Comment 2 for bug 1893274

> Could you confirm which Ubuntu releases require this please? Is it all of 16.04, 18.04 and 20.04? Is the version in Ubuntu Groovy (1.7.0-1 currently, not yet released) affected?

Yes, it is all of those, in both universe and universe updates (for 16.04 and 18.04, unless 20.04 now has universe updates that I've missed). It's anything less than 1.6.0. Version 1.7.0 in Groovy already has the patch and should not need to be updated.

> Going forwards, I suggest that the policy we adopt in making a decision on whether to update distribution certbot packaging in Ubuntu should be to prefer cherry-picks if they are reasonably simple to achieve, but permit major version updates when cherry-picks aren't practical to solve an "Internet deprecation".

Honestly, I think this is hard to predict ahead of time. The ACME protocol, having been officially standardized, is certainly more stable now. Now that Certbot has passed 1.0.0, our API is more stable as well; if we plan to change it, we'll bump the major version number. If we were updating packages that were all past 1.0 to some 1.x, I'd certainly be more inclined to just update the whole package. In this situation, that is obviously not the case, and so just applying a single patch makes sense. But I could see that going the other way in a different situation.

Thank you!