[openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

Brant Knudson blk at acm.org
Wed Mar 8 22:36:16 UTC 2017

On Wed, Mar 8, 2017 at 1:03 PM, Matthew Thode <prometheanfire at gentoo.org>

> So, pycrypto upstream is dead and has been for a while, we should look
> at moving off of it for both bugfix and security reasons.
> Currently it's used by the following.
> barbican, cinder, trove, glance, heat, keystoneauth, keystonemiddleware,
> kolla, openstack-ansible, and a couple of other smaller places.
keystoneauth didn't actually use pycrypto even though it was in
test-requirements.txt, so I posted a change to remove it:

 - Brant

> Development of it was forked into pycryptodome, which is supposed to be
> a drop in replacement.  The problem is that due to co-installability
> requirements we can't have half of packages out there using pycrypto and
> the other half using pycryptodome.  We'd need to hard switch everyone as
> both packages install into the same namespace.
> Another alternative would be to use something like cryptography instead,
> though it is not a drop in replacement, the migration would be able to
> be done piecemeal.
> I'd be interested in hearing about migration plans, especially from the
> affected projects.
> --
> Matthew Thode (prometheanfire)
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

- Brant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170308/eeade600/attachment.html>

More information about the OpenStack-dev mailing list