Re: [tahoe-dev] 1.9 update: soon! Need help with PyCrypto-2.4!
On Sat, Oct 29, 2011 at 1:47 PM, Zooko O'Whielacronx zo...@zooko.comwrote: On Sat, Oct 29, 2011 at 1:29 AM, Jimmy Tang jcft...@gmail.com wrote: If anybody is dying to use Tahoe-LAFS v1.9 with Python 2.4, speak up now! I do, but fortunately I can deal with it in my systems where i just package up newer python builds for myself. I'm not sure I understand. You're saying that you currently use Tahoe-LAFS with Python 2.4, but that if we drop support for Python 2.4 you can compensate by installing a newer Python on your systems? Okay, that's good to know. Thanks! Why do you use Python 2.4? yes that is correct, i can compensate by upgrading to RHEL6 and its equivalents or python itself, but other admins will not agree with that strategy. we have a home brew build system for loading up environments (with different software versions) so it is not a major issue at least for me on current rhel5x based systems. Thanks, Jimmy. -- http://www.sgenomics.org/~jtang/ ___ tahoe-dev mailing list tahoe-dev@tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
Re: [tahoe-dev] 1.9 update: soon! Need help with PyCrypto-2.4!
On Fri, Oct 28, 2011 at 8:02 PM, Zooko O'Whielacronx zo...@zooko.comwrote: If anybody is dying to use Tahoe-LAFS v1.9 with Python 2.4, speak up now! I do, but fortunately I can deal with it in my systems where i just package up newer python builds for myself. unfortunately i am away in germany and hong kong for the next 3weeks so I can't help debug and test this across all the python builds that i have :P jimmy. -- http://www.sgenomics.org/~jtang/ ___ tahoe-dev mailing list tahoe-dev@tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
Re: [tahoe-dev] 1.9 update: soon! Need help with PyCrypto-2.4!
On Sat, Oct 29, 2011 at 1:29 AM, Jimmy Tang jcft...@gmail.com wrote: If anybody is dying to use Tahoe-LAFS v1.9 with Python 2.4, speak up now! I do, but fortunately I can deal with it in my systems where i just package up newer python builds for myself. I'm not sure I understand. You're saying that you currently use Tahoe-LAFS with Python 2.4, but that if we drop support for Python 2.4 you can compensate by installing a newer Python on your systems? Okay, that's good to know. Thanks! Why do you use Python 2.4? Regards, Zooko ___ tahoe-dev mailing list tahoe-dev@tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
Re: [tahoe-dev] 1.9 update: soon! Need help with PyCrypto-2.4!
On Fri, Oct 28, 2011 at 11:02 PM, Zooko O'Whielacronx zo...@zooko.comwrote: Short term solution: declare that Tahoe-LAFS v1.9 doesn't support Python 2.4 anymore. (This is because this particular bug in PyCrypto is probably specific to being it built for Python 2.4) I'm okay with that, and it is a fast way to reduce our load, and I have a lot of other things that I want to do (launch Least Authority Enterprises to live customers, doc writing and auditing for Tahoe-LAFS v1.9, preparing for the Summit, ...). If anybody is dying to use Tahoe-LAFS v1.9 with Python 2.4, speak up now! Oh no, please don't drop python 2.4 support. There's simple reason: RHEL/CentOS 5 uses python 2.4. RHEL 6 was released not so far ago, and there's lots of RHEL 5 servers all arount the world, and they'll be here for a very long time. Personally, I still have some RHEL4 servers and was really happy to drop latest RHEL3 installation not so far ago. Of course, it's possible to install other versions of python, but it's not officially supported, and most of this methods looks like ugly hacks. If there's problem only with ssh encryption - drop it and only it. I believe most of the users will have gateway on their localhost desktops with some less Enterprise and more recent systems running. But total drop of 2.4 support will make life for many persons with redhat background (incluing me) harder. -- Vladimir Rusinov http://greenmice.info/ ___ tahoe-dev mailing list tahoe-dev@tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
Re: [tahoe-dev] 1.9 update: soon! Need help with PyCrypto-2.4!
On Sat, Oct 29, 2011 at 12:29 AM, Jimmy Tang jcft...@gmail.com wrote: On Fri, Oct 28, 2011 at 8:02 PM, Zooko O'Whielacronx zo...@zooko.comwrote: If anybody is dying to use Tahoe-LAFS v1.9 with Python 2.4, speak up now! I do, but fortunately I can deal with it in my systems where i just package up newer python builds for myself. unfortunately i am away in germany and hong kong for the next 3weeks so I can't help debug and test this across all the python builds that i have :P jimmy. If I understand correctly the problems were stemming from the use of pycrypto-2.4 _NOT_ python 2.4, so support of python 2.4 should continue unperturbed. It's possible I don't understand correctly though, so you might want to ask this question again. -- Za “The beliefs which we have most* *warrant for, have no safeguard to rest on, but a standing invitation to the whole world to prove them unfounded.” John Stuart Mill http://allmydata.org ___ tahoe-dev mailing list tahoe-dev@tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
Re: [tahoe-dev] 1.9 update: soon! Need help with PyCrypto-2.4!
I'm extremely annoyed at the fact that we depend on PyCrypto, which I regard as too sloppily-written to be secure, and also as too sloppily-written to build and install on all the platforms we support. For a while there the pain had lessened because there were no new releases of PyCrypto, and people had worked-around all of the known problems in the most recent release. But unfortunately they are apparently maintaining PyCrypto again, so now it is going to resume interfering with our work. Short term solution: declare that Tahoe-LAFS v1.9 doesn't support Python 2.4 anymore. (This is because this particular bug in PyCrypto is probably specific to being it built for Python 2.4) I'm okay with that, and it is a fast way to reduce our load, and I have a lot of other things that I want to do (launch Least Authority Enterprises to live customers, doc writing and auditing for Tahoe-LAFS v1.9, preparing for the Summit, ...). If anybody is dying to use Tahoe-LAFS v1.9 with Python 2.4, speak up now! Possible long-term solution: replace the place where Twisted depends on PyCrypto with a dependency on something else (pycryptopp, botan, ?). This is a lot of work, because there isn't a ready-made crypto library for Python which does everything that Twisted wants from PyCrypto. See Twisted ticket #4633. Possible long-term solution: replace the place where Twisted depends on PyCrypto with a null plugin that doesn't actually encrypt, and replace the warning in https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/frontends/FTP-and-SFTP.rst#configuring-sftp-access so that instead of saying We don't trust the crypto on the SFTP connection, so be cautious about it., it says There is no crypto on the SFTP connection, so don't use it except over loopback or a secure network.. (What does be cautious mean, anyway? I guess it means feel worry in your heart but do it anyway.) I'm not sure that would work, but I prefer giving people a thing that claims to not have security over a thing that claims to have security but that claim is suspect. :-( Oh by the way, I think those docs are now obsolete -- they say there are no AES timing defenses in the PyCrypto code, but I think they might have added that. Not sure. Impatiently yours, Zooko http://twistedmatrix.com/trac/ticket/4633# allow applications to bring their own crypto to avoid the dependency of conch on PyCrypto ___ tahoe-dev mailing list tahoe-dev@tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
Re: [tahoe-dev] 1.9 update: soon! Need help with PyCrypto-2.4!
On 2011-10-29 6:01 AM, Shawn Willden wrote: Are there any well-written crypto libraries, in any language? Having spent a frightful amount of time trudging through openssl lately as well as a couple of Java crypto libs (Cryptix and Bouncy Castle) I've begun thinking that the intersection between the set of people who write non-toy crypto libraries and the set of people who write tight, clean, well-structured code may be empty. A long time ago, I dug my way through Crypto++ to extract the code that actually did the encryption and put it in a different context. Seemed pretty good to me - but then I am a fan of massive templating, which not everyone is. ___ tahoe-dev mailing list tahoe-dev@tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev