Re: Proposal: updated pyOpenSSL in the epel7-infra repository

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/19/2017 08:22 AM, Jeremy Cline wrote:
> Hey folks,
> 
> I'd like to propose that we build a newer version of pyOpenSSL for EL7.
> The version provided by base RHEL is 0.13.1. We need at least 16.1.0.
> 
> The motivation for this proposal is that at the moment, fedmsg has two
> implementations of message signing and verification. The first is based
> on M2Crypto and m2ext, while the second is based on cryptography and
> pyOpenSSL.
> 
> The reason there are two implementations is that M2Crypto does not
> support Python 3. Python 2 reaches end of life in 30 months. fedmsg is a
> dependency of nearly every Infrastructure application and thus it
> supporting Python 3 is critical so that we can start the process of
> supporting Python 3 in our applications.
> 
> In order to provide a Python 3 build of fedmsg for EL7, we need to build
> a newer pyOpenSSL. I reviewed the changelogs[0][1] and from what I can
> tell APIs were only extended until pyOpenSSL-17.1.0, at which point
> several backwards-incompatible changes were made. I believe we could
> safely update to 17.0.0 without breaking applications that depend on it.
> 
> I've made a small list of pros and cons to doing this:
 ...snip...

> What do people think? Is it worth the headache/risk?

Could we build the new pyOpenSSL/cryptography for epel7, but as python3
only? (so it doesn't override the base rhel one)?

I suppose that would force a massive amount of upfront porting to
python3 that would be difficult?

I guess I'd be ok doing this (we are kind of in a bad place, so none of
the choices are great), but we should get at least 3-4 of us to watch
commits on the fedora pyOpenSSL and cryptography to make sure we see
issues/bugs/updates as they happen?

kevin

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux