[openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...
douglas.mendizabal at RACKSPACE.COM
Wed Mar 8 19:32:43 UTC 2017
One of my goals for Barbican for this cycle is to migrate our code to use pyca/cryptography exclusively. We currently depend on both because at one point we needed things that were not available in early releases of cryptography.
- Douglas Mendizábal (redrobot)
> On Mar 8, 2017, at 1:11 PM, Davanum Srinivas <davanum at gmail.com> wrote:
> Please see the last time i took inventory:
> On Wed, Mar 8, 2017 at 2:03 PM, Matthew Thode <prometheanfire at gentoo.org> wrote:
>> So, pycrypto upstream is dead and has been for a while, we should look
>> at moving off of it for both bugfix and security reasons.
>> Currently it's used by the following.
>> barbican, cinder, trove, glance, heat, keystoneauth, keystonemiddleware,
>> kolla, openstack-ansible, and a couple of other smaller places.
>> Development of it was forked into pycryptodome, which is supposed to be
>> a drop in replacement. The problem is that due to co-installability
>> requirements we can't have half of packages out there using pycrypto and
>> the other half using pycryptodome. We'd need to hard switch everyone as
>> both packages install into the same namespace.
>> Another alternative would be to use something like cryptography instead,
>> though it is not a drop in replacement, the migration would be able to
>> be done piecemeal.
>> I'd be interested in hearing about migration plans, especially from the
>> affected projects.
>> Matthew Thode (prometheanfire)
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> Davanum Srinivas :: https://twitter.com/dims
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
More information about the OpenStack-dev