Closed dumol closed 8 months ago
adiroiban
commented
1 year ago Does cryptography relase package on PyPI for all our supported platforms?
Including macOS m1?
If it does, then we can stop including it in pythia and chevah/server can just install it as a separate dependency (similar to what it does now with pyopenssl)
dumol
commented
1 year ago Yes, we stopped building cryptography altogether because of the Rust dependency. We now use the upstream wheels everywhere, starting with the 3.10 packages. There is a universal macOS wheel that also supports Apple Silicon processors like M1.
This is the whole idea of this issue, to stop including things not built in this repo, starting with cryptography. This would minimize the work needed in Pythia, e.g. no need to release new Pythia packages for every security update of cryptography.
adiroiban
commented
8 months ago I had to do some dev work on cryptography, and at least on Linux, installing the rust part was easy. There is a rustup tool to setup the rust environment.
dumol
commented
8 months ago It's easy on a modern system. It was basically not an option on RHEL 5, that's why we had to avoid it in python-package.
adiroiban
commented
8 months ago I see. thanks. for now, we should be ok. We can worry later :)
On a second thought, if we don't include
cryptography, then it can be installed and packaged with SFTPPlus as needed. Which would save us from re-releasing Pythia whenever there is acryptographysecurity update… Maybe useful after all?Originally posted by @dumol in https://github.com/chevah/pythia/issues/39#issuecomment-1503098629