Date: Mon, 27 Jul 2020 15:43:41 -0400 From: "John W. O'Brien" <john@saltant.com> To: FreeBSD Python <freebsd-python@freebsd.org> Subject: security/py-pycryptodome: Soft dependency on devel/py-cffi Message-ID: <779685b4-2036-b128-da77-31a131d19951@saltant.com>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XWt9POXMgcztmH6KH0ccRnBavPl3k06bK Content-Type: multipart/mixed; boundary="RbhGfFZIJw0e9ZQ5oddTwGEZL5idnB4V4" --RbhGfFZIJw0e9ZQ5oddTwGEZL5idnB4V4 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Greetings FreeBSD Python, I have been mulling over a thing and would like the list's perspective before I decide whether to take action or not. security/py-pycryptodome will use devel/py-cffi if it is available [0] or ctypes otherwise [1]. This makes me just a little bit uneasy since it leaves the door open to certain Heisenbugs and red herrings. My question is whether it warrants adding devel/py-cffi to RUN_DEPENDS to ensure consistency behavior? If not, what about as an OPTION for those who care about that sort of thing? [0] https://github.com/Legrandin/pycryptodome/blob/v3.9.8/lib/Crypto/Util/_ra= w_api.py#L71-L161 [1] https://github.com/Legrandin/pycryptodome/blob/v3.9.8/lib/Crypto/Util/_ra= w_api.py#L163-L263 [2] https://en.wikipedia.org/wiki/Heisenbug --=20 John W. O'Brien OpenPGP keys: 0x33C4D64B895DBF3B --RbhGfFZIJw0e9ZQ5oddTwGEZL5idnB4V4-- --XWt9POXMgcztmH6KH0ccRnBavPl3k06bK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEUgT925O8rsvNs2oHIjgwc/pAJtYFAl8fLm1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDUy MDRGRERCOTNCQ0FFQ0JDREIzNkEwNzIyMzgzMDczRkE0MDI2RDYACgkQIjgwc/pA JtZyUggAvoVnYv4WqUUepLTSZfrGnJ+IcAo+J10ED9RGAD58+Tb7lHYo9oGOaWPQ NJg36sY7Dxh2oGFBdjV7m76JOzIa064svnQfKPgn+UHB6FrwbiPWOaXntfO9jm5j mj1iO8DoYqAmVhW37EQryc678qFDz43n2aNCFmtJycSffHTX0g6YxMcIoPXsLeiU hEOinZTPm7+qd8fgwmOr8pNmWOxqKNeYySy8gIZYujrtFEvx++JbrI94opnRUdkn dGtmkDPSFwwhoDlzd+O9ZRkIWgXQIoy6X3v5EpeMWYI0hs+Y5+XX/FGtw9+NXJ5a VCmH63TPZXwQKCnEphiZ1p47/EUMeA== =0f1Y -----END PGP SIGNATURE----- --XWt9POXMgcztmH6KH0ccRnBavPl3k06bK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?779685b4-2036-b128-da77-31a131d19951>