Skip to content

Pin cryptography to 3.3.2 #2377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Bibo-Joshi wants to merge 1 commit into from
Closed

Pin cryptography to 3.3.2 #2377

Bibo-Joshi wants to merge 1 commit into from

Conversation

@Bibo-Joshi
Copy link
Member

@Bibo-Joshi Bibo-Joshi commented Feb 9, 2021

See #2372

I propose to leave #2372 open and give the cryptography time to figure out their plans for the future. As we need cryptography only for passports (and I've never met anyone acutally using those …) it's not a main security issue. Nevertheless I subscribed to the cryptography release channel to keep an eye on the changelog for security fixes.

If the situation is more clear in the future we can think about how we want to approach the issue.

@tsnoam Telegram GithubBot Revised
Copy link
Member

tsnoam commented Feb 9, 2021

@Bibo-Joshi In asyncio branch I've been using httpx which is using cryptography

@Bibo-Joshi Telegram GithubBot Revised
Copy link
Member Author

Bibo-Joshi commented Feb 10, 2021

@tsnoam Only for the tests apparently: https://github.com/encode/httpx/blob/master/requirements.txt#L19

@tsnoam Telegram GithubBot Revised
Copy link
Member

tsnoam commented Feb 10, 2021

@Bibo-Joshi Interesting. How do they perform https communications then?

Need to check.

@tsnoam Telegram GithubBot Revised
Copy link
Member

tsnoam commented Feb 10, 2021
edited
Loading

uh. using the standard ssl.
https://github.com/encode/httpx/blob/master/httpx/_types.py

ok.

@Bibo-Joshi Telegram GithubBot Revised
Copy link
Member Author

Bibo-Joshi commented Feb 10, 2021

@tsnoam Acutally the more convincing proof for "they only use it for tests" is here 😁

@Bibo-Joshi Bibo-Joshi mentioned this pull request Feb 13, 2021
Merged
@Bibo-Joshi
Copy link
Member Author

Bibo-Joshi commented Feb 13, 2021

Closing in favor of #2386

@Bibo-Joshi Bibo-Joshi closed this Feb 13, 2021
@Bibo-Joshi Bibo-Joshi deleted the crypto-dep branch February 13, 2021 10:49
@github-actions github-actions bot locked and limited conversation to collaborators Feb 14, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Bibo-Joshi @tsnoam