From owner-freebsd-python@freebsd.org Mon Jul 27 19:43:53 2020 Return-Path: Delivered-To: freebsd-python@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 42AD736D924 for ; Mon, 27 Jul 2020 19:43:53 +0000 (UTC) (envelope-from john@saltant.com) Received: from twaddle.saltant.net (twaddle.saltant.net [72.78.188.147]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BFqxM4kyzz4Gvl for ; Mon, 27 Jul 2020 19:43:51 +0000 (UTC) (envelope-from john@saltant.com) Received: from statler.priv.n.saltant.net (unknown [IPv6:2001:470:8d6f:0:8c97:772f:8512:811d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by twaddle.saltant.net (Postfix) with ESMTPSA id 6A5CBF6E4 for ; Mon, 27 Jul 2020 15:43:45 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=saltant.com; s=twaddle; t=1595879025; bh=2ivzx2lHinwOOniiRODNJSKx3I+KSYNgaSU72huIwVQ=; h=To:From:Subject:Date; b=FAvDXCJY6uQilUy1bgAe3Jn+Tz9eYZEmLzGa3uDOS8JsHjcAsDgj4FJDa0oxFaiGf cc+CbqOLw/GRukPw5I/wfwuAzEhB+uG+R8+kSyN2ERWnO+Qv/GcWS4SMT5HkRn5s/I 5WfibJA5wgBzzrHM0pCNOJVGvupsyQxcgvRgwVsLGBi6iQygtU+4fJEOR/Ly9CN6JH vNftDh1DJyfqWx+vfAriY8Ov8873eAPeoERk9Z+ATsOcpt74rWGQ3s1Ii4xdTI/yJz 1BrpgXomdWC7ALwwmVr+gw8cZNWEsV+SJj1A3p6WP7i2a7AStIFMBxmEHM4351jXgS W44H7xVYeJWrw== To: FreeBSD Python From: "John W. O'Brien" Subject: security/py-pycryptodome: Soft dependency on devel/py-cffi Autocrypt: addr=john@saltant.com; prefer-encrypt=mutual; keydata= mQINBFpcMG0BEACeAEQ0ZTUEH+6B8XIBid2H8g1yY+niHxVphqz8JwnQtYX+bS+Kl3vr783F HH81DEbfPtYgHY53NF9FjSzCyj13lXVnEGQOdxXzZVKsN1nyuXCN2hDOFH7Yc5yQ8h85T4Hv sqPIGIXOztu4MX14iUAcTgLhfibNQBeKDeNI+BBeaE9lPuNVeiM+xsI4JYcjmDbjFzAHRpBo ull0koUFh6RZAKE7u17yLej1pTIQQVjQpWdK37BAq4hdkLwjGDY8mDGo3ZwGdNibxIAxv/wi KU6u2DfUg8+kLHIhOqk/+kFQ/uK5YA1azsyD5eIbNAs4W7LglA6SkiGBglTwkP0VCrkPdD14 6sx3U7uFgexDWbVuhLIkcPQ0SRmnjgUKHgk7px/jMvAPKSKoL0JQNdP/+pnO9CDLGmoHx9gE 5kVr5dQK8c/WauEfimAdE9qLuN6vb0Iei73q3e3OOHAUusR5wC5SwXt4iilbaK4r04NKXyfb SB3+qWST07F9cmMscfEStSBhpez3awB+1jz8gr40tkEGsFZGvD2KKAgZdKpoxv6IrZepclWz HpqHF01SRFORYMsd1d83XlEu/S1/Z9YJ87RoCdZuYCkjnoRPtpTi9d+JD/u3ZiQFwLUz/Ne3 VqiGKvY66EGcO3tvANMg6GWD9sqlnBDp9Lls0ChEY3dgDYd6DQARAQABtCJKb2huIFcuIE8n QnJpZW4gPGpvaG5Ac2FsdGFudC5jb20+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB Ah4BAheAFiEENPkbBr3zmPAVSH2HM8TWS4ldvzsFAlpcMTMFCQX2qcYACgkQM8TWS4ldvztT xQ//eHb1mgd40Z0fN2GnJti6/9uJ771IO6slFQ02GZcXZI+FIQo8Yd1dHe0e0Codu78qvJNr ggUtqdxH6SVp7K1AWHeLH5S0PF6iG5B+YUux080wEv/Mr8PPMgAD8gS3wiPDDgB/kUXO52bn DC3Fc0dUrFE/JAOByVEEDL5nLF6SQNpAtIUnaAIIuhKxi0d40LMcLUwuJ6jExynw8Iu7OVtu Y1PRAH5ESt6wYZq8ro8ukh4rMOxiWtT1yNEgHgnq3N4jKErVo87YJijHSSj80IKxUiKb/T6K tGTEBTKiSUV3OFj0ZoPxcbUmhIg2sBCNHaUCiI0KabqN1NyK2glKtcK6NpWy3JIHvtr3+VL1 /tvQTwlVUIacmsuxkGzm5vJPs/i2RtwsJXEXPmIRNgJ1EwZgpg5VqqEUDlmSyRLb48QcDrdv utKLA1MKLib1fD+0XmxZTbCMlFMlvJjAoBlVq60mvB/Jnv1TTnZ2eN6DKMWoxHKmPICh5F1q esmT/aJRIUoCiAgcChi4Ol4XmW3dM7ypjKCGHzyr6emCky5pjqSQZyFzg0RN5UjUQBISAGmJ E8hCFZIy7tf8meqIDbtkONh+JShN6u3t02JrnzSOQjZCh5WQW9Pnu7unJlIsYB10aZ6rvuAK YjghT8QLG8QVgJj/U9oeVG1Ag60fmLZdOFjRGmm5AQ0EXiI+pwEIAN/gCLz555dMl/I+kul4 ptLPm5oe0Yxp6pMI81+p8qJY6HoDlkHN/eB88FvaX1eQR6tTJu9kEHc0nnqjtj7M9kMm6ujb hXjTDY+EFck9V5XDV9eaHUvsDujq/srxHtpFtsWZRUiseTrtcKBt5yfrDlIvNPW/F1rtuHuH 7gIvB8rgBWwyO0v8/ZPfCDwV6zqCZ6TWT9hGzvODdSZN6gQipIrLvz2RFhtJ4+a8QCCBJpzl nWKKZmfmTiPElDM/POIwyO4pn2Hr0aSV4q1wShtwYhPpF3BvwTB59BqmyoW82oYk6ymokooU h1gsCs6D9hzX/jFCkbX0ywwW2jDEjYj04fMAEQEAAYkDcgQYAQoAJhYhBDT5Gwa985jwFUh9 hzPE1kuJXb87BQJeIj6nAhsCBQkFo5qAAUAJEDPE1kuJXb87wHQgBBkBCgAdFiEEUgT925O8 rsvNs2oHIjgwc/pAJtYFAl4iPqcACgkQIjgwc/pAJtYjKggAndvnwqRinsemX5KhK9MOdgNM SqhWHqNuuh3YaL7NK1lwMCubXgBag4LcOXZQ2m09bgtoXcbPh5g+ZPeqPGF28vaw6mU79dzU 2xkVC+456lBlU5VvmSNGXCGEVoRuMSQ4sT/GVvq2CJd4wUXxyaeqoqDXQGU1rspKsRroA0tJ RrCJOO1fs0hC7Ft4xx3nOwuxpE2Hp94g1zFA/MQs6SXjRiKJ7hOAPLIDIc79ZbPTc1YFxThd L1G27lq2ZtIuYuxiqdrhfTTe5cKFkm84FKSz+lhBNb3JiVb0ulnR2Bfi0lOxJ91b3dMLtuiu Du7wqHZax5FVQVJFIQpVvSJ+FZSnn91hD/91TeM+aR0zFq0BnkDBkt5X/tMuRm0IzkOLxjY4 Bi4y7e2N4CX1XklPybVW3QieiBRlfN2D7OhhHeXZk9rXzpCN/CC0aq4C/hfzLdOCcz7KaAFP dWZCH7xKPQUcIZyjHG7hx+M/5VKg86tiVln6gxEWNJp9+H+V2k04DH9b3UQ+aCXerbmIn7f8 dfHYOjPSXnmfso8rNSH8AOH5qrJp7VTTuxEYmt5yUc34GsVRUrj7wg/LHX3AMM5ZtAbHorYB lRZruleEzrJXbvb5/WbB4s8rHeA9IA7tXKNz83p7L8MaJ2LaJS/DeiwgrMpMUcbprgv9ejDw RO7P/jmvvRcnOADhfQBUmK1C+N6pzPX5gMUjYInH9T1JeIbh0kHrviAvHW8FYIcZSt3jKiM6 ZQNEuyv1wjpYULDfz/P1rHl1wq3RqYyO+o5rrIhyq4DDsNvvFAvifwFFoUv/eWOyhhd7zewv 0hVHcKIxHIPy7F+QSG1pOpedNEHKJBe7kxFuKA0/3r0I1fA0qJaISCtjRytv3mJVdE8SzVj1 J3B76AB+VChcr+VDLC4kQYtclMe50eoLCmwB1Y+c6QItIu6u8G9LNtTaTDorhtKHU+XM5/k6 wgmrC699KBxvM+oNbOfz3KDsZ4owIpBsBvMax8EW/ws78fnsHCi7tOdqrGl0xUG9+z7XI7kC DQReIj7QARAAyNbQ/m2GgioxKzPr73JEWHFMGUJbCka5lPtoO82qpb/NIRr6Ii+7e5TljOek hdueLNyiDJBxc9BK5v1BC/0aI+5TWrlB5oZGRZl1Qa3a8x9FH8Rya4fD0dfmQGarmu91vfgb MrBQrYGfwsZiS8MiT/ytJ1NzjHBXm1TMczZYYL7i5JSgqTNDqamBJODVa3lipKP9FY9XX/T3 cQEi7B1Om+8xgm87PtqsXr7fFyb2l84fnUv3g5Glznpfqk5Poshm5leJm/SVKkZZKfyo1P5+ BKi2zGAsLXgFbl6jiEnRIjyawpMuKaFclmBH8riuQGNK0wEeyqo9WlUY+WU3HUyE/fQ3h5Tk 80q+tT6wj7JQ8ywt4EAnIrJN/ik0H2ShthzAzWzAnZ5evQqXfhNIGD0LLJ1TglGyOYuqrSny g81lfjvhSLJqCCwILEBe1n3gITwTnpYMJu6DNk06xJJ9B4Oz8GLGTUWZcPafWAbzk5GZTf2N cSpxOqQV8/u2goMULyzXCzGrtB6YfDM/adZOAvpWad2qTgcpxpHALWY6T9aiKDIiURDJf04P 8X8xfzcc8ZFtGH+PwLDXMdeviMaPzfRTfvwn+LYuHY+liu0dlZa40SUx/9ugECSFcvPgTOEB SI/FoR2PwgcOauvY6AJ1HONsir8spMgcM5JgBqfIbcdsE4kAEQEAAYkCPAQYAQoAJhYhBDT5 Gwa985jwFUh9hzPE1kuJXb87BQJeIj7QAhsMBQkFo5qAAAoJEDPE1kuJXb87j9AP/0jvvPR0 8yAtQgzSb3A99LcsY3Zl+QGNZYkmdb0/C8feRMw9CUb6a/6liaj7CCKwadSULiVWSuMP3zT3 5Vit+2W/5GuO6C4fmOyeXquCi8qamhTG+orZYBw0dy3s1MhrfRwbQkDjWEoG2BbztPbCY5ZP VYGZU+sIwQhEyco+ddv+RL8o7gFDf58nNOgdi03Plsv2N+JpPaU6uoZy4hfzMY/PMhlWaO32 qM0HLyOuojB+RDPZ7oKQbwyavH6YHPcF/aix0DArvCh7nwW0CR/B5YgwD7FtTgE9ZcTof7am IR0ZVQ40kCyanLXp/qHiY9mR0g8Ggy9/rGA5fUsu1/ugyvJPBU/usmQfz3TcTNiuefVrh+Xh cuTc5dDP0d2MHfnKPxnj9F9+9sjJIgD1TbMDtbDhhCw3xkRnR3tbXM2hfDm2CyGKsCYIqDhb Isguy0R5IoW4gL2fHztgtFu3kvYbd45QUuopJhqK/fyRPaEhDx0FE2/jhYdFPJo90DmqL5Pm LJPsa12ActP1cArwAeXFLejxsjfTZeQ49Ww7GK2ZXnoEXFp5fmy2zoCUy12f9245Hvx8ea2y Z9nB+f1CWOPLRctjUqqBWXyQI1cErN9lhJIaCbDFGs61JOBzgFq2q+VnYtWmUJzOtGOGcEfX Nckeve7ALaUiFxGje9zepN2d/xKj Message-ID: <779685b4-2036-b128-da77-31a131d19951@saltant.com> Date: Mon, 27 Jul 2020 15:43:41 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="XWt9POXMgcztmH6KH0ccRnBavPl3k06bK" X-Rspamd-Queue-Id: 4BFqxM4kyzz4Gvl X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=saltant.com header.s=twaddle header.b=FAvDXCJY; dmarc=none; spf=pass (mx1.freebsd.org: domain of john@saltant.com designates 72.78.188.147 as permitted sender) smtp.mailfrom=john@saltant.com X-Spamd-Result: default: False [-4.85 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[saltant.com:s=twaddle]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:72.78.188.144/29]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-python@freebsd.org]; DMARC_NA(0.00)[saltant.com]; HAS_ATTACHMENT(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.01)[-1.009]; NEURAL_HAM_MEDIUM(-1.02)[-1.018]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[saltant.com:+]; NEURAL_HAM_SHORT(-0.23)[-0.226]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; ASN(0.00)[asn:701, ipnet:72.78.0.0/16, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-python@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: FreeBSD-specific Python issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jul 2020 19:43:53 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XWt9POXMgcztmH6KH0ccRnBavPl3k06bK Content-Type: multipart/mixed; boundary="RbhGfFZIJw0e9ZQ5oddTwGEZL5idnB4V4" --RbhGfFZIJw0e9ZQ5oddTwGEZL5idnB4V4 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Greetings FreeBSD Python, I have been mulling over a thing and would like the list's perspective before I decide whether to take action or not. security/py-pycryptodome will use devel/py-cffi if it is available [0] or ctypes otherwise [1]. This makes me just a little bit uneasy since it leaves the door open to certain Heisenbugs and red herrings. My question is whether it warrants adding devel/py-cffi to RUN_DEPENDS to ensure consistency behavior? If not, what about as an OPTION for those who care about that sort of thing? [0] https://github.com/Legrandin/pycryptodome/blob/v3.9.8/lib/Crypto/Util/_ra= w_api.py#L71-L161 [1] https://github.com/Legrandin/pycryptodome/blob/v3.9.8/lib/Crypto/Util/_ra= w_api.py#L163-L263 [2] https://en.wikipedia.org/wiki/Heisenbug --=20 John W. O'Brien OpenPGP keys: 0x33C4D64B895DBF3B --RbhGfFZIJw0e9ZQ5oddTwGEZL5idnB4V4-- --XWt9POXMgcztmH6KH0ccRnBavPl3k06bK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEUgT925O8rsvNs2oHIjgwc/pAJtYFAl8fLm1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDUy MDRGRERCOTNCQ0FFQ0JDREIzNkEwNzIyMzgzMDczRkE0MDI2RDYACgkQIjgwc/pA JtZyUggAvoVnYv4WqUUepLTSZfrGnJ+IcAo+J10ED9RGAD58+Tb7lHYo9oGOaWPQ NJg36sY7Dxh2oGFBdjV7m76JOzIa064svnQfKPgn+UHB6FrwbiPWOaXntfO9jm5j mj1iO8DoYqAmVhW37EQryc678qFDz43n2aNCFmtJycSffHTX0g6YxMcIoPXsLeiU hEOinZTPm7+qd8fgwmOr8pNmWOxqKNeYySy8gIZYujrtFEvx++JbrI94opnRUdkn dGtmkDPSFwwhoDlzd+O9ZRkIWgXQIoy6X3v5EpeMWYI0hs+Y5+XX/FGtw9+NXJ5a VCmH63TPZXwQKCnEphiZ1p47/EUMeA== =0f1Y -----END PGP SIGNATURE----- --XWt9POXMgcztmH6KH0ccRnBavPl3k06bK--