[openstack-dev] [requirements][daisycloud][freezer][fuel][tatu][trove] pycrypto is dead and insecure, you should migrate

Matthew Thode prometheanfire at gentoo.org
Wed Jun 13 15:23:45 UTC 2018 

On 18-06-13 20:53:06, Rong Zhu wrote:
> Hi, Matthew
> 
> Solum removed pycryto dependency in [0]
> 
> [0]: https://review.openstack.org/#/c/574244/
> 
> -- 
> Thanks,
> Rong Zhu

Yep, just in time for the next reminder email too :D

> +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
> | Repository                             | Filename                                                            | Line | Text                                              |
> +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
> | daisycloud-core                        | code/daisy/requirements.txt                                         |   17 | pycrypto>=2.6 # Public Domain                     |
> | freezer                                | requirements.txt                                                    |   21 | pycrypto>=2.6 # Public Domain                     |
> | fuel-dev-tools                         | contrib/fuel-setup/requirements.txt                                 |    5 | pycrypto==2.6.1                                   |
> | fuel-web                               | nailgun/requirements.txt                                            |   24 | pycrypto>=2.6.1                                   |
> | tatu                                   | requirements.txt                                                    |    7 | pycrypto>=2.6.1                                   |
> | tatu                                   | test-requirements.txt                                               |    7 | pycrypto>=2.6.1                                   |
> | trove                                  | integration/scripts/files/requirements/fedora-requirements.txt      |   30 | pycrypto>=2.6  # Public Domain                    |
> | trove                                  | integration/scripts/files/requirements/ubuntu-requirements.txt      |   29 | pycrypto>=2.6  # Public Domain                    |
> | trove                                  | requirements.txt                                                    |   47 | pycrypto>=2.6 # Public Domain                     |
> +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+

Reverse order this time :D

trove has https://review.openstack.org/#/c/573070 which is making good
progress

The rest (tatu, fuel, freezer, daisycloud-core) I don't see any reviews,
starting to wonder if they watch the list.

-- 
Matthew Thode (prometheanfire)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180613/1e993b7b/attachment.sig>

More information about the OpenStack-dev mailing list