[Bug 1695899] Re: [MIR] python-scrypt, python-bcrypt
Tyler Hicks
tyhicks at canonical.com
Wed Jun 28 18:18:10 UTC 2017
I was hoping that I could quickly ack, from a security review
standpoint, python-bcrypt since I already acked it in bug 1427861.
However, the project has significantly changed since that review. The
bcrypt backend has changed from Openwall's implementation to OpenBSD's
implementation. Test vectors have also changed. I don't think this
package will require a really close look but it is going to require a
closer look than what I had anticipated.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-scrypt in Ubuntu.
https://bugs.launchpad.net/bugs/1695899
Title:
[MIR] python-scrypt, python-bcrypt
Status in python-bcrypt package in Ubuntu:
New
Status in python-scrypt package in Ubuntu:
New
Bug description:
>python-scrypt<
[Availability]
In universe
[Rationale]
keystone: Support new hashing algorithms for securely storing password hashes
[Security]
[Quality assurance]
Package has not been well maintained in Debian; Python 3 support and new upstream release + misc package polish applied in Ubuntu.
Package runs test suite for all python versions as part of build.
[Dependencies]
In main.
[Standards compliance]
OK
[Maintenance]
ubuntu-openstack
>python-bcrypt<
[Availability]
In universe
[Rationale]
keystone: Support new hashing algorithms for securely storing password hashes
[Security]
[Quality assurance]
Package well maintained in Debian; Minor point release in Ubuntu over Debian unstable.
Package runs test suite for all python versions as part of build.
[Dependencies]
In main.
[Standards compliance]
OK
[Maintenance]
ubuntu-openstack
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-bcrypt/+bug/1695899/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list