1 |
W dniu 05.03.2017, nie o godzinie 17∶43 +0100, użytkownik Patrice |
2 |
Clement napisał: |
3 |
> Wednesday 01 Mar 2017 22:14:33, Michał Górny wrote : |
4 |
> > Hi, |
5 |
> > |
6 |
> > So here's a quick summary of what I've established so far about |
7 |
> > pycrypto/pycryptodome. |
8 |
> > |
9 |
> > pycrypto is abandoned and dead since 2013. It was forked into |
10 |
> > pycryptodome which is now maintained. The fork is partially compatible |
11 |
> > with pycrypto -- though some APIs were removed/replaced. From my quick |
12 |
> > experiments, every second random package I tried worked ;-). |
13 |
> > |
14 |
> > Now, pycryptodome has two modes of install. When it's installed as |
15 |
> > 'pycryptodome' it installs 'Crypto' Python package -- which is the same |
16 |
> > name as pycrypto used, and is therefore more compatible with packages |
17 |
> > using the latter. There is also the alternative 'pycryptodomex' mode |
18 |
> > which uses 'CryptoDome' namespace and does not collide with pycrypto. |
19 |
> > |
20 |
> > For an initial attempt, I've added dev-python/pycryptodome using |
21 |
> > the former mode since it was required by a revdep. But it also means |
22 |
> > that it blocks pycrypto, and therefore we need to start looking into |
23 |
> > adding compatibility with pycryptodome into more packages. |
24 |
> > |
25 |
> > The problem is, as usual, setuptools/pkg_resources magic. Because even |
26 |
> > if a particular app uses APIs that are compatible between the two |
27 |
> > packages, pkg_resources will reject to run an app that specifies |
28 |
> > 'pycrypto' as a dependency if pycryptodome is installed, and the other |
29 |
> > way around. From a quick look at the specification, those dependency |
30 |
> > specs don't really support any kind of any-of. |
31 |
> > |
32 |
> > That is, I think it is reasonable to assume that the only way forward |
33 |
> > upstream would be to replace the dependency with 'pycryptodome', |
34 |
> > and start requiring the latter. |
35 |
> > |
36 |
> > As for Gentoo, I think the sanest way forward would be to live with |
37 |
> > that. Start testing packages with pycryptodome. If they don't use |
38 |
> > pkg_resources and API compatibility can be achieved, add || ( |
39 |
> > pycryptodome[...] pycrypto[...] ) if supported. If that is not possible, |
40 |
> > a revbump switching to pycryptodome would be reasonable. |
41 |
> > |
42 |
> > After all, we don't really have many revdeps [1] to port. |
43 |
> > |
44 |
> > Any other ideas? |
45 |
> > |
46 |
> > [1]:https://qa-reports.gentoo.org/output/genrdeps/rindex/dev-python/pycrypto |
47 |
> > |
48 |
> > -- |
49 |
> > Best regards, |
50 |
> > Michał Górny |
51 |
> |
52 |
> Hi Michal |
53 |
> |
54 |
> Thanks for the detailed report and for working on that. |
55 |
> |
56 |
> I was wondering how you want to go about revbumping those deps. Would you be |
57 |
> keen on reviewing a PR which rev bumps a few packages from your list? |
58 |
> |
59 |
|
60 |
Sure, as long as you have tested them properly. In some cases, passing |
61 |
tests should be enough; in other cases, you would have to actually |
62 |
figure out where pycrypto is used and trigger it. |
63 |
|
64 |
-- |
65 |
Best regards, |
66 |
Michał Górny |