From IRC, Chuck thinks that python-oauthlib is sufficient:
14:52 tyhicks zul: so python-oauthlib is sufficient and we can mark the
python-oauth2 MIR as won't fix?
14:52 zul tyhicks: should be
Marking this MIR as Won't Fix since we no longer need python-oauth2 in
main.
** Changed in:
From IRC, Chuck thinks that python-oauthlib is sufficient:
14:52 tyhicks zul: so python-oauthlib is sufficient and we can mark the
python-oauth2 MIR as won't fix?
14:52 zul tyhicks: should be
Marking this MIR as Won't Fix since we no longer need python-oauth2 in
main.
** Changed in:
I've asked Chuck to comment on the current state of this MIR.
Specifically, whether python-oauthlib is now sufficient for keystone's
needs.
** Changed in: python-oauth2 (Ubuntu)
Status: Confirmed = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs,
I see that python-keystone in 14.04 and newer depends on python-
oauthlib, so I'm assuming that this MIR is no longer needed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1213934
Title:
[MIR]
** Changed in: python-oauth2 (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1213934
Title:
[MIR] python-oauth2
To manage notifications about this bug go to:
CVE requests at http://www.openwall.com/lists/oss-security/2013/09/12/5
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1213934
Title:
[MIR] python-oauth2
To manage notifications about this bug go
Well, python-oauthlib got sync'd to version 0.5.1. Can we have keystone
use that?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1213934
Title:
[MIR] python-oauth2
To manage notifications about
I reviewed python-oauth2 version 1.5.211-2ubuntu3 as checked into saucy.
This should not be considered a full security audit but instead just a
quick check of code quality.
- This library provides a Python implementation of Oauth2 client and
server, so http clients can use private resources
** Changed in: python-oauth2 (Ubuntu)
Assignee: Seth Arnold (seth-arnold) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1213934
Title:
[MIR] python-oauth2
To manage
I believe this is correct and considering how late in the cycle I dont
think its possible to switch it to oauthlib considering upstream and
ubuntu are deep in FF.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Looks like the latest version of oauthlib has some server support added,
though you'll have to determine whether it's enough for your needs. I
will file an FFe to get saucy's version updated the latest debian
version.
--
You received this bug notification because you are a member of Ubuntu
Can someone authoritatively find out if python-oauthlib still doesn't
have what keystone needs (eg, ask barry)? Seth can take a look at this
after that is determined.
** Changed in: python-oauth2 (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) = Seth Arnold (seth-arnold)
--
You received
** Changed in: python-oauth2 (Ubuntu)
Importance: Undecided = Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1213934
Title:
[MIR] python-oauth2
To manage notifications about this bug go
OK, assigning to our local security MIR member then, since it seems this
could be sensitive.
** Changed in: python-oauth2 (Ubuntu)
Status: Incomplete = New
** Changed in: python-oauth2 (Ubuntu)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
--
You received this bug
Ubuntu prefers python-oauthlib for OAuth. See
http://www.wefearchange.org/2012/11/uds-update-1-oauth.html for the
backstory.
The one missing piece of python-oauthlib is lack of server side bits of
OAuth. I'm guessing that keystone needs those server side bits? And
thus can't use
15 matches
Mail list logo