[openstack-dev] [requirements][kolla][security] pycrypto vs cryptography

Steven Dake (stdake) stdake at cisco.com
Sun Nov 6 08:05:51 UTC 2016


Requirements team,

Currently Kolla uses pycrypto in our requirements.  I see a lot of big tent projects moving to cryptography.  Is this just my imagination, or was there a decision on this from the requirements team?  We are happy to comply with whatever dep management is considered appropriate for OpenStack ESPECIALLY as it relates to security and crypto libraries.

I’d just like confirmation if we should move off pycrypto to cryptography, or if these two things offer similar functionality, or if I’m way off base here ☺.

An orthogonal question I have received from one of our community members (Pavo on irc) is whether pycrypto (or if we move to cryptography) provide FIPS-140-2 compliance.

Regards
-steve

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161106/e6dc412d/attachment.html>


More information about the OpenStack-dev mailing list