[Bug 1695899] Re: [MIR] python-scrypt, python-bcrypt

Mathieu Trudel-Lapierre mathieu.tl at gmail.com
Thu Jul 13 00:21:57 UTC 2017 

Since Tyler mentioned it requires a review anyway, assigning to the
Security Team.

python-bcrypt has lintian warnings on the binary package:
W: python3-bcrypt: python-module-in-wrong-location usr/lib/python3.6/dist-packages/bcrypt/ usr/lib/python3/dist-packages/bcrypt/
W: python3-bcrypt: python-module-in-wrong-location usr/lib/python3.6/dist-packages/bcrypt/_bcrypt.abi3.so usr/lib/python3/dist-packages/bcrypt/_bcrypt.abi3.so
(These should be fixed)

There are also some warnings about missing bindnow for python-scrypt and
python3-scrypt; they might benefit being fixed, the Security Team can
further comment on that.

** Changed in: python-scrypt (Ubuntu)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Changed in: python-bcrypt (Ubuntu)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-scrypt in Ubuntu.
https://bugs.launchpad.net/bugs/1695899

Title:
  [MIR] python-scrypt, python-bcrypt

Status in python-bcrypt package in Ubuntu:
  New
Status in python-scrypt package in Ubuntu:
  New

Bug description:
  >python-scrypt<
  [Availability]
  In universe

  [Rationale]
  keystone: Support new hashing algorithms for securely storing password hashes

  [Security]

  [Quality assurance]
  Package has not been well maintained in Debian; Python 3 support and new upstream release + misc package polish applied in Ubuntu.

  Package runs test suite for all python versions as part of build.

  [Dependencies]
  In main.

  [Standards compliance]
  OK

  [Maintenance]
  ubuntu-openstack

  >python-bcrypt<
  [Availability]
  In universe

  [Rationale]
  keystone: Support new hashing algorithms for securely storing password hashes

  [Security]

  [Quality assurance]
  Package well maintained in Debian; Minor point release in Ubuntu over Debian unstable.

  Package runs test suite for all python versions as part of build.

  [Dependencies]
  In main.

  [Standards compliance]
  OK

  [Maintenance]
  ubuntu-openstack

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-bcrypt/+bug/1695899/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list