[openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...
Brant Knudson
blk at acm.org
Wed Mar 8 22:36:16 UTC 2017
On Wed, Mar 8, 2017 at 1:03 PM, Matthew Thode <prometheanfire at gentoo.org>
wrote:
> So, pycrypto upstream is dead and has been for a while, we should look
> at moving off of it for both bugfix and security reasons.
>
> Currently it's used by the following.
>
> barbican, cinder, trove, glance, heat, keystoneauth, keystonemiddleware,
> kolla, openstack-ansible, and a couple of other smaller places.
>
>
keystoneauth didn't actually use pycrypto even though it was in
test-requirements.txt, so I posted a change to remove it:
https://review.openstack.org/#/c/443318/
- Brant
> Development of it was forked into pycryptodome, which is supposed to be
> a drop in replacement. The problem is that due to co-installability
> requirements we can't have half of packages out there using pycrypto and
> the other half using pycryptodome. We'd need to hard switch everyone as
> both packages install into the same namespace.
>
> Another alternative would be to use something like cryptography instead,
> though it is not a drop in replacement, the migration would be able to
> be done piecemeal.
>
> I'd be interested in hearing about migration plans, especially from the
> affected projects.
>
> --
> Matthew Thode (prometheanfire)
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
- Brant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170308/eeade600/attachment.html>
More information about the OpenStack-dev
mailing list