[openstack-dev] [requirements][daisycloud][freezer][fuel][solum][tatu][trove] pycrypto is dead and insecure, you should migrate part 2
Shake Chen
shake.chen at gmail.com
Mon Jun 11 05:25:19 UTC 2018
These project seem dies.
On Mon, Jun 11, 2018 at 5:48 AM, Matthew Thode <prometheanfire at gentoo.org>
wrote:
> On 18-06-04 14:06:24, Matthew Thode wrote:
> > On 18-05-13 12:22:06, Matthew Thode wrote:
> > > This is a reminder to the projects called out that they are using old,
> > > unmaintained and probably insecure libraries (it's been dead since
> > > 2014). Please migrate off to use the cryptography library. We'd like
> > > to drop pycrypto from requirements for rocky.
> > >
> > > See also, the bug, which has most of you cc'd already.
> > >
> > > https://bugs.launchpad.net/openstack-requirements/+bug/1749574
> > >
> >
> > +----------------------------------------+------------------
> ---------------------------------------------------+------+-
> --------------------------------------------------+
> > | Repository | Filename
> | Line | Text
> |
> > +----------------------------------------+------------------
> ---------------------------------------------------+------+-
> --------------------------------------------------+
> > | daisycloud-core | code/daisy/requirements.txt
> | 17 | pycrypto>=2.6 # Public
> Domain |
> > | freezer | requirements.txt
> | 21 | pycrypto>=2.6 # Public
> Domain |
> > | fuel-dev-tools | contrib/fuel-setup/requirements.txt
> | 5 | pycrypto==2.6.1
> |
> > | fuel-web | nailgun/requirements.txt
> | 24 | pycrypto>=2.6.1
> |
> > | solum | requirements.txt
> | 24 | pycrypto # Public Domain
> |
> > | tatu | requirements.txt
> | 7 | pycrypto>=2.6.1
> |
> > | tatu | test-requirements.txt
> | 7 | pycrypto>=2.6.1
> |
> > | trove | integration/scripts/files/
> requirements/fedora-requirements.txt | 30 | pycrypto>=2.6 #
> Public Domain |
> > | trove | integration/scripts/files/
> requirements/ubuntu-requirements.txt | 29 | pycrypto>=2.6 #
> Public Domain |
> > | trove | requirements.txt
> | 47 | pycrypto>=2.6 # Public
> Domain |
> > +----------------------------------------+------------------
> ---------------------------------------------------+------+-
> --------------------------------------------------+
> >
> > In order by name, notes follow.
> >
> > daisycloud-core - looks like AES / random functions are used
> > freezer - looks like AES / random functions are used
> > solum - looks like AES / RSA functions are used
> > trove - has a review!!! https://review.openstack.org/#
> /c/560292/
> >
> > The following projects are not tracked so we won't wait on them.
> > fuel-dev-tools, fuel-web, tatu
> >
> > so it looks like progress is being made, so we have that going for us,
> > which is nice. What can I do to help move this forward?
> >
>
> It does not look like the projects (other than trove) are moving forward
> on this.
>
> --
> Matthew Thode (prometheanfire)
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
Shake Chen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180611/0da1539e/attachment.html>
More information about the OpenStack-dev
mailing list