Created attachment 217292 [details] security/py-stem: Replace pycrypto with cryptography Changelog ========= * Replace security/py-pycrypto DEPENDS with security/py-cryptography QA == portlint: OK poudriere: OK -- testport on 12.1R amd64 w/py27, py35, py36, py37 (default), py38 Notes ===== See also: Upstream changelog for 1.6 https://stem.torproject.org/change_log.html#version-1-6-november-5th-2017 Trac ticket https://trac.torproject.org/projects/tor/ticket/21086
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/184571205
Comment on attachment 217292 [details] security/py-stem: Replace pycrypto with cryptography Approved by: portmgr (maintainer timeout: > 2 weeks) Pending QA)
@John Can you provide some additional text for the commit log message which explains the 'why' of the dependency change. Thanks!
(In reply to Kubilay Kocak from comment #3) pycrypto appears to be abandonware. The project has not released a new version since October 2013, and there have been no new commits to the official github repo [0] since June 2014. As noted in the issue description, the Stem project has deprecated pycrypto as an optional dependency and integrated with cryptography as its preferred replacement. [0] https://github.com/pycrypto/pycrypto
(In reply to Kubilay Kocak from comment #2) When you say this is approved "Pending QA", I am not sure what that means, and I worry that it dissuades potential committers who might otherwise take action to commit this patch. I reported positive portlint and poudriere results in the PR description, and the CI/CD machinery for which we have @swills to thank set "buildisok". The bar is too high. It is also unspecific. What steps could I possibly take to move things along? What would satisfy "needs-qa"? What is missing here?
Actually, the Stem FAQ explicitly states that Stem does not have any dependencies; it will use cryptography if it is available, but it does not depend on it. So maybe it would be best to just delete the dependency. https://stem.torproject.org/faq.html#does-stem-have-any-dependencies If you decide to depend on a crypto package anyway, I can confirm that it works with security/py-pycryptodome as well (and pycrypto and pycryptodome conflict).