awwad
commented
5 years ago This will be resolved when Uptane switches to the use of the main TUF repository (theupdateframework/tuf), which dropped pycrypto some time ago.
Open awwad opened 6 years ago
awwad
commented
5 years ago This will be resolved when Uptane switches to the use of the main TUF repository (theupdateframework/tuf), which dropped pycrypto some time ago.
PyCrypto is long-outdated and we need to remove support for it. TUF (and securesystemslib) has already removed PyCrypto support and uses only cryptography and I need to follow suit here. Ideally, I'd rather merge the TUF codebase first (so that Uptane is no longer using a TUF fork). Currently, that work is being held up by ASN.1 issues.
PyCrypto has security vulnerabilities that were recently documented here.