Package: python-passlib
Version: 1.5.3-2
Severity: normal
Dear Maintainer,
I am in the process of deploying a python application that makes use of the
bcrypt key derivation function for password storage. I have successfully tested
this functionality on Debian Squeeze. Since Wheezy is nearing release, I
attempted to deploy my application on this new version. It appears the
python-bcrypt package has been removed due to it being out of date, and
suffering a security issue. [1][2]
The report in [2] suggests python-passlib as an alternative. Upon installing
it, I attempted to use bcrypt(), only to find out it relies on py-bcrypt (which
is the module formerly packaged as python-bcrypt) or bcryptor [3]. None of
these modules are available in Debian repositories, leading me to the
conclusion that bcrypt is currently unusable in python on Debian (other than
installing the module from PyPI or building a custom .deb).
It should be noted that the homepage referenced in [1] for py-bcrypt is
outdated; the project was moved to this URL: http://code.google.com/p/py-bcrypt/
Additionally, the security issue was fixed in version 0.3.
Thanks,
--
Marios
[1] http://packages.qa.debian.org/p/python-bcrypt.html
[2] http://ftp-master.debian.org/removals.txt
[3] http://pythonhosted.org/passlib/lib/passlib.hash.bcrypt.html
-- System Information:
Debian Release: 7.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages python-passlib depends on:
ii python 2.7.3-4
ii python2.6 2.6.8-1.1
ii python2.7 2.7.3-6
python-passlib recommends no packages.
python-passlib suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
