From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35792) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eJNs4-0002TW-Ek for guix-patches@gnu.org; Mon, 27 Nov 2017 13:11:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eJNry-0003H9-H6 for guix-patches@gnu.org; Mon, 27 Nov 2017 13:11:08 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:52536) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eJNry-0003Gm-7L for guix-patches@gnu.org; Mon, 27 Nov 2017 13:11:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eJNrx-0000as-SY for guix-patches@gnu.org; Mon, 27 Nov 2017 13:11:01 -0500 Subject: [bug#29415] [PATCH] gnu: python-axolotl: Update to 0.1.39 and fix build. Resent-Message-ID: Date: Mon, 27 Nov 2017 13:09:59 -0500 From: Leo Famulari Message-ID: <20171127180959.GC20970@jasmine.lan> References: <87y3mw3go1.fsf@vany.ca> <20171125000952.GA17061@jasmine.lan> <87vahvvkb2.fsf@vany.ca> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3siQDZowHQqNOShm" Content-Disposition: inline In-Reply-To: <87vahvvkb2.fsf@vany.ca> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Adam Van Ymeren Cc: 29415@debbugs.gnu.org --3siQDZowHQqNOShm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Nov 27, 2017 at 10:00:01AM -0500, Adam Van Ymeren wrote: > Leo Famulari writes: > There is also a pull request pending from someone else that updates > pyton-axolotl to use a newer python cryptography library rather than the > deprecated python-pycrypto library. That would also fix this issue and > is a much better long term fix but also a more intrusive change. I noticed that as well. Pycrypto is no longer maintained and has an extremely serious bug that was never fixed in a released version: https://github.com/dlitz/pycrypto/issues/176 And the author seems to implicitly agree that people should stop using it: https://github.com/dlitz/pycrypto/issues/173 So I added a TODO comment to the package, saying that we should remove it: https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/python-crypto.scm?id=12a130b0118c3f56e6337e011dc4a89f2671359a#n186 So, I recommend being careful how you use any package that depends on pycrypto. --3siQDZowHQqNOShm Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlocVPcACgkQJkb6MLrK fwg1WA//R/FWAjD3ED95cDKMD/44Qpn6VR1KJFwzugtAh0p/z6aSyPYtu7bYRSyt EIzdI4kGqHmfiOTOYvr5UFQZIxmEYARccsyNmU/7E5HQKDkPA1IWU/7ucoSeg4rD 2e5kO+APzVRqhhPZqygyorr2qDNqBYVGaVJNmIcaduOoVOBxnhMoci9GI+CUbLXq 7lqp/JdjCoiN1bY0IZeyR5OdxmcZ89IKNQ5XEFX1lrIjCE/AQceTo7/URMeF12S2 7NUa4pdFPIH/cKM5Aed+k81QJaW9/yX3nxAL3coqmdaDznwN+cQ0vLrPrrwOg3yZ Li5KAEMRDxE6rNtLzhWp61SqE29o7bbcGouN2mVQtOxG6ZeI85NLl/xXBAdcNRfx OmqnUFEsCUzhYXFl2lGmrZFmM1kQiZ9UM8OwfbmDmNygcfLKjlDJq170G+bPqjeh sp6VFiE0Qa18Zn0IF8KEt2UJt6HTvfs2SDX2Dome6MS/R8d/0djOb1XF64iuBJZX X2HHgrmd5xrMAa/w47/v7S8/vxCvUnMdQ5/P1waV6AewtJIDZNtTClcNIq4YKFkV Q8IT9T5nmT0n5TLQWeJGZiUAeyVLBZ36yQ370iFRRIz6/0jG7bFBUie34hXgifZy o6SfZQgrqIoX441mqdjPety2PKe+zGn52sqBndXc+C/bFDtQIiA= =ShtK -----END PGP SIGNATURE----- --3siQDZowHQqNOShm--