Aaron Gable

This flag is no longer referenced by any code.

`SA.NewAuthorizations2` is still used by ra_test.go, but not by any production codepaths.

We've recently seen that some of our goroutine charts were incorrect, and were not showing runaway goroutine growth when they should have been. Do we believe that may have been...

We have three of these metrics already: * If we don't find the cert status in the db: https://github.com/letsencrypt/boulder/blob/b5b5033136427c988e20ca11f1f7471563f90616/ocsp/responder/db_source.go#L50-L55 * If the cert is expired: https://github.com/letsencrypt/boulder/blob/b5b5033136427c988e20ca11f1f7471563f90616/ocsp/responder/db_source.go#L62-L65 * If the cert...

> 3. "But today, the following sequence of events is possible". Wasn't that solved by invalidating all the authorizations, or did I dream that happened? If that didn't happen, wouldn't...

I believe all necessary feature flags have been added: * Stages 1, 2, and 3 added by @jsha * Stage 4 (disabling ocsp-updater) does not require a feature flag *...

Update: we already check the public suffix list when ingesting email addresses, so we should stop checking it when sending mail (we expect the undeliverable rate to remain low, and...

This patch version update does not touch any of the files we actually rely on (the only vendored file change is just a version number, no actual code or bug...

One note on the proposed method here: a lot of the CPU-intensive operations that the responder does (parsing response, hashing issuer names, comparing things) are actually done by the OcspFilter,...

I'd propose combining all of the addresses fields into just "addressesTried" (one element if no fallback, two if there was fallback), and "addressesResolved" (only populated if there were additional entries...