On Tue, 2023-03-07 at 11:19 -0500, Corey Bryant wrote: > Hi All, > > As you probably know, recent versions of cryptography have hard > dependencies on rust. Are there any community plans to continue supporting > a minimum (non-rust) version of cryptography until a specific release? i tought we had already raised the min above the version that required rust so not that i am aware of. cryptography>=2.7 is our curret stated minium but we have been testing with a much much newwer version for alont time since we do not test miniums anymore https://github.com/openstack/nova/commit/6caedfd97675940eb3cf07e2f019926dae45d02c > > The concern I have downstream in Ubuntu is that we need to continue being > compatible with cryptography 3.4.8 through openstack 2024.1. This is > because all releases through 2024.1 will be backported to the ubuntu 22.04 > cloud archives which will use cryptography 3.4.8. Once we get to 2024.2, we > will be backporting to 24.04 cloud archives, which will have the new > rust-based versions of cryptography. > > The current upper-constraint for cryptography is 38.0.2, but the various > requirements.txt min versions are much lower (e.g. keystone has > cryptography>=2.7). This is likely to lead to patches landing with features > that are only in 38.0.2, so it will likely be difficult to enforce min > version support. But perhaps a stance toward maintaining compatibility > could be established. https://github.com/openstack/governance/blob/584e06b0c186d4355d1d51f2d6df96e822253bef/resolutions/20220414-drop-lower-constraints.rst we decided to "Drop Lower Constraints Maintenance" relitivly recently while we have pti guidance for some lanagues rust is not one of them https://github.com/openstack/governance/tree/584e06b0c186d4355d1d51f2d6df96e822253bef/reference/pti and its also not part of the tested runtims https://github.com/openstack/governance/blob/master/reference/runtimes/2023.2.rst so i would proably try to avoid makign any commitment to continuting to supprot non rust based pycryptography release > > Thoughts? > > Corey