We just released a new base image with support for TLS 1.3 .
Users will need to rebuild from the command line to get this new feature. We also packed a few dependencies update, moved from Ubuntu 16.04 to Debian Buster and updated our SSL cyphers list to match https://ssl-config.mozilla.org/ intermediate config and updated to Ruby 2.6.4.
Due to all that we will make the command line rebuild mandatory later this week.
Just curious, what was the motivation for moving from Ubuntu to Debian?
The sysadmins prefer it for … reasons, and our new hosting infra (almost totally switched over) is Debian based. Ubuntu is based on Debian upstream so in a sense this is moving closer to the source. One nice thing is that it is relatively modern, Debian is incredibly conservative, but we timed it nicely as Buster just came out a month or two ago.
How would this change affect self hosted instances?
I wouldn’t have expected it to make much difference. On my self-hosted instances I’m running Ubuntu on the server but this is about what’s running inside the Discourse Docker container (which can be anything - many Docker containers use a lightweight OS like
alpine). It won’t affect the server OS.
Yeah, I see your point. I updated my instance couple of hours ago but nothing seems different other than ofcourse SSL version is bumped to 1.3. I thought some kind of upgrade would be needed to the server’s os which isn’t the case.
2 posts were split to a new topic: Using base image without nginx
I really like this change, Debian is, as @codinghorror says a lot closer to source and is known for the stability.
Also, it’s a great thing you had both Ruby and the TLS config updated.
Congrats to all the team.