[openstack-dev] [requirements][barbican][daisycloud][freezer][fuel][heat][pyghmi][rpm-packaging][solum][tatu][trove] pycrypto is dead and insecure, you should migrate

Matthew Thode prometheanfire at gentoo.org
Sun May 13 17:22:06 UTC 2018 

This is a reminder to the projects called out that they are using old,
unmaintained and probably insecure libraries (it's been dead since
2014).  Please migrate off to use the cryptography library.  We'd like
to drop pycrypto from requirements for rocky.

See also, the bug, which has most of you cc'd already.

https://bugs.launchpad.net/openstack-requirements/+bug/1749574

+----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
| Repository                             | Filename                                                            | Line | Text                                              |
+----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
| barbican                               | requirements.txt                                                    |   25 | pycrypto>=2.6 # Public Domain                     |
| daisycloud-core                        | code/daisy/requirements.txt                                         |   17 | pycrypto>=2.6 # Public Domain                     |
| freezer                                | requirements.txt                                                    |   21 | pycrypto>=2.6 # Public Domain                     |
| fuel-web                               | nailgun/requirements.txt                                            |   24 | pycrypto>=2.6.1                                   |
| heat-cfnclient                         | requirements.txt                                                    |    2 | PyCrypto>=2.1.0                                   |
| pyghmi                                 | requirements.txt                                                    |    1 | pycrypto>=2.6                                     |
| rpm-packaging                          | requirements.txt                                                    |  189 | pycrypto>=2.6  # Public Domain                    |
| solum                                  | requirements.txt                                                    |   24 | pycrypto>=2.6 # Public Domain                     |
| tatu                                   | requirements.txt                                                    |    7 | pycrypto>=2.6.1                                   |
| tatu                                   | test-requirements.txt                                               |    7 | pycrypto>=2.6.1                                   |
| trove                                  | integration/scripts/files/requirements/fedora-requirements.txt      |   30 | pycrypto>=2.6  # Public Domain                    |
| trove                                  | integration/scripts/files/requirements/ubuntu-requirements.txt      |   29 | pycrypto>=2.6  # Public Domain                    |
| trove                                  | requirements.txt                                                    |   47 | pycrypto>=2.6 # Public Domain                     |
+----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+

-- 
Matthew Thode (prometheanfire)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180513/374aa4f2/attachment.sig>

More information about the OpenStack-dev mailing list