Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stop depending on pycrypto #54115

Closed
JanZerebecki opened this issue Aug 5, 2019 · 3 comments · Fixed by #56625
Closed

stop depending on pycrypto #54115

JanZerebecki opened this issue Aug 5, 2019 · 3 comments · Fixed by #56625
Assignees
Labels
Confirmed Salt engineer has confirmed bug/feature - often including a MCVE Core relates to code central or existential to Salt Feature new functionality including changes to functionality and code refactors, etc. ZRelease-Sodium retired label
Milestone

Comments

@JanZerebecki
Copy link
Contributor

Description of Issue

PyCrypto is unmaintained and has open security issues. This was already reported in e.g. #52674 but it is currently closed.

Steps to Reproduce Issue

Run pip download salt and check if it mentions pycrypto. It currently does, but it should not. It currently comes from https://github.com/saltstack/salt/blob/develop/requirements/zeromq.txt .

Versions Report

Checked for 2019.2.0 via pip, and on branch develop by inspecting the above file.

JanZerebecki added a commit to JanZerebecki/salt that referenced this issue Aug 5, 2019
pycrypto is unmaintained and has open security issues.

Fixes: saltstack#54115
@twangboy twangboy added Feature new functionality including changes to functionality and code refactors, etc. Core relates to code central or existential to Salt team-core labels Aug 6, 2019
@twangboy twangboy added this to the Approved milestone Aug 6, 2019
@twangboy twangboy assigned twangboy and JanZerebecki and unassigned twangboy Aug 6, 2019
JanZerebecki added a commit to JanZerebecki/salt that referenced this issue Aug 16, 2019
pycrypto is unmaintained and has open security issues.

Fixes: saltstack#54115
JanZerebecki added a commit to JanZerebecki/salt that referenced this issue Aug 17, 2019
pycrypto is unmaintained and has open security issues.

Fixes: saltstack#54115
@stale
Copy link

stale bot commented Jan 8, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

@stale stale bot added the stale label Jan 8, 2020
@sagetherage sagetherage added the Confirmed Salt engineer has confirmed bug/feature - often including a MCVE label Jan 9, 2020
@stale
Copy link

stale bot commented Jan 9, 2020

Thank you for updating this issue. It is no longer marked as stale.

@stale stale bot removed the stale label Jan 9, 2020
@OrangeDog
Copy link
Contributor

Note that OS packages (e.g. python3-crypto) should already have the security issues patched on currently-supported systems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Confirmed Salt engineer has confirmed bug/feature - often including a MCVE Core relates to code central or existential to Salt Feature new functionality including changes to functionality and code refactors, etc. ZRelease-Sodium retired label
Projects
None yet
4 participants