Bug 248712

Summary:

security/py-stem: Replace security/py-pycrypto with security/py-cryptography

Product:

Ports & Packages

Reporter:

John W. O'Brien <john>

Component:

Individual Port(s)

Assignee:

Carlo Strub <cs>

Status:

Open ---

Severity:

Affects Only Me

CC:

cs, freebsd, koobs, python

Priority:

---

Keywords:

buildisok, needs-qa

Version:

Latest

Flags:

john: maintainer-feedback? (cs)
john: merge-quarterly?

Hardware:

Any

OS:

Any

URL:

https://stem.torproject.org/change_log.html#version-1-6-november-5th-2017

See Also:

https://github.com/patrickod/stem/pull/2
https://trac.torproject.org/projects/tor/ticket/21086

Bug Depends on:

Bug Blocks:

248438

Attachments:

Description	Flags
security/py-stem: Replace pycrypto with cryptography	koobs: maintainer-approval+

Description John W. O'Brien 2020-08-17 22:58:03 UTC

Created attachment 217292 [details]
security/py-stem: Replace pycrypto with cryptography

Changelog
=========

*   Replace security/py-pycrypto DEPENDS with security/py-cryptography


QA
==

portlint: OK
poudriere: OK -- testport on 12.1R amd64 w/py27, py35, py36, py37 (default), py38


Notes
=====

See also:

Upstream changelog for 1.6
https://stem.torproject.org/change_log.html#version-1-6-november-5th-2017

Trac ticket
https://trac.torproject.org/projects/tor/ticket/21086

Comment 1 Automation User 2020-09-02 00:09:45 UTC

Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/184571205

Comment 2 Kubilay Kocak freebsd_committer

2020-09-20 11:38:51 UTC

Comment on attachment 217292 [details]
security/py-stem: Replace pycrypto with cryptography

Approved by: portmgr (maintainer timeout: > 2 weeks)

Pending QA)

Comment 3 Kubilay Kocak freebsd_committer

2020-09-20 11:39:20 UTC

@John Can you provide some additional text for the commit log message which explains the 'why' of the dependency change. Thanks!

Comment 4 John W. O'Brien 2020-09-20 13:06:51 UTC

(In reply to Kubilay Kocak from comment #3)

pycrypto appears to be abandonware. The project has not released a new version since October 2013, and there have been no new commits to the official github repo [0] since June 2014. As noted in the issue description, the Stem project has deprecated pycrypto as an optional dependency and integrated with cryptography as its preferred replacement.

[0] https://github.com/pycrypto/pycrypto

Comment 5 John W. O'Brien 2020-10-01 04:14:00 UTC

(In reply to Kubilay Kocak from comment #2)
When you say this is approved "Pending QA", I am not sure what that means, and I worry that it dissuades potential committers who might otherwise take action to commit this patch. I reported positive portlint and poudriere results in the PR description, and the CI/CD machinery for which we have @swills to thank set "buildisok". The bar is too high. It is also unspecific.

What steps could I possibly take to move things along? What would satisfy "needs-qa"? What is missing here?

Comment 6 Rob LA LAU 2021-01-09 13:55:43 UTC

Actually, the Stem FAQ explicitly states that Stem does not have any dependencies; it will use cryptography if it is available, but it does not depend on it. So maybe it would be best to just delete the dependency.
https://stem.torproject.org/faq.html#does-stem-have-any-dependencies

If you decide to depend on a crypto package anyway, I can confirm that it works with security/py-pycryptodome as well (and pycrypto and pycryptodome conflict).

Comment 7 Carlo Strub freebsd_committer

2021-01-24 19:41:28 UTC

Agreed. Maybe it is best to remove the dependency.