hagenest
commented
3 months ago I suppose we should replace it with hashlib?
Closed link2xt closed 3 months ago
hagenest
commented
3 months ago I suppose we should replace it with hashlib?
link2xt
commented
3 months ago Maybe we should switch to https://pypi.org/project/legacycrypt/ instead. This is what was proposed in https://github.com/deltachat/chatmail/pull/49 or we can even just revert that PR.
hagenest
commented
3 months ago ah, if we already use that, sure! I was thinking that maybe passlib would be an option too, but best to keep dependencies low.
hagenest
commented
3 months ago wait, we are doing our crypto with a random library with 2 github stars? Maybe we should use passlib instead? It's recommended in the crypt docs: https://docs.python.org/3/library/crypt.html
link2xt
commented
3 months ago Yes, passlib is probably better. Or doveadm that we already have, i.e. reverting https://github.com/deltachat/chatmail/pull/49 Calling doveadm should be somewhat cheap because we only do this when user is created, for logging in there is no need to call a subprocess.
hpk42
commented
3 months ago I am not sure this whole crypt->passlib or other mechanism is really worth it. Chatmail is based on debian 12, and that uses python 3.11. By the time debian packages python 3.13 and we switch to debian 13 or so, we might have ported our python code to Rust already. So i suggest to close both this issue and the PR, and revisit it next year, or in the context of a Debian 13 upgrade of chatmail.
missytake
commented
3 months ago Who knows, maybe there is a better crypt replacement then.
hagenest
commented
3 months ago yeah, makes sense I guess
missytake
commented
3 months ago So i suggest to close both this issue and the PR, and revisit it next year, or in the context of a Debian 13 upgrade of chatmail.
We're still working on it because it is basically finished and only the CI is broken. If we realize it is not actually finished we will probably close it.
cryptis removed in Python 3.13 which is currently in beta.