2335258 – Review Request: python-pycryptodome - Cryptographic library for Python

Bug 2335258 - Review Request: python-pycryptodome - Cryptographic library for Python

Summary: Review Request: python-pycryptodome - Cryptographic library for Python

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	Package Review
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody's working on this, feel free to take it
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://www.pycryptodome.org
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-01-02 13:39 UTC by W. Michael Petullo
Modified:	2025-01-06 19:52 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2025-01-06 19:52:10 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description W. Michael Petullo 2025-01-02 13:39:17 UTC

Spec URL: https://www.flyn.org/SRPMS/python-pycryptodome.spec
SRPM URL: https://www.flyn.org/SRPMS/python-pycryptodome-3.21.0-1.fc41.src.rpm
Description: Cryptographic library for Python
Fedora Account System Username: mikep

Comment 1 Fedora Review Service 2025-01-02 13:46:10 UTC

Copr build:
https://copr.fedorainfracloud.org/coprs/build/8463880
(succeeded)

Review template:
https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2335258-python-pycryptodome/fedora-rawhide-x86_64/08463880-python-pycryptodome/fedora-review/review.txt

Found issues:

- A package with this name already exists. Please check https://src.fedoraproject.org/rpms/python-pycryptodome
  Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/Naming/#_conflicting_package_names

Please know that there can be false-positives.

---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.

Comment 2 Miro Hrončok 2025-01-02 17:46:56 UTC

Beware of bz1756505.

Comment 3 Elliott Sales de Andrade 2025-01-03 07:31:42 UTC

Are you sure angr uses this? I don't see any mention of it directly.

Comment 4 W. Michael Petullo 2025-01-03 14:06:42 UTC

Python angr requires cle, which requires cart, which requires pycryptodome, I think.

Regarding comment #2, the pycrypto website states "PyCrypto 2.x is unmaintained, obsolete, and contains security vulnerabilities." That same website recommends pycryptodome as an alternative.

Comment 5 Miro Hrončok 2025-01-03 14:29:33 UTC

(In reply to W. Michael Petullo from comment #4)
> Regarding comment #2, the pycrypto website states "PyCrypto 2.x is
> unmaintained, obsolete, and contains security vulnerabilities." That same
> website recommends pycryptodome as an alternative.

I am not saying which is better. I am saying there is a conflict and it needs to be explicitly handled.

Comment 6 Mohamed El Morabity 2025-01-03 16:00:20 UTC

Hello,

Fedora already provides the python-pycryptodomex package, built from the same upstream sources as your package, but with a different namespace to avoid conflicts. This namespace is provided and supported by upstream, making it a reliable alternative. It should be straightforward to patch angr to use pycryptodomex.

Comment 7 Mohamed El Morabity 2025-01-03 16:05:36 UTC

See also bz1370919

Comment 8 W. Michael Petullo 2025-01-06 19:52:10 UTC

I am dropping this review. Instead, I modified my proposed python-cart package to use the existing python-pycryptodomex package. I also asked about formally replacing python-crypto with python-pycryptodome:

https://lists.fedoraproject.org/archives/list/python-devel@lists.fedoraproject.org/thread/UTH7MYUQSSZGN2MPQNGCHLWHDMHDNCQH/

Thank you, Mohamed, for pointing out the existence of python-pycryptodomex.

Note You need to log in before you can comment on or make changes to this bug.