Bug 248712 - security/py-stem: Replace security/py-pycrypto with security/py-cryptography
Summary: security/py-stem: Replace security/py-pycrypto with security/py-cryptography
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Carlo Strub
URL: https://stem.torproject.org/change_lo...
Keywords: buildisok, needs-qa
Depends on:
Blocks: 248438
  Show dependency treegraph
 
Reported: 2020-08-17 22:58 UTC by John W. O'Brien
Modified: 2021-01-24 19:41 UTC (History)
4 users (show)

See Also:
john: maintainer-feedback? (cs)
john: merge-quarterly?

Attachments
security/py-stem: Replace pycrypto with cryptography (823 bytes, patch)
2020-08-17 22:58 UTC, John W. O'Brien 		koobs: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John W. O'Brien 2020-08-17 22:58:03 UTC 
Created attachment 217292 [details]
security/py-stem: Replace pycrypto with cryptography

Changelog
=========

*   Replace security/py-pycrypto DEPENDS with security/py-cryptography


QA
==

portlint: OK
poudriere: OK -- testport on 12.1R amd64 w/py27, py35, py36, py37 (default), py38


Notes
=====

See also:

Upstream changelog for 1.6
https://stem.torproject.org/change_log.html#version-1-6-november-5th-2017

Trac ticket
https://trac.torproject.org/projects/tor/ticket/21086
Comment 1 Automation User 2020-09-02 00:09:45 UTC 
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/184571205
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2020-09-20 11:38:51 UTC 
Comment on attachment 217292 [details]
security/py-stem: Replace pycrypto with cryptography

Approved by: portmgr (maintainer timeout: > 2 weeks)

Pending QA)
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2020-09-20 11:39:20 UTC 
@John Can you provide some additional text for the commit log message which explains the 'why' of the dependency change. Thanks!
Comment 4 John W. O'Brien 2020-09-20 13:06:51 UTC 
(In reply to Kubilay Kocak from comment #3)

pycrypto appears to be abandonware. The project has not released a new version since October 2013, and there have been no new commits to the official github repo [0] since June 2014. As noted in the issue description, the Stem project has deprecated pycrypto as an optional dependency and integrated with cryptography as its preferred replacement.

[0] https://github.com/pycrypto/pycrypto
Comment 5 John W. O'Brien 2020-10-01 04:14:00 UTC 
(In reply to Kubilay Kocak from comment #2)
When you say this is approved "Pending QA", I am not sure what that means, and I worry that it dissuades potential committers who might otherwise take action to commit this patch. I reported positive portlint and poudriere results in the PR description, and the CI/CD machinery for which we have @swills to thank set "buildisok". The bar is too high. It is also unspecific.

What steps could I possibly take to move things along? What would satisfy "needs-qa"? What is missing here?
Comment 6 Rob LA LAU 2021-01-09 13:55:43 UTC 
Actually, the Stem FAQ explicitly states that Stem does not have any dependencies; it will use cryptography if it is available, but it does not depend on it. So maybe it would be best to just delete the dependency.
https://stem.torproject.org/faq.html#does-stem-have-any-dependencies

If you decide to depend on a crypto package anyway, I can confirm that it works with security/py-pycryptodome as well (and pycrypto and pycryptodome conflict).
Comment 7 Carlo Strub freebsd_committer 2021-01-24 19:41:28 UTC 
Agreed. Maybe it is best to remove the dependency.