09:59:56 #startmeeting requirements 09:59:57 Meeting started Wed Mar 8 09:59:56 2017 UTC and is due to finish in 60 minutes. The chair is tonyb. Information about MeetBot at http://wiki.debian.org/MeetBot. 09:59:58 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 10:00:00 The meeting name has been set to 'requirements' 10:00:15 Oh phooey 4seconds early 10:00:25 for shame 10:00:49 sigmavirus, number80, coolsvap, toabctl 10:00:55 sigmavirus, number80, coolsvap, toabctl: ping 10:01:05 #topic rollcall 10:01:24 I'm pretty sure dirk is on leave this week so we don't have him 10:01:27 anyone else? 10:04:26 #topic Any controversies in the Queue? 10:04:51 Well the queue is a bit of a mess after PBR, pyparsing and oslo 10:05:02 but I think it's coming good 10:05:06 yep 10:05:16 not exactly a contraversy 10:05:28 Yeah 10:05:55 The things that are becoming challenging are eventlet and webob 10:06:09 no one is driving them so they're just stagnating 10:06:27 true 10:06:46 come monday should we just do eventlet? 10:06:56 that was the first one we were targeting right? 10:06:56 prometheanfire: we can't 10:07:17 we have known issues in $projects and the fixes aren;t merging 10:07:24 same for webob 10:07:30 ah, right, the deps 10:07:36 Yeah 10:07:46 ya, that'd need to happen first 10:08:16 I'm good at badgering people into submission 10:08:28 will see what I can do maybe 10:08:41 I'll post to the mailing list 10:08:53 k 10:09:42 I'd like to find an ownr for each of them 10:10:05 if they're not in by M2 then they're not going in IMO 10:10:22 ya 10:11:32 next is kombu/amqp 10:11:46 we just laned kombu4 but it breaks windows 10:11:50 there is a review up 10:11:58 https://review.openstack.org/#/c/443032 10:12:06 but it needs work to be mergeable 10:12:18 k 10:12:59 ya, it hard caps 10:13:08 https://review.openstack.org/#/c/443032/3 10:13:13 fixed 10:13:21 https://launchpad.net/openstack/+milestone/pike-2 is june 5 btw 10:14:19 prometheanfire: Yeah sounds about right 10:15:27 Once that has a +1 from claudiub can you shepard it? 10:15:41 sure 10:16:50 prometheanfire: Thanks 10:17:02 #topic How to we crypto 10:17:35 prometheanfire: what's the haps with pycrypto vs pycryptome and possibly pyca/cryptography ? 10:17:36 I haven't looked yet, but I suspect there are still projects out there using pycrypto 10:18:06 since upstream is dead now, they need to move to preferably cryptography, but at least to pycryptome 10:18:32 pycrypto already had one hard to backport cve 10:18:41 in january 10:19:13 prometheanfire: is the switch from pycrypto -> pycryptome trivial? 10:19:52 I think so 10:19:53 they exist in thr same namespace right? are they mostly API compatible? 10:20:52 both? 10:20:59 pycryptome is kinda odd 10:21:54 and we're capping pysaml2 because it has to stay compatible with pycrypto but pycryptome works with pysaml2>=4 ? 10:22:19 pycryptodomex is an alt install method 10:23:10 a drop-in replacement for the old PyCrypto library. You install it with: 10:23:13 pip install pycryptodome 10:23:17 a library independent of the old PyCrypto. You install it with: 10:23:17 pip install pycryptodomex 10:23:30 https://github.com/Legrandin/pycryptodome 10:23:40 just something to read up on for next week 10:24:47 next? 10:24:48 Yeah the transition is going to be a massive PITA 10:25:10 because it's all or nothing and I don't know how to ensure that 10:25:27 yep 10:25:56 pycrypto's dead, long live pycrypto 10:26:06 or 10:26:13 just move to cryptography 10:26:51 prometheanfire: Sure but how do we *do* the switch from pycrypto to pycryptome 10:27:26 that, I'm not sure 10:27:35 prometheanfire: how do we ensure atmonically that 14 repos switch 10:27:38 something for the list maybe 10:28:07 prometheanfire: Yeah that's the thing I'm worried about ... if they're API compatible then Meh it's the switch that's hard 10:28:08 it doesn't have to be atomic if they are switching to cryptography 10:28:27 does if switching to pycryptome 10:28:30 prometheanfire: Sure but that's a *much* bigger change 10:28:34 yep 10:28:40 I'm aware 10:28:47 guess I'll send out that email 10:29:00 I guess I'll poke the PTLs of the affected projects 10:29:10 see if it's on the TODO list 10:29:26 I had great plans of helping with that kinda of work but we don 10:29:42 t have as many people willing to do that as I'd hoped for 10:30:07 unny barbican uses both ;P 10:30:38 wat 10:30:46 Yeah 10:30:47 maybe they are switching? 10:31:03 prometheanfire: more like they use it for differnt things 10:31:18 ya 10:32:02 so, have my todo list 10:32:16 ok 10:32:30 go to bed now? :D 10:32:38 Yeah 10:32:53 Thanks 10:32:59 #enmeeting 10:32:59 heh, np 10:33:06 #endmeeting