[openstack-dev] [requirements][barbican][daisycloud][freezer][fuel][heat][pyghmi][rpm-packaging][solum][tatu][trove] pycrypto is dead and insecure, you should migrate
Ade Lee
alee at redhat.com
Wed May 16 15:31:43 UTC 2018
Thanks for the reminder. We replaced the pycrypto code in Barbican but
forgot to remove the dependency in requirements.txt. A review has
been added to do this.
https://review.openstack.org/568879
On Sun, 2018-05-13 at 12:22 -0500, Matthew Thode wrote:
> This is a reminder to the projects called out that they are using
> old,
> unmaintained and probably insecure libraries (it's been dead since
> 2014). Please migrate off to use the cryptography library. We'd
> like
> to drop pycrypto from requirements for rocky.
>
> See also, the bug, which has most of you cc'd already.
>
> https://bugs.launchpad.net/openstack-requirements/+bug/1749574
>
> +----------------------------------------+---------------------------
> ------------------------------------------+------+-------------------
> --------------------------------+
> > Repository |
> > Filename
> > | Line | Text |
>
> +----------------------------------------+---------------------------
> ------------------------------------------+------+-------------------
> --------------------------------+
> > barbican |
> > requirements.txt
> > | 25 | pycrypto>=2.6 # Public Domain |
> > daisycloud-core |
> > code/daisy/requirements.txt
> > | 17 | pycrypto>=2.6 # Public Domain |
> > freezer |
> > requirements.txt
> > | 21 | pycrypto>=2.6 # Public Domain |
> > fuel-web |
> > nailgun/requirements.txt
> > | 24 | pycrypto>=2.6.1 |
> > heat-cfnclient |
> > requirements.txt
> > | 2 | PyCrypto>=2.1.0 |
> > pyghmi |
> > requirements.txt
> > | 1 | pycrypto>=2.6 |
> > rpm-packaging |
> > requirements.txt
> > | 189 | pycrypto>=2.6 # Public Domain |
> > solum |
> > requirements.txt
> > | 24 | pycrypto>=2.6 # Public Domain |
> > tatu |
> > requirements.txt
> > | 7 | pycrypto>=2.6.1 |
> > tatu | test-
> > requirements.txt |
> > 7 | pycrypto>=2.6.1 |
> > trove |
> > integration/scripts/files/requirements/fedora-
> > requirements.txt | 30 | pycrypto>=2.6 # Public
> > Domain |
> > trove |
> > integration/scripts/files/requirements/ubuntu-
> > requirements.txt | 29 | pycrypto>=2.6 # Public
> > Domain |
> > trove |
> > requirements.txt
> > | 47 | pycrypto>=2.6 # Public Domain |
>
> +----------------------------------------+---------------------------
> ------------------------------------------+------+-------------------
> --------------------------------+
>
> _____________________________________________________________________
> _____
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubs
> cribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list