[openstack-dev] [requirements][daisycloud][freezer][fuel][tatu][trove] pycrypto is dead and insecure, you should migrate

Doug Hellmann doug at doughellmann.com
Wed Jun 13 15:38:41 UTC 2018


Excerpts from Matthew Thode's message of 2018-06-13 10:23:45 -0500:
> On 18-06-13 20:53:06, Rong Zhu wrote:
> > Hi, Matthew
> > 
> > Solum removed pycryto dependency in [0]
> > 
> > [0]: https://review.openstack.org/#/c/574244/
> > 
> > -- 
> > Thanks,
> > Rong Zhu
> 
> Yep, just in time for the next reminder email too :D
> 
> > +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
> > | Repository                             | Filename                                                            | Line | Text                                              |
> > +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
> > | daisycloud-core                        | code/daisy/requirements.txt                                         |   17 | pycrypto>=2.6 # Public Domain                     |
> > | freezer                                | requirements.txt                                                    |   21 | pycrypto>=2.6 # Public Domain                     |
> > | fuel-dev-tools                         | contrib/fuel-setup/requirements.txt                                 |    5 | pycrypto==2.6.1                                   |
> > | fuel-web                               | nailgun/requirements.txt                                            |   24 | pycrypto>=2.6.1                                   |
> > | tatu                                   | requirements.txt                                                    |    7 | pycrypto>=2.6.1                                   |
> > | tatu                                   | test-requirements.txt                                               |    7 | pycrypto>=2.6.1                                   |
> > | trove                                  | integration/scripts/files/requirements/fedora-requirements.txt      |   30 | pycrypto>=2.6  # Public Domain                    |
> > | trove                                  | integration/scripts/files/requirements/ubuntu-requirements.txt      |   29 | pycrypto>=2.6  # Public Domain                    |
> > | trove                                  | requirements.txt                                                    |   47 | pycrypto>=2.6 # Public Domain                     |
> > +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
> 
> Reverse order this time :D
> 
> trove has https://review.openstack.org/#/c/573070 which is making good
> progress
> 
> The rest (tatu, fuel, freezer, daisycloud-core) I don't see any reviews,
> starting to wonder if they watch the list.
> 

Given the requirements team's limited resources, I would focus on
freezer and trove. The other projects aren't official, and we can
address any issues they have if they apply to become official.

Doug



More information about the OpenStack-dev mailing list