cryptography min version (non-rust) through 2024.1
Corey Bryant
corey.bryant at canonical.com
Tue Mar 7 16:19:26 UTC 2023
Hi All,
As you probably know, recent versions of cryptography have hard
dependencies on rust. Are there any community plans to continue supporting
a minimum (non-rust) version of cryptography until a specific release?
The concern I have downstream in Ubuntu is that we need to continue being
compatible with cryptography 3.4.8 through openstack 2024.1. This is
because all releases through 2024.1 will be backported to the ubuntu 22.04
cloud archives which will use cryptography 3.4.8. Once we get to 2024.2, we
will be backporting to 24.04 cloud archives, which will have the new
rust-based versions of cryptography.
The current upper-constraint for cryptography is 38.0.2, but the various
requirements.txt min versions are much lower (e.g. keystone has
cryptography>=2.7). This is likely to lead to patches landing with features
that are only in 38.0.2, so it will likely be difficult to enforce min
version support. But perhaps a stance toward maintaining compatibility
could be established.
Thoughts?
Corey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230307/fd3ac614/attachment.htm>
More information about the openstack-discuss
mailing list