|Summary:||security/py-stem: Replace security/py-pycrypto with security/py-cryptography|
|Product:||Ports & Packages||Reporter:||John W. O'Brien <john>|
|Component:||Individual Port(s)||Assignee:||Carlo Strub <cs>|
|Severity:||Affects Only Me||CC:||cs, freebsd, koobs, python|
|Bug Depends on:|
Description John W. O'Brien 2020-08-17 22:58:03 UTC
Created attachment 217292 [details] security/py-stem: Replace pycrypto with cryptography Changelog ========= * Replace security/py-pycrypto DEPENDS with security/py-cryptography QA == portlint: OK poudriere: OK -- testport on 12.1R amd64 w/py27, py35, py36, py37 (default), py38 Notes ===== See also: Upstream changelog for 1.6 https://stem.torproject.org/change_log.html#version-1-6-november-5th-2017 Trac ticket https://trac.torproject.org/projects/tor/ticket/21086
Comment 1 Automation User 2020-09-02 00:09:45 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/184571205
Comment 2 Kubilay Kocak 2020-09-20 11:38:51 UTC
Comment on attachment 217292 [details] security/py-stem: Replace pycrypto with cryptography Approved by: portmgr (maintainer timeout: > 2 weeks) Pending QA)
Comment 3 Kubilay Kocak 2020-09-20 11:39:20 UTC
@John Can you provide some additional text for the commit log message which explains the 'why' of the dependency change. Thanks!
Comment 4 John W. O'Brien 2020-09-20 13:06:51 UTC
(In reply to Kubilay Kocak from comment #3) pycrypto appears to be abandonware. The project has not released a new version since October 2013, and there have been no new commits to the official github repo  since June 2014. As noted in the issue description, the Stem project has deprecated pycrypto as an optional dependency and integrated with cryptography as its preferred replacement.  https://github.com/pycrypto/pycrypto
Comment 5 John W. O'Brien 2020-10-01 04:14:00 UTC
(In reply to Kubilay Kocak from comment #2) When you say this is approved "Pending QA", I am not sure what that means, and I worry that it dissuades potential committers who might otherwise take action to commit this patch. I reported positive portlint and poudriere results in the PR description, and the CI/CD machinery for which we have @swills to thank set "buildisok". The bar is too high. It is also unspecific. What steps could I possibly take to move things along? What would satisfy "needs-qa"? What is missing here?
Comment 6 Rob LA LAU 2021-01-09 13:55:43 UTC
Actually, the Stem FAQ explicitly states that Stem does not have any dependencies; it will use cryptography if it is available, but it does not depend on it. So maybe it would be best to just delete the dependency. https://stem.torproject.org/faq.html#does-stem-have-any-dependencies If you decide to depend on a crypto package anyway, I can confirm that it works with security/py-pycryptodome as well (and pycrypto and pycryptodome conflict).
Comment 7 Carlo Strub 2021-01-24 19:41:28 UTC
Agreed. Maybe it is best to remove the dependency.