Bug#754120: ITP: python-gnupg-ng -- A Python wrapper for GnuPG
Package: wnpp Severity: wishlist Owner: Ben Carrillo * Package name: python-gnupg-ng Version : 1.2.6 Upstream Author : Isis Lovecruft * URL : https://github.com/isislovecruft/python-gnupg * License : GPL Programming Lang: Python Description : A Python wrapper for GnuPG A Python interface for handling interactions with GnuPG, including keyfile generation, keyring maintenance, import and export, encryption and decryption, sending to and recieving from keyservers, and signing and verification. .. This is a fork of python-gnupg (from version 0.3.2), patched to sanitize untrusted inputs, due to the necessity of executing subprocess.Popen([...], shell=True) in order to communicate with GnuPG. Several speed improvements were also made based on code profiling, and the API has been cleaned up to support an easier, more Pythonic, interaction. -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140707175655.3678.46282.reportbug@localhost
Bug#754120: ITP: python-gnupg-ng -- A Python wrapper for GnuPG
Hi, Ben Carrillo writes: > This is a fork of python-gnupg (from version 0.3.2), patched to > sanitize untrusted inputs, due to the necessity of executing > subprocess.Popen([...], shell=True) in order to communicate with GnuPG. Why exactly should shell=True be necessary? Ansgar -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87zjgkgb0n@deep-thought.43-1.org
Bug#754120: ITP: python-gnupg-ng -- A Python wrapper for GnuPG
On Mon, Jul 07, 2014 at 12:56:55PM -0500, Ben Carrillo wrote: > This is a fork of python-gnupg (from version 0.3.2), patched to > sanitize untrusted inputs, due to the necessity of executing > subprocess.Popen([...], shell=True) in order to communicate with GnuPG. > Several speed improvements were also made based on code profiling, and > the API has been cleaned up to support an easier, more Pythonic, > interaction. The upstream version claims to still be called python-gnupg. There is a python-gnupg package that hasn't been updated since 2014. How does this package fit in with the existing python-gnupg package? Thanks, Iain. -- e: i...@fsfe.orgw: iain.learmonth.me x: i...@jabber.fsfe.org t: +447875886930 c: MM6MVQ g: IO87we p: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49 pgpVYmOeuN1kq.pgp Description: PGP signature
Bug#754120: ITP: python-gnupg-ng -- A Python wrapper for GnuPG
> Why exactly should shell=True be necessary? It turns out that shell=True (basically what started the fork) is not needed now. Vinay changed it in the latest release of the "original" python gnupg, which came after a bunch of CVEs and some comments in this thread as a result of python-gnupg-ng: http://seclists.org/oss-sec/2014/q1/303 The original reason for doing shell=True is/was commented on python-gnupg (original) code: without that, it didn't work in windows. So while it is true that Shell=True is not needed, python-gnupg-ng has other advantages: its more community based (it has a bugtracker and public repo, to begin with), the code has diverged from the original a bit in adding various gnupg functionality to the module, re-reading of the original having security and documentation in minde and improving the overall code quality. I'd argue that including this in Debian is a win because this one has: * Better gnupg options parsing * Better code structure. * Better documentation. * Open repo and bugtracker. Also - we have a package ready to upload for it. pgpF3YZLn26TJ.pgp Description: PGP signature
Bug#754120: ITP: python-gnupg-ng -- A Python wrapper for GnuPG
Hi, micah anderson wrote (14 Aug 2014 21:12:03 GMT) : > Also - we have a package ready to upload for it. Where can I find this package? Cheers, -- intrigeri -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/85r40g9fht@boum.org
Bug#754120: ITP: python-gnupg-ng -- A Python wrapper for GnuPG
intrigeri writes: > Hi, > > micah anderson wrote (14 Aug 2014 21:12:03 GMT) : >> Also - we have a package ready to upload for it. > > Where can I find this package? It is available at: deb http://deb.leap.se/debian sid main as well as the git repository: git clone https://leap.se/git/python_gnupg-ng.git pgpOpUspBfBqb.pgp Description: PGP signature
Bug#754120: ITP: python-gnupg-ng -- A Python wrapper for GnuPG
Will be nice if python-gnupg-ng enters in debian. Besides my personal trust on the skills of the fork's maintainer, and her criteria on the need of rework it's security, the fact that the fork has an open active community I think fits better the debian way. Is there any blocker for it? -- Ruben Pollan | http://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: http://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan. signature.asc Description: signature
Bug#754120: ITP: python-gnupg-ng -- A Python wrapper for GnuPG
On Tue, Aug 19, 2014 at 12:40:11PM -0500, Ruben Pollan wrote: > Is there any blocker for it? For the record, this package is now in NEW: https://ftp-master.debian.org/new/python-gnupg-ng_1.3.1-1.html I also support the inclusion of this package in the archive. A. -- Ferreira signature.asc Description: Digital signature
Bug#754120: ITP: python-gnupg-ng -- A Python wrapper for GnuPG
note that upstream is considering a rename: https://github.com/isislovecruft/python-gnupg/issues/47 -- ent, de la servitude moderne signature.asc Description: Digital signature
