pythonPackages.pycrypto: deprecate in favor of pycryptodome #21671

Closed
FRidh opened this Issue Jan 5, 2017 · 3 comments

Projects

None yet

2 participants

@FRidh
Member
FRidh commented Jan 5, 2017

Issue description

pycrypto is a package that hasn't been maintained for a long time now. A maintained fork and drop-in replacement is pycryptodome. Therefore, we should get rid of pycrypto and use pycryptodome.

Packages typically have pycrypto as install_requires either in setup.py or requirements.txt. Packages that have this should be patched.

https://pycryptodome.readthedocs.io/en/latest/src/introduction.html

Technical details

This applies to both 16.09 and master.

@FRidh FRidh referenced this issue Jan 5, 2017
Closed

Vulnerability Roundup 16 #21642

38 of 38 tasks complete
@FRidh
Member
FRidh commented Jan 5, 2017

Can't we fake the package name or introduce a dummy package named pycrypto which pulls in pycryptodome and in turn the Crypto python module?

@fpletz Good idea. Working on that now

@FRidh FRidh closed this in 3b71936 Jan 5, 2017
@FRidh
Member
FRidh commented Jan 5, 2017

The dummy is now in master and not in stable. I suggest we wait and see before we backport this dummy, since most dependents don't have any test suites.

@domenkozar
Member

This breaks #21730

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment