Re: [openstack-dev] [requirements][daisycloud][freezer][fuel][solum][tatu][trove] pycrypto is dead and insecure, you should migrate part 2

Mon, 04 Jun 2018 12:07:39 -0700 

On 18-05-13 12:22:06, Matthew Thode wrote:
> This is a reminder to the projects called out that they are using old,
> unmaintained and probably insecure libraries (it's been dead since
> 2014).  Please migrate off to use the cryptography library.  We'd like
> to drop pycrypto from requirements for rocky.
> 
> See also, the bug, which has most of you cc'd already.
> 
> https://bugs.launchpad.net/openstack-requirements/+bug/1749574
> 

+----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
| Repository                             | Filename                             
                               | Line | Text                                    
          |
+----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+
| daisycloud-core                        | code/daisy/requirements.txt          
                               |   17 | pycrypto>=2.6 # Public Domain           
          |
| freezer                                | requirements.txt                     
                               |   21 | pycrypto>=2.6 # Public Domain           
          |
| fuel-dev-tools                         | contrib/fuel-setup/requirements.txt  
                               |    5 | pycrypto==2.6.1                         
          |
| fuel-web                               | nailgun/requirements.txt             
                               |   24 | pycrypto>=2.6.1                         
          |
| solum                                  | requirements.txt                     
                               |   24 | pycrypto # Public Domain                
          |
| tatu                                   | requirements.txt                     
                               |    7 | pycrypto>=2.6.1                         
          |
| tatu                                   | test-requirements.txt                
                               |    7 | pycrypto>=2.6.1                         
          |
| trove                                  | 
integration/scripts/files/requirements/fedora-requirements.txt      |   30 | 
pycrypto>=2.6  # Public Domain                    |
| trove                                  | 
integration/scripts/files/requirements/ubuntu-requirements.txt      |   29 | 
pycrypto>=2.6  # Public Domain                    |
| trove                                  | requirements.txt                     
                               |   47 | pycrypto>=2.6 # Public Domain           
          |
+----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+

In order by name, notes follow.

daisycloud-core - looks like AES / random functions are used
freezer         - looks like AES / random functions are used
solum           - looks like AES / RSA functions are used
trove           - has a review!!! https://review.openstack.org/#/c/560292/

The following projects are not tracked so we won't wait on them.
fuel-dev-tools, fuel-web, tatu

so it looks like progress is being made, so we have that going for us,
which is nice.  What can I do to help move this forward?

-- 
Matthew Thode (prometheanfire)

Attachment: signature.asc
Description: PGP signature

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to