search

RedashCommunity / redash

The Community Led continuation of Redash. Make Your Company Data Driven. Connect to any data source, easily visualize, dashboard and share your data.
https://redash.community/
BSD 2-Clause "Simplified" License
37 stars 7 forks source link

Use pycryptodome instead of pycrypto #66

Closed Avey777 closed 1 year ago

Avey777 commented 1 year ago

It's time to consider replacing pycrypto, and I recommend using pycryptodome. Now we can start discussing.

requirements.txt
pycrypto==2.6.1

>>>>

requirements.txt
pycryptodome==3.18.0

-------------

pycryptodome

justinclift commented 1 year ago

What's the benefit for changing to pycryptodome? :smile:

Oh, I was misreading the Release history page for pycrypto. It's last release was in 2013, so nearly 10 years ago.

On that basis alone, I reckon you're right @Avey777. :smile:

Avey777 commented 1 year ago

What's the benefit for changing to pycryptodome? 😄

Oh, I was misreading the Release history page for pycrypto. It's last release was in 2013, so nearly 10 years ago.

On that basis alone, I reckon you're right @Avey777. 😄

Substituting pycryptodome==3.18.0 for pycrypto==2.6.1 locally, all my data runs normally without modifying the source code. However, it currently cannot pass our test suite, so a small modification may be needed in the code.

justinclift commented 1 year ago

Yeah. It'll probably need someone to investigate it and fix whatever the problem is.

Avey777 commented 1 year ago

I found that redash is already using cryptography==2.8. So, is it still necessary to continue using pycryptodome? Someone needs to look into this matter.

https://www.pycrypto.org/ image

Avey777 commented 1 year ago

@justinclift @junnplus I have searched the entire project and haven't found any usage of the pycrypto dependency other than in the requirements.txt file. Can I try removing this dependency?

justinclift commented 1 year ago

Sure, try it out in a PR. :smile: