[jira] [Commented] (LIBCLOUD-1015) libcloud must not use pycrypto
[ https://issues.apache.org/jira/browse/LIBCLOUD-1015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16796455#comment-16796455 ] ASF subversion and git services commented on LIBCLOUD-1015: --- Commit a68022d1dff4daebafccff15106ba6988c9464d8 in libcloud's branch refs/heads/trunk from Ryan Petrello [ https://gitbox.apache.org/repos/asf?p=libcloud.git;h=a68022d ] Use cryptography (not PyCrypto) for GCE service account authentication see: https://issues.apache.org/jira/browse/LIBCLOUD-1015 > libcloud must not use pycrypto > -- > > Key: LIBCLOUD-1015 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-1015 > Project: Libcloud > Issue Type: Bug > Components: Core >Affects Versions: 2.3.0 >Reporter: Björn Boschman >Priority: Major > > while looking at the github page you can see that pycrytp is unmaintained > rumor has it that even dangerous bugs might exist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (LIBCLOUD-1015) libcloud must not use pycrypto
[ https://issues.apache.org/jira/browse/LIBCLOUD-1015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16789714#comment-16789714 ] Ryan Petrello commented on LIBCLOUD-1015: - Also, it's not really a rumor that PyCrypto is insecure. The current stable version on PyPI has a high severity (unresolved) buffer overflow CVE: [https://security-tracker.debian.org/tracker/CVE-2013-7459] PyCrypto is insecure and a new official version has not been released since late 2013. > libcloud must not use pycrypto > -- > > Key: LIBCLOUD-1015 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-1015 > Project: Libcloud > Issue Type: Bug > Components: Core >Affects Versions: 2.3.0 >Reporter: Björn Boschman >Priority: Major > > while looking at the github page you can see that pycrytp is unmaintained > rumor has it that even dangerous bugs might exist -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (LIBCLOUD-1015) libcloud must not use pycrypto
[ https://issues.apache.org/jira/browse/LIBCLOUD-1015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16789713#comment-16789713 ] Ryan Petrello commented on LIBCLOUD-1015: - Here's a pull request that makes the GCE service account auth code use https://pypi.org/project/cryptography/ instead of PyCrypto: https://github.com/apache/libcloud/pull/1280 > libcloud must not use pycrypto > -- > > Key: LIBCLOUD-1015 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-1015 > Project: Libcloud > Issue Type: Bug > Components: Core >Affects Versions: 2.3.0 >Reporter: Björn Boschman >Priority: Major > > while looking at the github page you can see that pycrytp is unmaintained > rumor has it that even dangerous bugs might exist -- This message was sent by Atlassian JIRA (v7.6.3#76005)