On 18-05-13 12:22:06, Matthew Thode wrote: > This is a reminder to the projects called out that they are using old, > unmaintained and probably insecure libraries (it's been dead since > 2014). Please migrate off to use the cryptography library. We'd like > to drop pycrypto from requirements for rocky. > > See also, the bug, which has most of you cc'd already. > > https://bugs.launchpad.net/openstack-requirements/+bug/1749574 >
+----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+ | Repository | Filename | Line | Text | +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+ | daisycloud-core | code/daisy/requirements.txt | 17 | pycrypto>=2.6 # Public Domain | | freezer | requirements.txt | 21 | pycrypto>=2.6 # Public Domain | | fuel-dev-tools | contrib/fuel-setup/requirements.txt | 5 | pycrypto==2.6.1 | | fuel-web | nailgun/requirements.txt | 24 | pycrypto>=2.6.1 | | solum | requirements.txt | 24 | pycrypto # Public Domain | | tatu | requirements.txt | 7 | pycrypto>=2.6.1 | | tatu | test-requirements.txt | 7 | pycrypto>=2.6.1 | | trove | integration/scripts/files/requirements/fedora-requirements.txt | 30 | pycrypto>=2.6 # Public Domain | | trove | integration/scripts/files/requirements/ubuntu-requirements.txt | 29 | pycrypto>=2.6 # Public Domain | | trove | requirements.txt | 47 | pycrypto>=2.6 # Public Domain | +----------------------------------------+---------------------------------------------------------------------+------+---------------------------------------------------+ In order by name, notes follow. daisycloud-core - looks like AES / random functions are used freezer - looks like AES / random functions are used solum - looks like AES / RSA functions are used trove - has a review!!! https://review.openstack.org/#/c/560292/ The following projects are not tracked so we won't wait on them. fuel-dev-tools, fuel-web, tatu so it looks like progress is being made, so we have that going for us, which is nice. What can I do to help move this forward? -- Matthew Thode (prometheanfire)
signature.asc
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev