[openstack-dev] [requirements][daisycloud][freezer][fuel][solum][tatu][trove] pycrypto is dead and insecure, you should migrate part 2

Rong Zhu aaronzhu1121 at gmail.com
Wed Jun 13 12:53:06 UTC 2018


Hi, Matthew

Solum removed pycryto dependency in [0]

[0]: https://review.openstack.org/#/c/574244/

-- 
Thanks,
Rong Zhu



On Tue, Jun 5, 2018 at 3:07 AM Matthew Thode <prometheanfire at gentoo.org>
wrote:

> On 18-05-13 12:22:06, Matthew Thode wrote:
> > This is a reminder to the projects called out that they are using old,
> > unmaintained and probably insecure libraries (it's been dead since
> > 2014).  Please migrate off to use the cryptography library.  We'd like
> > to drop pycrypto from requirements for rocky.
> >
> > See also, the bug, which has most of you cc'd already.
> >
> > https://bugs.launchpad.net/openstack-requirements/+bug/1749574
> >
>
>
> +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
> | Repository                             | Filename
>                                     | Line | Text
>                     |
>
> +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
> | daisycloud-core                        | code/daisy/requirements.txt
>                                      |   17 | pycrypto>=2.6 # Public
> Domain                     |
> | freezer                                | requirements.txt
>                                     |   21 | pycrypto>=2.6 # Public Domain
>                    |
> | fuel-dev-tools                         |
> contrib/fuel-setup/requirements.txt                                 |    5
> | pycrypto==2.6.1                                   |
> | fuel-web                               | nailgun/requirements.txt
>                                     |   24 | pycrypto>=2.6.1
>                    |
> | solum                                  | requirements.txt
>                                     |   24 | pycrypto # Public Domain
>                     |
> | tatu                                   | requirements.txt
>                                     |    7 | pycrypto>=2.6.1
>                    |
> | tatu                                   | test-requirements.txt
>                                      |    7 | pycrypto>=2.6.1
>                      |
> | trove                                  |
> integration/scripts/files/requirements/fedora-requirements.txt      |   30
> | pycrypto>=2.6  # Public Domain                    |
> | trove                                  |
> integration/scripts/files/requirements/ubuntu-requirements.txt      |   29
> | pycrypto>=2.6  # Public Domain                    |
> | trove                                  | requirements.txt
>                                     |   47 | pycrypto>=2.6 # Public Domain
>                    |
>
> +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
>
> In order by name, notes follow.
>
> daisycloud-core - looks like AES / random functions are used
> freezer         - looks like AES / random functions are used
> solum           - looks like AES / RSA functions are used
> trove           - has a review!!! https://review.openstack.org/#/c/560292/
>
> The following projects are not tracked so we won't wait on them.
> fuel-dev-tools, fuel-web, tatu
>
> so it looks like progress is being made, so we have that going for us,
> which is nice.  What can I do to help move this forward?
>
> --
> Matthew Thode (prometheanfire)
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>


-- 
Thanks,
Rong Zhu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180613/06cce53e/attachment-0001.html>


More information about the OpenStack-dev mailing list