Re: python2-dns without DNSSEC support in rawhide
On 4/29/20 10:50 AM, Alexander Bokovoy wrote: On ke, 29 huhti 2020, Lumir Balhar wrote: On 4/29/20 10:31 AM, Paul Howarth wrote: Hi Lumir, On Wed, 29 Apr 2020 07:35:43 +0200 Lumir Balhar wrote: Hello. I'd like to switch python-dns crypto backend from pycryptodomex and ecdsa to python-cryptography. Upstream already did the same in master branch: https://github.com/rthalley/dnspython/pull/449 But, because python2-cryptography is not available in Fedora anymore, this change will disable DNSSEC functionality in python2-dns. There are only two packages depending on python2-dns: mailman and trac-spamfilter-plugin. I did a check and rebuild of both of them and it seems that they both work with the new version and there is no usage of DNSSEC in their codebases. COPR: https://copr.fedorainfracloud.org/coprs/lbalhar/dns/ PR: https://src.fedoraproject.org/rpms/python-dns/pull-request/5 If you think we should not merge the PR, let us know rather sooner than later. No objections from me (trac-spamfilter-plugin maintainer); it uses python-dns for IP blacklist lookups and I wouldn't be surprised if mailman did the same. Great! On the other hand, maybe the crypto backend could be changed for Python 3 and not for the Python 2 version? I would hope that the Python 2 version wouldn't need to be maintained for too much longer anyway. That would mean either ship two different codebases from one SRPM (python-dns) or create a new SRPM just for python2-dns and use old codebase there. The first one is (in my opinion) a bad idea and would make the spec file ugly. Second solution is kinda lot of work for nothing. So I hope nobody will be affected by missing DNSSEC in python2-dns :) Could you please add a sentence like 'Note this library has no DNSSEC support' to python2-dns subpackage description? I will. Good catch. Thank you! ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: python2-dns without DNSSEC support in rawhide
On ke, 29 huhti 2020, Lumir Balhar wrote: On 4/29/20 10:31 AM, Paul Howarth wrote: Hi Lumir, On Wed, 29 Apr 2020 07:35:43 +0200 Lumir Balhar wrote: Hello. I'd like to switch python-dns crypto backend from pycryptodomex and ecdsa to python-cryptography. Upstream already did the same in master branch: https://github.com/rthalley/dnspython/pull/449 But, because python2-cryptography is not available in Fedora anymore, this change will disable DNSSEC functionality in python2-dns. There are only two packages depending on python2-dns: mailman and trac-spamfilter-plugin. I did a check and rebuild of both of them and it seems that they both work with the new version and there is no usage of DNSSEC in their codebases. COPR: https://copr.fedorainfracloud.org/coprs/lbalhar/dns/ PR: https://src.fedoraproject.org/rpms/python-dns/pull-request/5 If you think we should not merge the PR, let us know rather sooner than later. No objections from me (trac-spamfilter-plugin maintainer); it uses python-dns for IP blacklist lookups and I wouldn't be surprised if mailman did the same. Great! On the other hand, maybe the crypto backend could be changed for Python 3 and not for the Python 2 version? I would hope that the Python 2 version wouldn't need to be maintained for too much longer anyway. That would mean either ship two different codebases from one SRPM (python-dns) or create a new SRPM just for python2-dns and use old codebase there. The first one is (in my opinion) a bad idea and would make the spec file ugly. Second solution is kinda lot of work for nothing. So I hope nobody will be affected by missing DNSSEC in python2-dns :) Could you please add a sentence like 'Note this library has no DNSSEC support' to python2-dns subpackage description? -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: python2-dns without DNSSEC support in rawhide
On 4/29/20 10:31 AM, Paul Howarth wrote: Hi Lumir, On Wed, 29 Apr 2020 07:35:43 +0200 Lumir Balhar wrote: Hello. I'd like to switch python-dns crypto backend from pycryptodomex and ecdsa to python-cryptography. Upstream already did the same in master branch: https://github.com/rthalley/dnspython/pull/449 But, because python2-cryptography is not available in Fedora anymore, this change will disable DNSSEC functionality in python2-dns. There are only two packages depending on python2-dns: mailman and trac-spamfilter-plugin. I did a check and rebuild of both of them and it seems that they both work with the new version and there is no usage of DNSSEC in their codebases. COPR: https://copr.fedorainfracloud.org/coprs/lbalhar/dns/ PR: https://src.fedoraproject.org/rpms/python-dns/pull-request/5 If you think we should not merge the PR, let us know rather sooner than later. No objections from me (trac-spamfilter-plugin maintainer); it uses python-dns for IP blacklist lookups and I wouldn't be surprised if mailman did the same. Great! On the other hand, maybe the crypto backend could be changed for Python 3 and not for the Python 2 version? I would hope that the Python 2 version wouldn't need to be maintained for too much longer anyway. That would mean either ship two different codebases from one SRPM (python-dns) or create a new SRPM just for python2-dns and use old codebase there. The first one is (in my opinion) a bad idea and would make the spec file ugly. Second solution is kinda lot of work for nothing. So I hope nobody will be affected by missing DNSSEC in python2-dns :) Paul. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: python2-dns without DNSSEC support in rawhide
Hi Lumir, On Wed, 29 Apr 2020 07:35:43 +0200 Lumir Balhar wrote: > Hello. > > I'd like to switch python-dns crypto backend from pycryptodomex and > ecdsa to python-cryptography. Upstream already did the same in master > branch: https://github.com/rthalley/dnspython/pull/449 > > But, because python2-cryptography is not available in Fedora anymore, > this change will disable DNSSEC functionality in python2-dns. There > are only two packages depending on python2-dns: mailman and > trac-spamfilter-plugin. I did a check and rebuild of both of them and > it seems that they both work with the new version and there is no > usage of DNSSEC in their codebases. COPR: > https://copr.fedorainfracloud.org/coprs/lbalhar/dns/ > > PR: https://src.fedoraproject.org/rpms/python-dns/pull-request/5 > > If you think we should not merge the PR, let us know rather sooner > than later. No objections from me (trac-spamfilter-plugin maintainer); it uses python-dns for IP blacklist lookups and I wouldn't be surprised if mailman did the same. On the other hand, maybe the crypto backend could be changed for Python 3 and not for the Python 2 version? I would hope that the Python 2 version wouldn't need to be maintained for too much longer anyway. Paul. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
python2-dns without DNSSEC support in rawhide
Hello. I'd like to switch python-dns crypto backend from pycryptodomex and ecdsa to python-cryptography. Upstream already did the same in master branch: https://github.com/rthalley/dnspython/pull/449 But, because python2-cryptography is not available in Fedora anymore, this change will disable DNSSEC functionality in python2-dns. There are only two packages depending on python2-dns: mailman and trac-spamfilter-plugin. I did a check and rebuild of both of them and it seems that they both work with the new version and there is no usage of DNSSEC in their codebases. COPR: https://copr.fedorainfracloud.org/coprs/lbalhar/dns/ PR: https://src.fedoraproject.org/rpms/python-dns/pull-request/5 If you think we should not merge the PR, let us know rather sooner than later. Have a nice day. LumÃr ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org