Wednesday 01 Mar 2017 22:14:33, Michał Górny wrote : > Hi, > > So here's a quick summary of what I've established so far about > pycrypto/pycryptodome. > > pycrypto is abandoned and dead since 2013. It was forked into > pycryptodome which is now maintained. The fork is partially compatible > with pycrypto -- though some APIs were removed/replaced. From my quick > experiments, every second random package I tried worked ;-). > > Now, pycryptodome has two modes of install. When it's installed as > 'pycryptodome' it installs 'Crypto' Python package -- which is the same > name as pycrypto used, and is therefore more compatible with packages > using the latter. There is also the alternative 'pycryptodomex' mode > which uses 'CryptoDome' namespace and does not collide with pycrypto. > > For an initial attempt, I've added dev-python/pycryptodome using > the former mode since it was required by a revdep. But it also means > that it blocks pycrypto, and therefore we need to start looking into > adding compatibility with pycryptodome into more packages. > > The problem is, as usual, setuptools/pkg_resources magic. Because even > if a particular app uses APIs that are compatible between the two > packages, pkg_resources will reject to run an app that specifies > 'pycrypto' as a dependency if pycryptodome is installed, and the other > way around. From a quick look at the specification, those dependency > specs don't really support any kind of any-of. > > That is, I think it is reasonable to assume that the only way forward > upstream would be to replace the dependency with 'pycryptodome', > and start requiring the latter. > > As for Gentoo, I think the sanest way forward would be to live with > that. Start testing packages with pycryptodome. If they don't use > pkg_resources and API compatibility can be achieved, add || ( > pycryptodome[...] pycrypto[...] ) if supported. If that is not possible, > a revbump switching to pycryptodome would be reasonable. > > After all, we don't really have many revdeps [1] to port. > > Any other ideas? > > [1]:https://qa-reports.gentoo.org/output/genrdeps/rindex/dev-python/pycrypto > > -- > Best regards, > Michał Górny Hi Michal
Thanks for the detailed report and for working on that. I was wondering how you want to go about revbumping those deps. Would you be keen on reviewing a PR which rev bumps a few packages from your list? Cheers -- Patrice Clement Gentoo Linux developer http://www.gentoo.org
signature.asc
Description: PGP signature