Public bug reported: requesting acknowledgement for update pycryptopp 0.5.17 to 0.5.29-1 in ubuntu 11.04 natty to fix tahoe
tahoe-lafs in natty requires a newer version of pycryptopp than is available in the natty repository. It needs >= 0.5.20 but natty only has 0.5.17. See bug bug 782461 The reason for this requirement is a security vulnerability in the embedded libcrypto++. This does *not* affect natty as the pycryptopp package uses the system libcrypto++ which is fixed. But in order to fix tahoe either the pycryptopp package must be updated or the version dependency of tahoe loosened. The later option could be dangerous for users which have an old local vurnable version of pycryptopp installed, as tahoe would then not check for the problem anymore, so updating the packaged pycryptopp is preferable. according to upstream the update should be safe as the majority of changes where build system related and the api was not broken. Changelog: http://tahoe-lafs.org/trac/pycryptopp/log/trunk/?action=stop_on_copy&mode=follow_copy&rev=772&stop_rev=&limit=128 The package builds in a clean natty chroot passes its testsuite and only has tahoe and python-beaker as rdepends, tahoe works fine with the new version and for beaker there where no problems reported in oneiric and debian testing either. Please decide if the solution of upgrading pycryptopp is acceptable or if the route of reducing the version dependency in tahoe should be preferred ** Affects: pycryptopp (Ubuntu) Importance: Undecided Status: New ** Summary changed: - update pycryptopp to version 0.5.29-1 + update pycryptopp to version 0.5.29-1 in natty ** Description changed: requesting acknowledgement for update pycryptopp 0.5.17 to 0.5.29-1 in ubuntu 11.04 natty to fix tahoe tahoe-lafs in natty requires a newer version of pycryptopp than is available in the natty repository. It needs >= 0.5.20 but natty only has 0.5.17. See bug bug 782461 The reason for this requirement is a security vulnerability in the embedded libcrypto++. This does *not* affect natty as the pycryptopp package uses the system libcrypto++ which is fixed. But in order to fix tahoe either the pycryptopp package must be updated or the version dependency of tahoe loosened. - The later option could be dangerous for users which have an old local vurnable version of pycryptopp installed so updating the packaged pycryptopp is preferable. + The later option could be dangerous for users which have an old local vurnable version of pycryptopp installed, as tahoe would then not check for the problem anymore, so updating the packaged pycryptopp is preferable. according to upstream the update should be safe as the majority of changes where build system related and the api was not broken. Changelog: http://tahoe-lafs.org/trac/pycryptopp/log/trunk/?action=stop_on_copy&mode=follow_copy&rev=772&stop_rev=&limit=128 The package builds in a clean natty chroot passes its testsuite and only has tahoe and python-beaker as rdepends, tahoe works fine with the new version and for beaker there where no problems reported in oneiric and debian testing either. Please decide if the solution of upgrading pycryptopp is acceptable or if the route of reducing the version dependency in tahoe should be preferred -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/811721 Title: update pycryptopp to version 0.5.29-1 in natty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pycryptopp/+bug/811721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs