On 09/25/2017 10:12 AM, Jeremy Cline wrote: > On 09/20/2017 01:33 PM, Kevin Fenzi wrote: >> Could we build the new pyOpenSSL/cryptography for epel7, but as python3 >> only? (so it doesn't override the base rhel one)? > > We could do that. The only downsides I can really think of is it's > surprising to have different versions of the same library on Python 2 vs > Python 3, but since this is in our own repository I don't think that's a > big deal. I did think of an upside, which is that the m2crypto version of the validation code doesn't check that the CRL is signed by our CA, nor does it consider the expiration date, _and_ it rolls its own serial number lookup code[0]. All those issues would be addressed with an updated version of pyOpenSSL. [0] https://github.com/fedora-infra/fedmsg/blob/73425a97c2cf0ae2188f0964988f023269b4d583/fedmsg/crypto/x509.py#L159 -- Jeremy Cline XMPP: jeremy@xxxxxxxxxx IRC: jcline
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
