On 12/02/2025 02:08, Sean Mooney wrote:
On 11/02/2025 13:35, Thierry Carrez wrote:
Hi everyone,
It was brought to my attention that the croniter maintainer has decided to abandon his project, due to not wanting to deal with his perceived exposure to the EU Cyber-Resilience act (CRA).
https://pypi.org/project/croniter/#disclaimer
The maintainer indicates that you should no longer use it and it may be "unpublished" any time after March 15, 2025. Croniter is being used in at least Mistral, Heat, Watcher, and Aodh as a dependency.
While this is clearly an overreaction (the CRA only applies to "economic operators" putting "products with digital elements" on the market "in the course of a commercial activity"), we should probably prepare to migrate away from this dependency, or maintain a fork of it.
thanks for highlighting this.
i have added to the https://etherpad.opendev.org/p/openstack-watcher-irc-meeting ether pad under the possible PTG topics section as part of tech debt reduction.
for 2025.1 it is proably too late to remove this dep but ill try and find time to review exactly how its used.
i belive it only use for the continuous audit to define effectively the execution schedule so it may be something we can remove or replace without a large
impact but i have not looked at it closely.
we had to make a trivial test only fix in novmeber https://github.com/openstack/watcher/commit/fbb290b2238e9e72054892e9ae6108a8...
when it was last bump in the requirement file but we did not really reflect on its usage beyond that.
ill bring it up in the next irc meeting too for visablity
by the way zuul has had a cronlike timer tirgger for a very long time. zuul delegate this to the |apschedulerlib which watcher is already using |https://opendev.org/zuul/zuul/src/branch/master/zuul/driver/timer/crontrigge... quickly checking the watcher usage, we are just using it to calculate when the job should run next https://github.com/openstack/watcher/blob/master/watcher/decision_engine/aud... so we might just take a leaf out of zuul book adn see if we can leverage |apscheduler.triggers.cronto replace croniter at least in the short term. | |there implemtion appares to be mostly freestanding https://github.com/agronholm/apscheduler/tree/3.x/src/apscheduler/triggers/c... although it may not be exactly 1:1 compatible with ||croniter | |it does seam to have a ||from_crontab fucntion that returns a ||CronTrigger obejct when given a chron expression https://apscheduler.readthedocs.io/en/3.x/modules/triggers/cron.html#apsched... and based on the test code it looks promising https://github.com/agronholm/apscheduler/blob/master/tests/triggers/test_cro... | |so for any project that already has apscheduler as a dep that might be a good option. one word or warning, apscheduler is currently working on a majory 4.x release like the Sqlachmy to 2.0 change this will require a lot of work for projects to support. so i would not advise adding it as a dependency if its not already used. | |https://pypi.org/project/python-crontab/ would be another options its LGPL v3 which i belive is apche2 compatible however its not currently un global/upper constraits so it needs to be reviewed before any project starts using it. | |regards| |sean. | | |