
<div dir="ltr"><div><div style="text-decoration-style:initial;text-decoration-color:initial">Hi, Matthew</div><div style="text-decoration-style:initial;text-decoration-color:initial"><br></div><span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Solum removed pycryto dependency in [0]</span><div style="text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="text-decoration-style:initial;text-decoration-color:initial">[0]: <a href="https://review.openstack.org/#/c/574244/">https://review.openstack.org/#/c/574244/</a><br clear="all"><div><br></div>--<span> </span><br><div dir="ltr" class="gmail_signature">Thanks,<br>Rong Zhu</div></div><br></div><br><br><div class="gmail_quote"><div dir="ltr">On Tue, Jun 5, 2018 at 3:07 AM Matthew Thode <<a href="mailto:prometheanfire@gentoo.org">prometheanfire@gentoo.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 18-05-13 12:22:06, Matthew Thode wrote:<br>


> This is a reminder to the projects called out that they are using old,<br>


> unmaintained and probably insecure libraries (it's been dead since<br>


> 2014).  Please migrate off to use the cryptography library.  We'd like<br>


> to drop pycrypto from requirements for rocky.<br>


> <br>


> See also, the bug, which has most of you cc'd already.<br>


> <br>


> <a href="https://bugs.launchpad.net/openstack-requirements/+bug/1749574" rel="noreferrer" target="_blank">https://bugs.launchpad.net/openstack-requirements/+bug/1749574</a><br>


> <br>


<br>


+----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+<br>


| Repository                             | Filename                                                            | Line | Text                                              |<br>


+----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+<br>


| daisycloud-core                        | code/daisy/requirements.txt                                         |   17 | pycrypto>=2.6 # Public Domain                     |<br>


| freezer                                | requirements.txt                                                    |   21 | pycrypto>=2.6 # Public Domain                     |<br>


| fuel-dev-tools                         | contrib/fuel-setup/requirements.txt                                 |    5 | pycrypto==2.6.1                                   |<br>


| fuel-web                               | nailgun/requirements.txt                                            |   24 | pycrypto>=2.6.1                                   |<br>


| solum                                  | requirements.txt                                                    |   24 | pycrypto # Public Domain                          |<br>


| tatu                                   | requirements.txt                                                    |    7 | pycrypto>=2.6.1                                   |<br>


| tatu                                   | test-requirements.txt                                               |    7 | pycrypto>=2.6.1                                   |<br>


| trove                                  | integration/scripts/files/requirements/fedora-requirements.txt      |   30 | pycrypto>=2.6  # Public Domain                    |<br>


| trove                                  | integration/scripts/files/requirements/ubuntu-requirements.txt      |   29 | pycrypto>=2.6  # Public Domain                    |<br>


| trove                                  | requirements.txt                                                    |   47 | pycrypto>=2.6 # Public Domain                     |<br>


+----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+<br>


<br>


In order by name, notes follow.<br>


<br>


daisycloud-core - looks like AES / random functions are used<br>


freezer         - looks like AES / random functions are used<br>


solum           - looks like AES / RSA functions are used<br>


trove           - has a review!!! <a href="https://review.openstack.org/#/c/560292/" rel="noreferrer" target="_blank">https://review.openstack.org/#/c/560292/</a><br>


<br>


The following projects are not tracked so we won't wait on them.<br>


fuel-dev-tools, fuel-web, tatu<br>


<br>


so it looks like progress is being made, so we have that going for us,<br>


which is nice.  What can I do to help move this forward?<br>


<br>


-- <br>


Matthew Thode (prometheanfire)<br>


__________________________________________________________________________<br>


OpenStack Development Mailing List (not for usage questions)<br>


Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>


<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>


</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Thanks,<br>Rong Zhu</div></div>