certspotter (0.18.0-1ubuntu0.24.04.1) noble-security; urgency=medium

  * No change rebuild due to golang-1.21 update

 -- Nishit Majithia <nishit.majithia@canonical.com>  Mon, 15 Jul 2024 11:45:46 +0530

certspotter (0.18.0-1) unstable; urgency=medium

  * New upstream release.

 -- Faidon Liambotis <paravoid@debian.org>  Fri, 17 Nov 2023 18:00:34 +0200

certspotter (0.17.0-1) unstable; urgency=medium

  * New upstream release.
    - Drop build-dep on golang-golang-x-exp-dev, dropped upstream.

 -- Faidon Liambotis <paravoid@debian.org>  Fri, 27 Oct 2023 17:39:41 +0300

certspotter (0.16.0-1) unstable; urgency=medium

  * New upstream release.
    - Bugfix release targeted for bookworm (upstream #69).
    - Restores email functionality through /etc/certspotter/email_recipients.
  * Remove /usr/libexec/certspotter-script, as the "hooks.d" functionality was
    implemented natively by upstream.

 -- Faidon Liambotis <paravoid@debian.org>  Sat, 25 Feb 2023 02:13:53 +0200

certspotter (0.15.1-1) unstable; urgency=medium

  * New upstream release.
    - Drop patch -Xmain.Version patch, merged upstream.
    - No other upstream changes.

 -- Faidon Liambotis <paravoid@debian.org>  Tue, 14 Feb 2023 17:08:50 +0200

certspotter (0.15.0-1) unstable; urgency=medium

  * New upstream release.
    - certspotter is now a daemon; drop the systemd timer.
    - The experimental -script interface has been reworked, and different
      variables are now present. Notably, this resolves some security
      considerations, as described by upstream in upstream issue #63.
    - Upstream changes broke --version in the Debian package, so add upstream
      patch to allow debian/rules to set the version through Go's ldflags.
    - Remove debian/man, as the manpages are now merged upstream.
  * Add new build dependencies golang-golang-x-exp-dev and
    golang-golang-x-sync-dev as required by the new upstream release.
  * Bump Standards-Version to 4.6.2, no changes needed.

 -- Faidon Liambotis <paravoid@debian.org>  Thu, 09 Feb 2023 15:28:24 +0200

certspotter (0.14.0-1) unstable; urgency=medium

  * New upstream release.
    - Drop Build-Depends on golang-github-mreiferson-go-httpclient-dev, as
      this has been dropped upstream.
    - Update d/control with adjusted upstream description.
  * Restore uscan functionality, by updating d/watch to track upstream tags,
    rather than GitHub releases, which are seemingly non-existent.
  * Golang packaging updates:
    - Switch Build-Depends from dh-golang to dh-sequence-golang.
    - Switch from Built-Using to the newer Static-Built-Using.
  * Add a dependency on ca-certificates, necessary because all CT logs are
    accessible (only) over HTTPS.
  * Add certspotter(8) and certspotter-script(8) manpages, based on existing
    documentation in README, --help, as well as some amount of own work,
    through looking at the code. Written in Markdown, and converted using
    lowdown (a new build dependency), unless the "nodoc" profile or build
    option is configured.
  * Provide a better out of the box experience for certspotter, by shipping a
    systemd service and timer. This includes:
    - Adding a new system user and group, _certspotter, through
      sysusers.d.
    - Placing certspotter configuration files in LSB locations, namely
      /etc/certspotter and /var/cache/certspotter.
    - Creating a new /usr/libexec/certspotter-script helper, which calls
      run-parts on /etc/certspotter/hooks.d, as to be able to provide a
      polished way for users to run scripts. (Especially given systemd
      timers, unlike cron, do not email by default).
    - Provisioning a fairly contained (but not too-contained) systemd
      service, and a timer to run certspotter on an hourly basis.
    - Documenting some of the gotchas in README files and comments on the
      watchlist, and taking special care as to NOT enable the service unless
      the user has explicitly configured domains to be monitored.
  * Drop the submitct binary from the package. It's undocumented in both
    documentation and in its --help, and only potentially useful in certain
    niche application, none of which I'm aware. If this is useful to anyone,
    please file a bug report so that we can document it and ship it again.
  * Switch to the "net" Section, as it is more appropriate than "devel".
  * Add a couple of autopkgtests: one superficial and offline, just to ensure
    the binary runs, and another that is online and tests against the
    production CT logs.
  * Bump Standards-Version to 4.6.1, no further changes needed.

 -- Faidon Liambotis <paravoid@debian.org>  Sun, 08 Jan 2023 19:38:06 +0200

certspotter (0.10-1) unstable; urgency=medium

  * New upstream release.
    - Drop patch remove-symantec, fixed upstream.
  * Build with hardening flags.
  * Add Rules-Requires-Root: no to build without (fake)root.
  * Set debhelper-compat version in Build-Depends.
  * Bump debhelper compatibility version to 13.
  * Bump Standards-Version to 4.5.1.
  * Bump watch file to version 4.
  * Set upstream metadata fields.

 -- Faidon Liambotis <paravoid@debian.org>  Sun, 10 Jan 2021 03:23:16 +0200

certspotter (0.9-2) unstable; urgency=medium

  * Team upload.

  [ Stephen Gelman ]
  * Add upstream patch to remove Symantec CT log servers (Closes: #912146)

  [ Jelmer Vernooĳ ]
  * Use secure copyright file specification URI.

 -- Stephen Gelman <ssgelm@debian.org>  Mon, 29 Oct 2018 11:44:04 -0500

certspotter (0.9-1) unstable; urgency=medium

  [ Faidon Liambotis ]
  * New upstream release. (Closes: #900056)
  * Bump Standards-Version to 4.1.4, no changes needed.

  [ Alexandre Viau ]
  * Point Vcs-* urls to salsa.debian.org.

 -- Faidon Liambotis <paravoid@debian.org>  Sat, 26 May 2018 18:42:11 +0300

certspotter (0.8-1) unstable; urgency=medium

  * New upstream release.
  * Bump Standards-Version to 4.1.2, no changes needed.
  * Adjust long description to make it less advertising-like.
    Thanks to Chris Lamb for the suggestion.

 -- Faidon Liambotis <paravoid@debian.org>  Wed, 27 Dec 2017 01:51:13 +0200

certspotter (0.5-1) unstable; urgency=medium

  * New upstream release.
  * Bump Standards-Version to 4.0.0, no changes needed.

 -- Faidon Liambotis <paravoid@debian.org>  Mon, 19 Jun 2017 18:27:55 +0300

certspotter (0.3-1) unstable; urgency=medium

  * Initial release (Closes: #851940)

 -- Faidon Liambotis <paravoid@debian.org>  Tue, 21 Feb 2017 04:29:53 +0200
