<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 8, 2017 at 1:03 PM, Matthew Thode <span dir="ltr"><<a href="mailto:prometheanfire@gentoo.org" target="_blank">prometheanfire@gentoo.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">So, pycrypto upstream is dead and has been for a while, we should look<br>
at moving off of it for both bugfix and security reasons.<br>
<br>
Currently it's used by the following.<br>
<br>
barbican, cinder, trove, glance, heat, keystoneauth, keystonemiddleware,<br>
kolla, openstack-ansible, and a couple of other smaller places.<br>
<br></blockquote><div><br></div><div>keystoneauth didn't actually use pycrypto even though it was in test-requirements.txt, so I posted a change to remove it: <a href="https://review.openstack.org/#/c/443318/">https://review.openstack.org/#/c/443318/</a></div><div><br></div><div> - Brant</div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Development of it was forked into pycryptodome, which is supposed to be<br>
a drop in replacement.  The problem is that due to co-installability<br>
requirements we can't have half of packages out there using pycrypto and<br>
the other half using pycryptodome.  We'd need to hard switch everyone as<br>
both packages install into the same namespace.<br>
<br>
Another alternative would be to use something like cryptography instead,<br>
though it is not a drop in replacement, the migration would be able to<br>
be done piecemeal.<br>
<br>
I'd be interested in hearing about migration plans, especially from the<br>
affected projects.<br>
<span class="gmail-HOEnZb"><font color="#888888"><br>
--<br>
Matthew Thode (prometheanfire)<br>
<br>
</font></span><br>______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.<wbr>openstack.org?subject:<wbr>unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">- Brant<br></div></div>
</div></div>