[prev in list] [next in list] [prev in thread] [next in thread]
List: opensuse-packaging
Subject: Re: [opensuse-packaging] pycrypro unmaintained, what to do about fork pycryptodome
From: Hans-Peter Jansen <hpj () urpla ! net>
Date: 2017-11-11 14:11:13
Message-ID: 1596753.8kGr9mjlfR () xrated
[Download RAW message or body]
On Donnerstag, 2. November 2017 10:01:51 Todd Rme wrote:
> pycrypro [1] is an important package, used by a wide variety of python
> packages for cryptography. It is also totally unmaintained, having
> seen no releases or commits since 2014.
>
> There is a well-maintained fork that uses the same namespace,
> pycryptodome [2]. However, although it is the same in most cases,
> there are a few places where the API differs [3]. And although it is
> mostly backwards-compatible, it is not forwards-compatible, adding a
> bunch of new APIs that packages that depend on it directly may use.
>
> The problem is that more and more packages are now depending directly
> on pycroptodome rather than pycrypto at install time, and since the
> two use the same namespace they are not co-installable, so trying to
> install a package that depends on it results in conflicts with large
> parts of the python software stack.
Well, pycryptodome comes in two flavours, one sharing the namespace with
pycrypto, and one stand alone one.
> So we need to make a decision how we are going to handle the situation.
>
> The simplest, but also riskiest, solution would be to have the
> pycroptodome package provide/obsolete pycrypto, and have package that
> require the old API depend on the old pycrypto version number (so
> pycrypto < 3). But I doubt all of these packages have unit tests,
> which means we could have breakage.
Given, that the majority of incompatibilities have security implications, I
vote for the simplest solution, that I do follow since I entered the
pyCryptodome train...
I.o.w, the fallout must be fixed or abandoned anyway...
Cheers,
Pete
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic