search

Demonware / jose

Python implementation of the Javascript Object Signing and Encryption (JOSE) framework (https://datatracker.ietf.org/wg/jose/charter/)
BSD 3-Clause "New" or "Revised" License
95 stars 34 forks source link

Unpin pycrypto. Bump version. #1

Closed kuba closed 9 years ago

kuba commented 9 years ago

Package versions in Python packages (especially libraries) should not be pinned down. Two specific reasons why jose shouldn't do it:

  1. It doesn't look like it uses any specific functionality of version pycrypto 2.6. On the other hand it causes serious compatibility problems: pkg_resources.VersionConflict: pycrypto 2.6.1 is installed but pycrypto==2.6 is required by ['jose']
  2. pycrypto 2.6.1 fixes an important security bug.

Please merge and upload new package to PyPI. Thanks :)

jdkasten commented 9 years ago

agree :+1:

demianbrecht commented 9 years ago

Thanks for the report and apologies for the delayed reply, the change has been made as suggested and rolled in with our 0.2.1 release, which will be uploaded to PyPI shorly.