Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stop depending on pycrypto #54115

Closed
JanZerebecki opened this issue Aug 5, 2019 · 3 comments · Fixed by #56625
Closed

stop depending on pycrypto #54115

JanZerebecki opened this issue Aug 5, 2019 · 3 comments · Fixed by #56625
Assignees
Labels
Confirmed Core Feature ZRelease-Sodium
Projects
Milestone

Comments

@JanZerebecki
Copy link

@JanZerebecki JanZerebecki commented Aug 5, 2019

Description of Issue

PyCrypto is unmaintained and has open security issues. This was already reported in e.g. #52674 but it is currently closed.

Steps to Reproduce Issue

Run pip download salt and check if it mentions pycrypto. It currently does, but it should not. It currently comes from https://github.com/saltstack/salt/blob/develop/requirements/zeromq.txt .

Versions Report

Checked for 2019.2.0 via pip, and on branch develop by inspecting the above file.

JanZerebecki added a commit to JanZerebecki/salt that referenced this issue Aug 5, 2019
pycrypto is unmaintained and has open security issues.

Fixes: saltstack#54115
@twangboy twangboy added Feature Core team-core labels Aug 6, 2019
@twangboy twangboy added this to the Approved milestone Aug 6, 2019
@twangboy twangboy assigned twangboy and JanZerebecki and unassigned twangboy Aug 6, 2019
JanZerebecki added a commit to JanZerebecki/salt that referenced this issue Aug 16, 2019
pycrypto is unmaintained and has open security issues.

Fixes: saltstack#54115
JanZerebecki added a commit to JanZerebecki/salt that referenced this issue Aug 16, 2019
pycrypto is unmaintained and has open security issues.

Fixes: saltstack#54115
JanZerebecki added a commit to JanZerebecki/salt that referenced this issue Aug 17, 2019
pycrypto is unmaintained and has open security issues.

Fixes: saltstack#54115
@stale
Copy link

@stale stale bot commented Jan 8, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

@stale stale bot added the stale label Jan 8, 2020
@sagetherage sagetherage added the Confirmed label Jan 9, 2020
@stale
Copy link

@stale stale bot commented Jan 9, 2020

Thank you for updating this issue. It is no longer marked as stale.

@stale stale bot removed the stale label Jan 9, 2020
@OrangeDog
Copy link
Collaborator

@OrangeDog OrangeDog commented Feb 11, 2020

Note that OS packages (e.g. python3-crypto) should already have the security issues patched on currently-supported systems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Confirmed Core Feature ZRelease-Sodium
Projects
No open projects
Sodium
  
Done
Development

Successfully merging a pull request may close this issue.

4 participants