On Donnerstag, 2. November 2017 10:01:51 Todd Rme wrote:
pycrypro  is an important package, used by a wide
variety of python
packages for cryptography. It is also totally unmaintained, having
seen no releases or commits since 2014.
There is a well-maintained fork that uses the same namespace,
pycryptodome . However, although it is the same in most cases,
there are a few places where the API differs . And although it is
mostly backwards-compatible, it is not forwards-compatible, adding a
bunch of new APIs that packages that depend on it directly may use.
The problem is that more and more packages are now depending directly
on pycroptodome rather than pycrypto at install time, and since the
two use the same namespace they are not co-installable, so trying to
install a package that depends on it results in conflicts with large
parts of the python software stack.
Well, pycryptodome comes in two flavours, one sharing the namespace with
pycrypto, and one stand alone one.
So we need to make a decision how we are going to
handle the situation.
The simplest, but also riskiest, solution would be to have the
pycroptodome package provide/obsolete pycrypto, and have package that
require the old API depend on the old pycrypto version number (so
pycrypto < 3). But I doubt all of these packages have unit tests,
which means we could have breakage.
Given, that the majority of incompatibilities have security implications, I
vote for the simplest solution, that I do follow since I entered the
I.o.w, the fallout must be fixed or abandoned anyway...
To unsubscribe, e-mail: opensuse-packaging+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-packaging+owner(a)opensuse.org