[openstack-dev] [requirements][barbican][daisycloud][freezer][fuel][heat][pyghmi][rpm-packaging][solum][tatu][trove] pycrypto is dead and insecure, you should migrate

Javier Pena jpena at redhat.com
Wed May 16 09:53:14 UTC 2018 


----- Original Message -----
> This is a reminder to the projects called out that they are using old,
> unmaintained and probably insecure libraries (it's been dead since
> 2014).  Please migrate off to use the cryptography library.  We'd like
> to drop pycrypto from requirements for rocky.
> 
> See also, the bug, which has most of you cc'd already.
> 
> https://bugs.launchpad.net/openstack-requirements/+bug/1749574
> 

In the rpm-packaging case, the requirements.txt file is not actually a list of requirements for the project, but a copy of the requirements project upper-constraints.txt file (a bit outdated now).

Regards,
Javier


> +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
> | Repository                             | Filename
> | | Line | Text
> | |
> +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
> | barbican                               | requirements.txt
> | |   25 | pycrypto>=2.6
> | # Public Domain                     |
> | daisycloud-core                        | code/daisy/requirements.txt
> | |   17 | pycrypto>=2.6 # Public
> | Domain                     |
> | freezer                                | requirements.txt
> | |   21 | pycrypto>=2.6
> | # Public Domain                     |
> | fuel-web                               | nailgun/requirements.txt
> | |   24 | pycrypto>=2.6.1
> | |
> | heat-cfnclient                         | requirements.txt
> | |    2 |
> | PyCrypto>=2.1.0                                   |
> | pyghmi                                 | requirements.txt
> | |    1 | pycrypto>=2.6
> | |
> | rpm-packaging                          | requirements.txt
> | |  189 | pycrypto>=2.6
> | # Public Domain                    |
> | solum                                  | requirements.txt
> | |   24 | pycrypto>=2.6
> | # Public Domain                     |
> | tatu                                   | requirements.txt
> | |    7 |
> | pycrypto>=2.6.1                                   |
> | tatu                                   | test-requirements.txt
> | |    7 | pycrypto>=2.6.1
> | |
> | trove                                  |
> | integration/scripts/files/requirements/fedora-requirements.txt      |   30
> | | pycrypto>=2.6  # Public Domain                    |
> | trove                                  |
> | integration/scripts/files/requirements/ubuntu-requirements.txt      |   29
> | | pycrypto>=2.6  # Public Domain                    |
> | trove                                  | requirements.txt
> | |   47 | pycrypto>=2.6
> | # Public Domain                     |
> +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
> 
> --
> Matthew Thode (prometheanfire)
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

More information about the OpenStack-dev mailing list