On 11/02/2025 13:35, Thierry Carrez wrote:
Hi everyone,
It was brought to my attention that the croniter maintainer has decided to abandon his project, due to not wanting to deal with his perceived exposure to the EU Cyber-Resilience act (CRA).
https://pypi.org/project/croniter/#disclaimer
The maintainer indicates that you should no longer use it and it may be "unpublished" any time after March 15, 2025. Croniter is being used in at least Mistral, Heat, Watcher, and Aodh as a dependency.
While this is clearly an overreaction (the CRA only applies to "economic operators" putting "products with digital elements" on the market "in the course of a commercial activity"), we should probably prepare to migrate away from this dependency, or maintain a fork of it.
thanks for highlighting this. i have added to the https://etherpad.opendev.org/p/openstack-watcher-irc-meeting ether pad under the possible PTG topics section as part of tech debt reduction. for 2025.1 it is proably too late to remove this dep but ill try and find time to review exactly how its used. i belive it only use for the continuous audit to define effectively the execution schedule so it may be something we can remove or replace without a large impact but i have not looked at it closely. we had to make a trivial test only fix in novmeber https://github.com/openstack/watcher/commit/fbb290b2238e9e72054892e9ae6108a8... when it was last bump in the requirement file but we did not really reflect on its usage beyond that. ill bring it up in the next irc meeting too for visablity