I'm aware, iirc it was brought up when pysaml2 had to be fixed due to a CVE. This thread is more looking for a long term fix.
On 03/08/2017 01:11 PM, Davanum Srinivas wrote: > Matthew, > > Please see the last time i took inventory: > https://review.openstack.org/#/q/pycryptodome+owner:dims-v > > Thanks, > Dims > > On Wed, Mar 8, 2017 at 2:03 PM, Matthew Thode <prometheanf...@gentoo.org> > wrote: >> So, pycrypto upstream is dead and has been for a while, we should look >> at moving off of it for both bugfix and security reasons. >> >> Currently it's used by the following. >> >> barbican, cinder, trove, glance, heat, keystoneauth, keystonemiddleware, >> kolla, openstack-ansible, and a couple of other smaller places. >> >> Development of it was forked into pycryptodome, which is supposed to be >> a drop in replacement. The problem is that due to co-installability >> requirements we can't have half of packages out there using pycrypto and >> the other half using pycryptodome. We'd need to hard switch everyone as >> both packages install into the same namespace. >> >> Another alternative would be to use something like cryptography instead, >> though it is not a drop in replacement, the migration would be able to >> be done piecemeal. >> >> I'd be interested in hearing about migration plans, especially from the >> affected projects. >> >> -- >> Matthew Thode (prometheanfire) >> >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > -- Matthew Thode (prometheanfire)
signature.asc
Description: OpenPGP digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
