Closed link2xt closed 3 months ago
I suppose we should replace it with hashlib?
Maybe we should switch to https://pypi.org/project/legacycrypt/ instead. This is what was proposed in https://github.com/deltachat/chatmail/pull/49 or we can even just revert that PR.
ah, if we already use that, sure! I was thinking that maybe passlib would be an option too, but best to keep dependencies low.
wait, we are doing our crypto with a random library with 2 github stars? Maybe we should use passlib instead? It's recommended in the crypt docs: https://docs.python.org/3/library/crypt.html
Yes, passlib is probably better. Or doveadm that we already have, i.e. reverting https://github.com/deltachat/chatmail/pull/49 Calling doveadm should be somewhat cheap because we only do this when user is created, for logging in there is no need to call a subprocess.
I am not sure this whole crypt->passlib or other mechanism is really worth it. Chatmail is based on debian 12, and that uses python 3.11. By the time debian packages python 3.13 and we switch to debian 13 or so, we might have ported our python code to Rust already. So i suggest to close both this issue and the PR, and revisit it next year, or in the context of a Debian 13 upgrade of chatmail.
Who knows, maybe there is a better crypt replacement then.
yeah, makes sense I guess
So i suggest to close both this issue and the PR, and revisit it next year, or in the context of a Debian 13 upgrade of chatmail.
We're still working on it because it is basically finished and only the CI is broken. If we realize it is not actually finished we will probably close it.
crypt
is removed in Python 3.13 which is currently in beta.