 537962, "user_id": 91, "id": 3156119, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2023-08-11 20:25:03", "update_id": 537962, "user_id": 91, "id": 3156120, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'failed'.", "timestamp": "2023-08-11 21:00:40", "update_id": 537962, "user_id": 91, "id": 3156158, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": -1, "karma_critpath": 0, "text": "The test failures are because there doesn't seem to be a python-cryptography version in F38 that can allow this be installed:\n\n    Error: \n     Problem: cannot install the best update candidate for package python3-pyOpenSSL-21.0.0-4.fc37.noarch\n      - nothing provides ((python3.11dist(cryptography) < 40 or python3.11dist(cryptography) > 40) with (python3.11dist(cryptography) < 40.0.1 or python3.11dist(cryptography) > 40.0.1) with python3.11dist(cryptography) < 42~~ with python3.11dist(cryptography) >= 38) needed by python3-pyOpenSSL-23.2.0-1.fc38.noarch from @commandline\n\nHowever, more importantly, I think this update clearly goes against the [updates policy](https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#stable-releases):\n\n\"As a result, we should avoid major updates of packages within a stable release. Updates should aim to fix bugs, and not introduce features, particularly when those features would materially affect the user or developer experience. The update rate for any given release should drop off over time, approaching zero near release end-of-life; since updates are primarily bugfixes, fewer and fewer should be needed over time.\"\n\nThis is a major version update with several backwards-incompatible changes compared to the current version in F38, which is 21.0.0. Per [the upstream changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst), since 21.0.0, the package has \"Remove[d] support for SSLv2 and SSLv3\", \"The OpenSSL.crypto.X509StoreContextError exception has been refactored, changing its internal attributes\", and \"Removed X509StoreFlags.NOTIFY_POLICY\" (as well as some new deprecations). These do not seem like changes that ought to go into a stable release without substantial justification; the justification for this update is only \"it's a new version!\" The \"XXX is available\" bugs are meant to prompt you to update the package in Rawhide (and maybe Branched), not in stable releases.", "timestamp": "2023-08-11 23:57:37", "update_id": 537962, "user_id": 302, "id": 3156275, "bug_feedback": [{"karma": 0, "comment_id": 3156275, "bug_id": 2181444, "bug": {"bug_id": 2181444, "title": "pyOpenSSL-23.2.0 is available", "security": false, "parent": false}}], "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}, {"karma": 0, "karma_critpath": 0, "text": "The current python-cryptography in F38 is 37.0.2; this update would require it to be bumped to at least 38, which would be another major version change.", "timestamp": "2023-08-12 00:00:42", "update_id": 537962, "user_id": 302, "id": 3156276, "bug_feedback": [{"karma": 0, "comment_id": 3156276, "bug_id": 2181444, "bug": {"bug_id": 2181444, "title": "pyOpenSSL-23.2.0 is available", "security": false, "parent": false}}], "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2023-08-12 04:43:44", "update_id": 537962, "user_id": 91, "id": 3156568, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.", "timestamp": "2023-08-12 04:43:45", "update_id": 537962, "user_id": 91, "id": 3156571, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": -1, "karma_critpath": 0, "text": "Broken dependencies", "timestamp": "2023-08-13 16:51:52", "update_id": 537962, "user_id": 96, "id": 3157453, "bug_feedback": [{"karma": -1, "comment_id": 3157453, "bug_id": 2181444, "bug": {"bug_id": 2181444, "title": "pyOpenSSL-23.2.0 is available", "security": false, "parent": false}}], "testcase_feedback": [], "user": {"name": "pbrobinson", "email": "pbrobinson@gmail.com", "id": 96, "avatar": "https://seccdn.libravatar.org/avatar/3bac3f1833b19f5b5e62e166d64737430603201d1513dcc33a8c147d702a2e7d?s=24&d=retro", "openid": "pbrobinson.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "bodhiadmin"}, {"name": "sysadmin-main"}, {"name": "releng-team"}, {"name": "fedora-s390"}, {"name": "gitfedora-arm-installer"}, {"name": "gitspin-kickstarts"}, {"name": "fedorabugs"}, {"name": "fedora-ppc"}, {"name": "alt-sugar"}, {"name": "torrentadmin"}, {"name": "sysadmin-cvs"}, {"name": "gitfedora-wiki"}, {"name": "sysadmin-releng"}, {"name": "aarch64"}, {"name": "sysadmin"}, {"name": "signed_fpca"}, {"name": "fedora-arm"}, {"name": "sysadmin-secondary"}, {"name": "iot"}, {"name": "ipausers"}, {"name": "arm-qa"}, {"name": "fedora-contributor"}, {"name": "gitpungi"}, {"name": "cvsadmin"}]}}, {"karma": -1, "karma_critpath": 0, "text": "Same broken dependencies problem here:     \n\n\n        Problema: n\u00e3o \u00e9 poss\u00edvel instalar o melhor candidato \u00e0 atualiza\u00e7\u00e3o para o pacote python3-pyOpenSSL-21.0.0-4.fc37.noarch      \n        - nothing provides ((python3.11dist(cryptography) < 40 or python3.11dist(cryptography) > 40) with (python3.11dist(cryptography) < 40.0.1 or python3.11dist(cryptography) > 40.0.1) with python3.11dist(cryptography) < 42~~ with python3.11dist(cryptography) >= 38) needed by python3-pyOpenSSL-23.2.0-1.fc38.noarch from updates-testing\n", "timestamp": "2023-08-14 13:14:24", "update_id": 537962, "user_id": 5881, "id": 3158516, "bug_feedback": [{"karma": -1, "comment_id": 3158516, "bug_id": 2181444, "bug": {"bug_id": 2181444, "title": "pyOpenSSL-23.2.0 is available", "security": false, "parent": false}}], "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been obsoleted.", "timestamp": "2023-08-14 13:14:25", "update_id": 537962, "user_id": 91, "id": 3158517, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "pyOpenSSL-23.2.0-1.fc38", "signed": true, "release_id": 66, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 2181444, "title": "pyOpenSSL-23.2.0 is available", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 3156275, "bug_id": 2181444, "comment": {"karma": -1, "karma_critpath": 0, "text": "The test failures are because there doesn't seem to be a python-cryptography version in F38 that can allow this be installed:\n\n    Error: \n     Problem: cannot install the best update candidate for package python3-pyOpenSSL-21.0.0-4.fc37.noarch\n      - nothing provides ((python3.11dist(cryptography) < 40 or python3.11dist(cryptography) > 40) with (python3.11dist(cryptography) < 40.0.1 or python3.11dist(cryptography) > 40.0.1) with python3.11dist(cryptography) < 42~~ with python3.11dist(cryptography) >= 38) needed by python3-pyOpenSSL-23.2.0-1.fc38.noarch from @commandline\n\nHowever, more importantly, I think this update clearly goes against the [updates policy](https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#stable-releases):\n\n\"As a result, we should avoid major updates of packages within a stable release. Updates should aim to fix bugs, and not introduce features, particularly when those features would materially affect the user or developer experience. The update rate for any given release should drop off over time, approaching zero near release end-of-life; since updates are primarily bugfixes, fewer and fewer should be needed over time.\"\n\nThis is a major version update with several backwards-incompatible changes compared to the current version in F38, which is 21.0.0. Per [the upstream changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst), since 21.0.0, the package has \"Remove[d] support for SSLv2 and SSLv3\", \"The OpenSSL.crypto.X509StoreContextError exception has been refactored, changing its internal attributes\", and \"Removed X509StoreFlags.NOTIFY_POLICY\" (as well as some new deprecations). These do not seem like changes that ought to go into a stable release without substantial justification; the justification for this update is only \"it's a new version!\" The \"XXX is available\" bugs are meant to prompt you to update the package in Rawhide (and maybe Branched), not in stable releases.", "timestamp": "2023-08-11 23:57:37", "update_id": 537962, "user_id": 302, "id": 3156275, "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}, {"karma": 0, "comment_id": 3156276, "bug_id": 2181444, "comment": {"karma": 0, "karma_critpath": 0, "text": "The current python-cryptography in F38 is 37.0.2; this update would require it to be bumped to at least 38, which would be another major version change.", "timestamp": "2023-08-12 00:00:42", "update_id": 537962, "user_id": 302, "id": 3156276, "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}, {"karma": -1, "comment_id": 3157453, "bug_id": 2181444, "comment": {"karma": -1, "karma_critpath": 0, "text": "Broken dependencies", "timestamp": "2023-08-13 16:51:52", "update_id": 537962, "user_id": 96, "id": 3157453, "testcase_feedback": [], "user": {"name": "pbrobinson", "email": "pbrobinson@gmail.com", "id": 96, "avatar": "https://seccdn.libravatar.org/avatar/3bac3f1833b19f5b5e62e166d64737430603201d1513dcc33a8c147d702a2e7d?s=24&d=retro", "openid": "pbrobinson.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "bodhiadmin"}, {"name": "sysadmin-main"}, {"name": "releng-team"}, {"name": "fedora-s390"}, {"name": "gitfedora-arm-installer"}, {"name": "gitspin-kickstarts"}, {"name": "fedorabugs"}, {"name": "fedora-ppc"}, {"name": "alt-sugar"}, {"name": "torrentadmin"}, {"name": "sysadmin-cvs"}, {"name": "gitfedora-wiki"}, {"name": "sysadmin-releng"}, {"name": "aarch64"}, {"name": "sysadmin"}, {"name": "signed_fpca"}, {"name": "fedora-arm"}, {"name": "sysadmin-secondary"}, {"name": "iot"}, {"name": "ipausers"}, {"name": "arm-qa"}, {"name": "fedora-contributor"}, {"name": "gitpungi"}, {"name": "cvsadmin"}]}}}, {"karma": -1, "comment_id": 3158516, "bug_id": 2181444, "comment": {"karma": -1, "karma_critpath": 0, "text": "Same broken dependencies problem here:     \n\n\n        Problema: n\u00e3o \u00e9 poss\u00edvel instalar o melhor candidato \u00e0 atualiza\u00e7\u00e3o para o pacote python3-pyOpenSSL-21.0.0-4.fc37.noarch      \n        - nothing provides ((python3.11dist(cryptography) < 40 or python3.11dist(cryptography) > 40) with (python3.11dist(cryptography) < 40.0.1 or python3.11dist(cryptography) > 40.0.1) with python3.11dist(cryptography) < 42~~ with python3.11dist(cryptography) >= 38) needed by python3-pyOpenSSL-23.2.0-1.fc38.noarch from updates-testing\n", "timestamp": "2023-08-14 13:14:24", "update_id": 537962, "user_id": 5881, "id": 3158516, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}}]}], "updateid": "FEDORA-2023-6fc894ef59", "karma": -3, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}