Your message dated Tue, 12 Jan 2016 13:25:24 +1100 with message-id <[email protected]> and subject line Re: python-passlib: bcrypt not usable from python-passlib -- missing backend has caused the Debian Bug report #705225, regarding python-passlib: bcrypt not usable from python-passlib -- missing backend to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 705225: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705225 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: python-passlib Version: 1.5.3-2 Severity: normal Dear Maintainer, I am in the process of deploying a python application that makes use of the bcrypt key derivation function for password storage. I have successfully tested this functionality on Debian Squeeze. Since Wheezy is nearing release, I attempted to deploy my application on this new version. It appears the python-bcrypt package has been removed due to it being out of date, and suffering a security issue. [1][2] The report in [2] suggests python-passlib as an alternative. Upon installing it, I attempted to use bcrypt(), only to find out it relies on py-bcrypt (which is the module formerly packaged as python-bcrypt) or bcryptor [3]. None of these modules are available in Debian repositories, leading me to the conclusion that bcrypt is currently unusable in python on Debian (other than installing the module from PyPI or building a custom .deb). It should be noted that the homepage referenced in [1] for py-bcrypt is outdated; the project was moved to this URL: http://code.google.com/p/py-bcrypt/ Additionally, the security issue was fixed in version 0.3. Thanks, -- Marios [1] http://packages.qa.debian.org/p/python-bcrypt.html [2] http://ftp-master.debian.org/removals.txt [3] http://pythonhosted.org/passlib/lib/passlib.hash.bcrypt.html -- System Information: Debian Release: 7.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-passlib depends on: ii python 2.7.3-4 ii python2.6 2.6.8-1.1 ii python2.7 2.7.3-6 python-passlib recommends no packages. python-passlib suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Brian May <[email protected]> writes: >> I just opened #796853 for this security issue. > > #796853 was closed, so I believe this bug can now be closed... Closing... -- Brian May <[email protected]>
--- End Message ---
_______________________________________________ Python-modules-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
