The breakage predates you Gianfranco. Not your fault. Python got updated in Jesse right before it released. That python added in https ssl certificate checking for all HTTPSConnection() usage, per the RFC regarding how to check the certificate. The RFC explicitly disallows bucket.with.dot.s3.amazonaws.com DNS names from matching *.s3.amazonaws.com wildcard certificates. But that's exactly what S3 uses. So we had to add a custom certificate checker into v1.5.2 to fix it correctly. We were past freeze for updating packages in jesse at that point, so we couldn't get the fix into the main release. (in Fedora, we can easily issue updates into an updates repo, so I didn't think much about it.; apparently that's harder in Debian to release updates).
On Fri, Jun 12, 2015 at 4:05 PM, Gianfranco Costamagna < costamagnagianfra...@yahoo.it> wrote: > Hi Matt, > > what do you mean by "broke s3cmd"? you mean the current jessie version is > completely unusable? > > I honestly never tried it, my first release (used and packaged) as you > know has been 1.5.2, and I'm using it since some months :) > > If the jessie version is completely broken I need to talk with release > team, we might be able to make 1.5.2 go in jessie p-u (and eventually in > the next point release) > or drop it from the archive completely. > > I would have not released jessie with that package if I had been aware of > its usefulness. > (I would have updated it before if had the need of it, but I just didn't > know about its existance before I had used it :) ) > > > cheers! > > G. > > > Il Venerdì 12 Giugno 2015 19:39, Matt Domsch <m...@domsch.com> ha scritto: > > > > By the time we knew Jesse's python SSL library change (actual cert > validation) broke s3cmd it was too late to update the s3cmd package to a > new enough version to fix it. And no I have not done a 1.5.0~rc1-X that is > really just 1.5.2. But that is what is needed. > On Jun 12, 2015 10:55 AM, "Gianfranco Costamagna" < > costamagnagianfra...@yahoo.it> wrote: > > Control: tags -1 -patch > >thanks > > > >>Not any particular problem, just that the jessie version seems totally > > > >>useless... > > > > > >not for me :) > >this bug affects only part of people, not all of them ;) > > > > > >Anyway, the backport is still useful for people who want to try new > features, and > >if you really want jessie to be fixed, you are encouraged to download the > source and make the patch apply there > > > > > > > >I fully agree, but I do not have time to look at it right now :( > > > >I'll be happy to ask an spu and upload the package if a patch is provided! > > > >cheers, > > > >G. > > > > >
