Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

On Wed, Mar 29, 2017 at 10:56:41AM -0400, Brian Rosmaita wrote: > On 3/8/17 2:03 PM, Matthew Thode wrote: > > So, pycrypto upstream is dead and has been for a while, we should look > > at moving off of it for both bugfix and security reasons. > > > > Currently it's used by the following. > > > >

Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

Actually - in lieu of writing specs for this work, we already have a keystonemiddleware bug open for moving to oslo.cache [0]. I've opened another bug for moving to supported crypto library [1]. [0] https://bugs.launchpad.net/keystonemiddleware/+bug/1523375 [1]

Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

With pycrypto removed from keystoneauth [0] (thanks Brant, Monty, and Morgan!), I did some poking at the usage in keystonemiddleware [1]. The usage is built into auth_token middleware for encrypting and decrypting things stored in cache [2], but it is conditional based on configuration [3] and

Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

On 3/8/17 2:03 PM, Matthew Thode wrote: > So, pycrypto upstream is dead and has been for a while, we should look > at moving off of it for both bugfix and security reasons. > > Currently it's used by the following. > > barbican, cinder, trove, glance, heat, keystoneauth, keystonemiddleware, >

Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

On 03/08/2017 05:38 PM, Amrith Kumar wrote: > Sounds like a good candidate for a cross-project release goal. > > A non-controversial situation, the work is a no-op for most, a specific > deliverable for a few, and a mechanism to close the loop and make sure it > gets done in a specific timeframe?

Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

-Original Message- From: Davanum Srinivas [mailto:dava...@gmail.com] Sent: Wednesday, March 8, 2017 2:30 PM To: OpenStack Development Mailing List (not for usage questions) <openstack-dev@lists.openstack.org> Subject: Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryp

Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

On Wed, Mar 8, 2017 at 8:03 PM, Matthew Thode wrote: > So, pycrypto upstream is dead and has been for a while, we should look > at moving off of it for both bugfix and security reasons. > > Currently it's used by the following. > > barbican, cinder, trove, glance, heat,

Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

On Wed, Mar 8, 2017 at 1:03 PM, Matthew Thode wrote: > So, pycrypto upstream is dead and has been for a while, we should look > at moving off of it for both bugfix and security reasons. > > Currently it's used by the following. > > barbican, cinder, trove, glance,

Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

One of my goals for Barbican for this cycle is to migrate our code to use pyca/cryptography exclusively. We currently depend on both because at one point we needed things that were not available in early releases of cryptography. - Douglas Mendizábal (redrobot) > On Mar 8, 2017, at 1:11 PM,

Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

Ack thanks Matthew! On Wed, Mar 8, 2017 at 2:24 PM, Matthew Thode wrote: > I'm aware, iirc it was brought up when pysaml2 had to be fixed due to a > CVE. This thread is more looking for a long term fix. > > On 03/08/2017 01:11 PM, Davanum Srinivas wrote: >> Matthew,

Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

I'm aware, iirc it was brought up when pysaml2 had to be fixed due to a CVE. This thread is more looking for a long term fix. On 03/08/2017 01:11 PM, Davanum Srinivas wrote: > Matthew, > > Please see the last time i took inventory: > https://review.openstack.org/#/q/pycryptodome+owner:dims-v >