Re: [openstack-dev] [requirements][daisycloud][freezer][fuel][solum][tatu][trove] pycrypto is dead and insecure, you should migrate part 2
Hi, Matthew Solum removed pycryto dependency in [0] [0]: https://review.openstack.org/#/c/574244/ -- Thanks, Rong Zhu On Tue, Jun 5, 2018 at 3:07 AM Matthew Thode wrote: > On 18-05-13 12:22:06, Matthew Thode wrote: > > This is a reminder to the projects called out that they are using old, > > unmaintained and probably insecure libraries (it's been dead since > > 2014). Please migrate off to use the cryptography library. We'd like > > to drop pycrypto from requirements for rocky. > > > > See also, the bug, which has most of you cc'd already. > > > > https://bugs.launchpad.net/openstack-requirements/+bug/1749574 > > > > > ++-+--+---+ > | Repository | Filename > | Line | Text > | > > ++-+--+---+ > | daisycloud-core| code/daisy/requirements.txt > | 17 | pycrypto>=2.6 # Public > Domain | > | freezer| requirements.txt > | 21 | pycrypto>=2.6 # Public Domain >| > | fuel-dev-tools | > contrib/fuel-setup/requirements.txt |5 > | pycrypto==2.6.1 | > | fuel-web | nailgun/requirements.txt > | 24 | pycrypto>=2.6.1 >| > | solum | requirements.txt > | 24 | pycrypto # Public Domain > | > | tatu | requirements.txt > |7 | pycrypto>=2.6.1 >| > | tatu | test-requirements.txt > |7 | pycrypto>=2.6.1 > | > | trove | > integration/scripts/files/requirements/fedora-requirements.txt | 30 > | pycrypto>=2.6 # Public Domain| > | trove | > integration/scripts/files/requirements/ubuntu-requirements.txt | 29 > | pycrypto>=2.6 # Public Domain| > | trove | requirements.txt > | 47 | pycrypto>=2.6 # Public Domain >| > > ++-+--+---+ > > In order by name, notes follow. > > daisycloud-core - looks like AES / random functions are used > freezer - looks like AES / random functions are used > solum - looks like AES / RSA functions are used > trove - has a review!!! https://review.openstack.org/#/c/560292/ > > The following projects are not tracked so we won't wait on them. > fuel-dev-tools, fuel-web, tatu > > so it looks like progress is being made, so we have that going for us, > which is nice. What can I do to help move this forward? > > -- > Matthew Thode (prometheanfire) > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Thanks, Rong Zhu __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [requirements][daisycloud][freezer][fuel][solum][tatu][trove] pycrypto is dead and insecure, you should migrate part 2
These project seem dies. On Mon, Jun 11, 2018 at 5:48 AM, Matthew Thode wrote: > On 18-06-04 14:06:24, Matthew Thode wrote: > > On 18-05-13 12:22:06, Matthew Thode wrote: > > > This is a reminder to the projects called out that they are using old, > > > unmaintained and probably insecure libraries (it's been dead since > > > 2014). Please migrate off to use the cryptography library. We'd like > > > to drop pycrypto from requirements for rocky. > > > > > > See also, the bug, which has most of you cc'd already. > > > > > > https://bugs.launchpad.net/openstack-requirements/+bug/1749574 > > > > > > > ++-- > ---+--+- > --+ > > | Repository | Filename > | Line | Text > | > > ++-- > ---+--+- > --+ > > | daisycloud-core| code/daisy/requirements.txt >| 17 | pycrypto>=2.6 # Public > Domain | > > | freezer| requirements.txt > | 21 | pycrypto>=2.6 # Public > Domain | > > | fuel-dev-tools | > > contrib/fuel-setup/requirements.txt >|5 | pycrypto==2.6.1 >| > > | fuel-web | nailgun/requirements.txt > | 24 | pycrypto>=2.6.1 > | > > | solum | requirements.txt > | 24 | pycrypto # Public Domain > | > > | tatu | requirements.txt > |7 | pycrypto>=2.6.1 > | > > | tatu | test-requirements.txt >|7 | pycrypto>=2.6.1 >| > > | trove | integration/scripts/files/ > requirements/fedora-requirements.txt | 30 | pycrypto>=2.6 # > Public Domain| > > | trove | integration/scripts/files/ > requirements/ubuntu-requirements.txt | 29 | pycrypto>=2.6 # > Public Domain| > > | trove | requirements.txt > | 47 | pycrypto>=2.6 # Public > Domain | > > ++-- > ---+--+- > --+ > > > > In order by name, notes follow. > > > > daisycloud-core - looks like AES / random functions are used > > freezer - looks like AES / random functions are used > > solum - looks like AES / RSA functions are used > > trove - has a review!!! https://review.openstack.org/# > /c/560292/ > > > > The following projects are not tracked so we won't wait on them. > > fuel-dev-tools, fuel-web, tatu > > > > so it looks like progress is being made, so we have that going for us, > > which is nice. What can I do to help move this forward? > > > > It does not look like the projects (other than trove) are moving forward > on this. > > -- > Matthew Thode (prometheanfire) > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Shake Chen __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [requirements][daisycloud][freezer][fuel][solum][tatu][trove] pycrypto is dead and insecure, you should migrate part 2
On 18-06-04 14:06:24, Matthew Thode wrote: > On 18-05-13 12:22:06, Matthew Thode wrote: > > This is a reminder to the projects called out that they are using old, > > unmaintained and probably insecure libraries (it's been dead since > > 2014). Please migrate off to use the cryptography library. We'd like > > to drop pycrypto from requirements for rocky. > > > > See also, the bug, which has most of you cc'd already. > > > > https://bugs.launchpad.net/openstack-requirements/+bug/1749574 > > > > ++-+--+---+ > | Repository | Filename > | Line | Text > | > ++-+--+---+ > | daisycloud-core| code/daisy/requirements.txt > | 17 | pycrypto>=2.6 # Public Domain > | > | freezer| requirements.txt > | 21 | pycrypto>=2.6 # Public Domain > | > | fuel-dev-tools | > contrib/fuel-setup/requirements.txt |5 | > pycrypto==2.6.1 | > | fuel-web | nailgun/requirements.txt > | 24 | pycrypto>=2.6.1 > | > | solum | requirements.txt > | 24 | pycrypto # Public Domain > | > | tatu | requirements.txt > |7 | pycrypto>=2.6.1 > | > | tatu | test-requirements.txt > |7 | pycrypto>=2.6.1 > | > | trove | > integration/scripts/files/requirements/fedora-requirements.txt | 30 | > pycrypto>=2.6 # Public Domain| > | trove | > integration/scripts/files/requirements/ubuntu-requirements.txt | 29 | > pycrypto>=2.6 # Public Domain| > | trove | requirements.txt > | 47 | pycrypto>=2.6 # Public Domain > | > ++-+--+---+ > > In order by name, notes follow. > > daisycloud-core - looks like AES / random functions are used > freezer - looks like AES / random functions are used > solum - looks like AES / RSA functions are used > trove - has a review!!! https://review.openstack.org/#/c/560292/ > > The following projects are not tracked so we won't wait on them. > fuel-dev-tools, fuel-web, tatu > > so it looks like progress is being made, so we have that going for us, > which is nice. What can I do to help move this forward? > It does not look like the projects (other than trove) are moving forward on this. -- Matthew Thode (prometheanfire) signature.asc Description: PGP signature __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [requirements][daisycloud][freezer][fuel][solum][tatu][trove] pycrypto is dead and insecure, you should migrate part 2
On 18-05-13 12:22:06, Matthew Thode wrote: > This is a reminder to the projects called out that they are using old, > unmaintained and probably insecure libraries (it's been dead since > 2014). Please migrate off to use the cryptography library. We'd like > to drop pycrypto from requirements for rocky. > > See also, the bug, which has most of you cc'd already. > > https://bugs.launchpad.net/openstack-requirements/+bug/1749574 > ++-+--+---+ | Repository | Filename | Line | Text | ++-+--+---+ | daisycloud-core| code/daisy/requirements.txt | 17 | pycrypto>=2.6 # Public Domain | | freezer| requirements.txt | 21 | pycrypto>=2.6 # Public Domain | | fuel-dev-tools | contrib/fuel-setup/requirements.txt |5 | pycrypto==2.6.1 | | fuel-web | nailgun/requirements.txt | 24 | pycrypto>=2.6.1 | | solum | requirements.txt | 24 | pycrypto # Public Domain | | tatu | requirements.txt |7 | pycrypto>=2.6.1 | | tatu | test-requirements.txt |7 | pycrypto>=2.6.1 | | trove | integration/scripts/files/requirements/fedora-requirements.txt | 30 | pycrypto>=2.6 # Public Domain| | trove | integration/scripts/files/requirements/ubuntu-requirements.txt | 29 | pycrypto>=2.6 # Public Domain| | trove | requirements.txt | 47 | pycrypto>=2.6 # Public Domain | ++-+--+---+ In order by name, notes follow. daisycloud-core - looks like AES / random functions are used freezer - looks like AES / random functions are used solum - looks like AES / RSA functions are used trove - has a review!!! https://review.openstack.org/#/c/560292/ The following projects are not tracked so we won't wait on them. fuel-dev-tools, fuel-web, tatu so it looks like progress is being made, so we have that going for us, which is nice. What can I do to help move this forward? -- Matthew Thode (prometheanfire) signature.asc Description: PGP signature __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev