Bug 248712

Summary: security/py-stem: Replace security/py-pycrypto with security/py-cryptography
Product: Ports & Packages Reporter: John W. O'Brien <john>
Component: Individual Port(s)Assignee: Carlo Strub <cs>
Status: Open ---    
Severity: Affects Only Me CC: cs, freebsd, koobs, python
Priority: --- Keywords: buildisok, needs-qa
Version: LatestFlags: john: maintainer-feedback? (cs)
john: merge-quarterly?
Hardware: Any   
OS: Any   
URL: https://stem.torproject.org/change_log.html#version-1-6-november-5th-2017
See Also: https://github.com/patrickod/stem/pull/2
Bug Depends on:    
Bug Blocks: 248438    
Description Flags
security/py-stem: Replace pycrypto with cryptography koobs: maintainer-approval+

Description John W. O'Brien 2020-08-17 22:58:03 UTC
Created attachment 217292 [details]
security/py-stem: Replace pycrypto with cryptography


*   Replace security/py-pycrypto DEPENDS with security/py-cryptography


portlint: OK
poudriere: OK -- testport on 12.1R amd64 w/py27, py35, py36, py37 (default), py38


See also:

Upstream changelog for 1.6

Trac ticket
Comment 1 Automation User 2020-09-02 00:09:45 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/184571205
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2020-09-20 11:38:51 UTC
Comment on attachment 217292 [details]
security/py-stem: Replace pycrypto with cryptography

Approved by: portmgr (maintainer timeout: > 2 weeks)

Pending QA)
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2020-09-20 11:39:20 UTC
@John Can you provide some additional text for the commit log message which explains the 'why' of the dependency change. Thanks!
Comment 4 John W. O'Brien 2020-09-20 13:06:51 UTC
(In reply to Kubilay Kocak from comment #3)

pycrypto appears to be abandonware. The project has not released a new version since October 2013, and there have been no new commits to the official github repo [0] since June 2014. As noted in the issue description, the Stem project has deprecated pycrypto as an optional dependency and integrated with cryptography as its preferred replacement.

[0] https://github.com/pycrypto/pycrypto
Comment 5 John W. O'Brien 2020-10-01 04:14:00 UTC
(In reply to Kubilay Kocak from comment #2)
When you say this is approved "Pending QA", I am not sure what that means, and I worry that it dissuades potential committers who might otherwise take action to commit this patch. I reported positive portlint and poudriere results in the PR description, and the CI/CD machinery for which we have @swills to thank set "buildisok". The bar is too high. It is also unspecific.

What steps could I possibly take to move things along? What would satisfy "needs-qa"? What is missing here?
Comment 6 Rob LA LAU 2021-01-09 13:55:43 UTC
Actually, the Stem FAQ explicitly states that Stem does not have any dependencies; it will use cryptography if it is available, but it does not depend on it. So maybe it would be best to just delete the dependency.

If you decide to depend on a crypto package anyway, I can confirm that it works with security/py-pycryptodome as well (and pycrypto and pycryptodome conflict).
Comment 7 Carlo Strub freebsd_committer 2021-01-24 19:41:28 UTC
Agreed. Maybe it is best to remove the dependency.