Certbot 2.0 beta announcement text
alexzorin opened this issue · comments
To be posted on the community forums.
Questions:
- Duration 1 month?
- What happens to people who upgrade to the 2.0 beta and forget to go back to stable after the beta is over? Can we publish a final beta snap that has a scary
logger.warning
in the entrypoint to tell people to get off the beta release?- Both logging and auto transition to stable
- What of DNS plugins? We have published
beta
versions of them, but we'd have to get users to refresh all their DNS plugins. I don't think it's technically necessary, is it? We didn't break anything in the plugins interface, other thanzope
removal. The1.31.0
plugins seem to work against2.0.0.dev0
Certbot`- Don't worry about DNS plugins.
The Certbot 2.0 beta is now available from the snap beta
channel.
As a reminder, Certbot will default to issuing ECDSA certificates from this release. Read more about this and other changes here.
We intend to run this beta for at least one month to provide the opportunity for feedback and bug reporting.
To opt in to the Certbot beta program:
sudo snap install --classic --beta certbot
To opt in to the Certbot beta program if you already have the Certbot snap installed:
sudo snap refresh --beta certbot
Please remember to opt out of the beta program once 2.0 is released, or you will automatically be opted in to future beta releases. To opt out:
sudo snap refresh --stable certbot
Switching between versions should not cause any compatibility issues.
If you would like to test the Certbot 2.0 without using snap beta program, install from source via the 2.0.x
branch.
Please provide any feedback on this release via the issue tracker or these forums.
Based on the snapcraft documentation, we are unsure what exactly will happen to our
Certbot 2.0 beta users when we close the beta
channel and then re-open it in future
(e.g. for Certbot 3.0).
To test this, I have created a channel-refresh-test
snap. Initially, I have published:
0.19.0-4-g5d52c15
to thestable
channel0.33.0.beta
to thebeta
channel.
From here I can install stable
and then upgrade to the beta
✅:
# snap install channel-refresh-test --stable
channel-refresh-test 0.19.0-4-g5d52c15 from Alex Zorin (i-alez-o) installed
# snap refresh --beta channel-refresh-test
channel-refresh-test (beta) 0.33.0.beta from Alex Zorin (i-alez-o) refreshed
If I close the beta
channel:
and refresh, it refreshes to the stable
channel ✅:
# snap refresh
channel-refresh-test 0.19.0-4-g5d52c15 from Alex Zorin (i-alez-o) refreshed
Channel latest/beta for channel-refresh-test is closed; temporarily forwarding to latest/stable.
If I then publish an even newer release to the beta
channel:
and refresh, it goes back to the beta
again ❌:
# snap refresh
channel-refresh-test (beta) 0.66.0.beta from Alex Zorin (i-alez-o) refreshed
Sad face. It seems that this may be by design:
People wouldn’t be able to follow a beta channel permanently, although they explicitly requested that
Given that the few users who will enroll into the beta
are those who read the forum posts, what if we were just very explicit in the communication above and also in the 2.0 stable CHANGELOG, that you must remember to refresh back to the stable
channel? The risk doesn't seem terribly high from that perspective.
I agree with the solution of being very explicit in the communication. Additionally, we could reframe it as "opting into our beta program" rather than "opting into the 2.0 beta" -- this way, the same set of users would also get potential 3.0 updates.
Since you have the testing already set up -- what happens if after we close the beta channel, users then manually switch to stable (even though they're already now on it in practice)? Hopefully at least then those users won't be flipped to a future beta.
what happens if after we close the beta channel, users then manually switch to stable (even though they're already now on it in practice)?
Thankfully, it stays on stable
.
It looks like snap refresh --[beta,stable]
persistently changes which channel is being tracked, regardless of what channel is currently being tracked.
Additionally, we could reframe it as "opting into our beta program" rather than "opting into the 2.0 beta"
Good idea. I've updated the original post.
If anybody wants to 👍 the updated wording, I'm happy to make the post, or anybody else can feel free since it'll be Saturday for me.
This plan and the updated wording sounds good to me! I propose we wait until the beginning of next week though so we're not making a significant announcement on a Friday and other people have a chance to chime in on the wording if they like.
When the post is made on the community forum, I think we should pin it to increase visibility.
I was just writing final warnings to 4 third-party DNS plugins available via snap that still reference the old zope
interfaces:
# certbot plugins
An unexpected error occurred:
AttributeError: module 'certbot.interfaces' has no attribute 'IAuthenticator'
... and realized that the DNS plugins won't automatically change to the beta
channel. I've added another question to the original post for discussion.
Good question. I think we're OK. There aren't any breaking changes in our DNS plugins for our 2.0 release that we want to test and our DNS plugins from the stable channel should work with the Certbot 2.0 beta snap.
All good to post?
Posting has a +1 from me. I think you should feel free to post it if you want.
Done, globally pinned until next Monday.