On 18-06-04 14:06:24, Matthew Thode wrote: > On 18-05-13 12:22:06, Matthew Thode wrote: > > This is a reminder to the projects called out that they are using old, > > unmaintained and probably insecure libraries (it's been dead since > > 2014). Please migrate off to use the cryptography library. We'd like > > to drop pycrypto from requirements for rocky. > > > > See also, the bug, which has most of you cc'd already. > > > > https://bugs.launchpad.net/openstack-requirements/+bug/1749574 > > > > +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+ > | Repository | Filename > | Line | Text > | > +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+ > | daisycloud-core | code/daisy/requirements.txt > | 17 | pycrypto>=2.6 # Public Domain > | > | freezer | requirements.txt > | 21 | pycrypto>=2.6 # Public Domain > | > | fuel-dev-tools | > contrib/fuel-setup/requirements.txt | 5 | > pycrypto==2.6.1 | > | fuel-web | nailgun/requirements.txt > | 24 | pycrypto>=2.6.1 > | > | solum | requirements.txt > | 24 | pycrypto # Public Domain > | > | tatu | requirements.txt > | 7 | pycrypto>=2.6.1 > | > | tatu | test-requirements.txt > | 7 | pycrypto>=2.6.1 > | > | trove | > integration/scripts/files/requirements/fedora-requirements.txt | 30 | > pycrypto>=2.6 # Public Domain | > | trove | > integration/scripts/files/requirements/ubuntu-requirements.txt | 29 | > pycrypto>=2.6 # Public Domain | > | trove | requirements.txt > | 47 | pycrypto>=2.6 # Public Domain > | > +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+ > > In order by name, notes follow. > > daisycloud-core - looks like AES / random functions are used > freezer - looks like AES / random functions are used > solum - looks like AES / RSA functions are used > trove - has a review!!! https://review.openstack.org/#/c/560292/ > > The following projects are not tracked so we won't wait on them. > fuel-dev-tools, fuel-web, tatu > > so it looks like progress is being made, so we have that going for us, > which is nice. What can I do to help move this forward? >
It does not look like the projects (other than trove) are moving forward on this. -- Matthew Thode (prometheanfire)
signature.asc
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev