[openstack-dev] [requirements][daisycloud][freezer][fuel][solum][tatu][trove] pycrypto is dead and insecure, you should migrate part 2
Rong Zhu
aaronzhu1121 at gmail.com
Wed Jun 13 12:53:06 UTC 2018
Hi, Matthew
Solum removed pycryto dependency in [0]
[0]: https://review.openstack.org/#/c/574244/
--
Thanks,
Rong Zhu
On Tue, Jun 5, 2018 at 3:07 AM Matthew Thode <prometheanfire at gentoo.org>
wrote:
> On 18-05-13 12:22:06, Matthew Thode wrote:
> > This is a reminder to the projects called out that they are using old,
> > unmaintained and probably insecure libraries (it's been dead since
> > 2014). Please migrate off to use the cryptography library. We'd like
> > to drop pycrypto from requirements for rocky.
> >
> > See also, the bug, which has most of you cc'd already.
> >
> > https://bugs.launchpad.net/openstack-requirements/+bug/1749574
> >
>
>
> +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
> | Repository | Filename
> | Line | Text
> |
>
> +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
> | daisycloud-core | code/daisy/requirements.txt
> | 17 | pycrypto>=2.6 # Public
> Domain |
> | freezer | requirements.txt
> | 21 | pycrypto>=2.6 # Public Domain
> |
> | fuel-dev-tools |
> contrib/fuel-setup/requirements.txt | 5
> | pycrypto==2.6.1 |
> | fuel-web | nailgun/requirements.txt
> | 24 | pycrypto>=2.6.1
> |
> | solum | requirements.txt
> | 24 | pycrypto # Public Domain
> |
> | tatu | requirements.txt
> | 7 | pycrypto>=2.6.1
> |
> | tatu | test-requirements.txt
> | 7 | pycrypto>=2.6.1
> |
> | trove |
> integration/scripts/files/requirements/fedora-requirements.txt | 30
> | pycrypto>=2.6 # Public Domain |
> | trove |
> integration/scripts/files/requirements/ubuntu-requirements.txt | 29
> | pycrypto>=2.6 # Public Domain |
> | trove | requirements.txt
> | 47 | pycrypto>=2.6 # Public Domain
> |
>
> +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
>
> In order by name, notes follow.
>
> daisycloud-core - looks like AES / random functions are used
> freezer - looks like AES / random functions are used
> solum - looks like AES / RSA functions are used
> trove - has a review!!! https://review.openstack.org/#/c/560292/
>
> The following projects are not tracked so we won't wait on them.
> fuel-dev-tools, fuel-web, tatu
>
> so it looks like progress is being made, so we have that going for us,
> which is nice. What can I do to help move this forward?
>
> --
> Matthew Thode (prometheanfire)
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
--
Thanks,
Rong Zhu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180613/06cce53e/attachment-0001.html>
More information about the OpenStack-dev
mailing list