1 |
On 2/8/2021 12:53 PM, Brian Evans wrote: |
2 |
> On 2/8/2021 6:19 AM, Michał Górny wrote: |
3 |
>> Hi, |
4 |
>> |
5 |
>> FYI the developers of dev-python/cryptography decided that Rust is going |
6 |
>> to be mandatory for 1.5+ versions. It's unlikely that they're going to |
7 |
>> provide LTS support or security fixes for the old versions. |
8 |
>> |
9 |
>> Since cryptography is a very important package in the Python ecosystem, |
10 |
>> and it is an indirect dependency of Portage, this means that we will |
11 |
>> probably have to entirely drop support for architectures that are not |
12 |
>> supported by Rust. |
13 |
>> |
14 |
> |
15 |
> For the portage indirect dependency, can it be swapped for pycurl? |
16 |
> |
17 |
> AFAICT, it is just used to pull GPG sigs in gemato via dev-python/requests. |
18 |
> |
19 |
> This at least would at least keep the arches in question with some |
20 |
> support but not necessarily all of python world until a clearer plan can |
21 |
> be made. |
22 |
> |
23 |
> Brian |
24 |
> |
25 |
|
26 |
After discussion in #gentoo-dev and simple chroot testing, it seems like |
27 |
dev-python/requests nor dev-python/urlllib3 needs |
28 |
dev-python/cryptography at all (when run with stable Python, tested with |
29 |
3.8). So unless there's a really good reason outside of gemato sync, |
30 |
this looks to be a non-issue for portage and more of a dependency fix. |
31 |
|
32 |
Brian |