#openstack-meeting-alt log

09:59:56 <tonyb> #startmeeting requirements
09:59:57 <openstack> Meeting started Wed Mar  8 09:59:56 2017 UTC and is due to finish in 60 minutes.  The chair is tonyb. Information about MeetBot at http://wiki.debian.org/MeetBot.
09:59:58 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
10:00:00 <openstack> The meeting name has been set to 'requirements'
10:00:15 <tonyb> Oh phooey 4seconds early
10:00:25 <prometheanfire> for shame
10:00:49 <tonyb> sigmavirus,  number80, coolsvap, toabctl
10:00:55 <tonyb> sigmavirus,  number80, coolsvap, toabctl: ping
10:01:05 <tonyb> #topic rollcall
10:01:24 <tonyb> I'm pretty sure dirk is on leave this week so we don't have him
10:01:27 <tonyb> anyone else?
10:04:26 <tonyb> #topic Any controversies in the Queue?
10:04:51 <tonyb> Well the queue is a bit of a mess after PBR, pyparsing and oslo
10:05:02 <tonyb> but I think it's coming good
10:05:06 <prometheanfire> yep
10:05:16 <prometheanfire> not exactly a contraversy
10:05:28 <tonyb> Yeah
10:05:55 <tonyb> The things that are becoming challenging are eventlet and webob
10:06:09 <tonyb> no one is driving them so they're just stagnating
10:06:27 <prometheanfire> true
10:06:46 <prometheanfire> come monday should we just do eventlet?
10:06:56 <prometheanfire> that was the first one we were targeting right?
10:06:56 <tonyb> prometheanfire: we can't
10:07:17 <tonyb> we have known issues in $projects and the fixes aren;t merging
10:07:24 <tonyb> same for webob
10:07:30 <prometheanfire> ah, right, the deps
10:07:36 <tonyb> Yeah
10:07:46 <prometheanfire> ya, that'd need to happen first
10:08:16 <prometheanfire> I'm good at badgering people into submission
10:08:28 <prometheanfire> will see what I can do maybe
10:08:41 <tonyb> I'll post to the mailing list
10:08:53 <prometheanfire> k
10:09:42 <tonyb> I'd like to find an ownr for each of them
10:10:05 <tonyb> if they're not in by M2 then they're not going in IMO
10:10:22 <prometheanfire> ya
10:11:32 <tonyb> next is kombu/amqp
10:11:46 <tonyb> we just laned kombu4 but it breaks windows
10:11:50 <tonyb> there is a review up
10:11:58 <tonyb> https://review.openstack.org/#/c/443032
10:12:06 <tonyb> but it needs work to be mergeable
10:12:18 <prometheanfire> k
10:12:59 <prometheanfire> ya, it hard caps
10:13:08 <tonyb> https://review.openstack.org/#/c/443032/3
10:13:13 <tonyb> fixed
10:13:21 <prometheanfire> https://launchpad.net/openstack/+milestone/pike-2 is june 5 btw
10:14:19 <tonyb> prometheanfire: Yeah sounds about right
10:15:27 <tonyb> Once that has a +1 from claudiub can you shepard it?
10:15:41 <prometheanfire> sure
10:16:50 <tonyb> prometheanfire: Thanks
10:17:02 <tonyb> #topic How to we crypto
10:17:35 <tonyb> prometheanfire: what's the haps with pycrypto vs pycryptome and possibly pyca/cryptography ?
10:17:36 <prometheanfire> I haven't looked yet, but I suspect there are still projects out there using pycrypto
10:18:06 <prometheanfire> since upstream is dead now, they need to move to preferably cryptography, but at least to pycryptome
10:18:32 <prometheanfire> pycrypto already had one hard to backport cve
10:18:41 <prometheanfire> in january
10:19:13 <tonyb> prometheanfire: is the switch from pycrypto -> pycryptome trivial?
10:19:52 <prometheanfire> I think so
10:19:53 <tonyb> they exist in thr same namespace right? are they mostly API compatible?
10:20:52 <prometheanfire> both?
10:20:59 <prometheanfire> pycryptome is kinda odd
10:21:54 <tonyb> and we're capping pysaml2 because it has to stay compatible with pycrypto but pycryptome works with pysaml2>=4 ?
10:22:19 <prometheanfire> pycryptodomex is an alt install method
10:23:10 <prometheanfire> a drop-in replacement for the old PyCrypto library. You install it with:
10:23:13 <prometheanfire> pip install pycryptodome
10:23:17 <prometheanfire> a library independent of the old PyCrypto. You install it with:
10:23:17 <prometheanfire> pip install pycryptodomex
10:23:30 <prometheanfire> https://github.com/Legrandin/pycryptodome
10:23:40 <prometheanfire> just something to read up on for next week
10:24:47 <prometheanfire> next?
10:24:48 <tonyb> Yeah the transition is going to be a massive PITA
10:25:10 <tonyb> because it's all or nothing and I don't know how to ensure that
10:25:27 <prometheanfire> yep
10:25:56 <prometheanfire> pycrypto's dead, long live pycrypto
10:26:06 <prometheanfire> or
10:26:13 <prometheanfire> just move to cryptography
10:26:51 <tonyb> prometheanfire: Sure but how do we *do* the switch from pycrypto to pycryptome
10:27:26 <prometheanfire> that, I'm not sure
10:27:35 <tonyb> prometheanfire: how do we ensure atmonically that 14 repos switch
10:27:38 <prometheanfire> something for the list maybe
10:28:07 <tonyb> prometheanfire: Yeah that's the thing I'm worried about ... if they're API compatible then Meh it's the switch that's hard
10:28:08 <prometheanfire> it doesn't have to be atomic if they are switching to cryptography
10:28:27 <prometheanfire> does if switching to pycryptome
10:28:30 <tonyb> prometheanfire: Sure but that's a *much* bigger change
10:28:34 <prometheanfire> yep
10:28:40 <prometheanfire> I'm aware
10:28:47 <prometheanfire> guess I'll send out that email
10:29:00 <tonyb> I guess I'll poke the PTLs of the affected projects
10:29:10 <tonyb> see if it's on the TODO list
10:29:26 <tonyb> I had great plans of helping with that kinda of work but we don
10:29:42 <tonyb> t have as many people willing to do that as I'd hoped for
10:30:07 <tonyb> unny barbican uses both ;P
10:30:38 <prometheanfire> wat
10:30:46 <tonyb> Yeah
10:30:47 <prometheanfire> maybe they are switching?
10:31:03 <tonyb> prometheanfire: more like they use it for differnt things
10:31:18 <prometheanfire> ya
10:32:02 <prometheanfire> so, have my todo list
10:32:16 <tonyb> ok
10:32:30 <prometheanfire> go to bed now? :D
10:32:38 <tonyb> Yeah
10:32:53 <tonyb> Thanks
10:32:59 <tonyb> #enmeeting
10:32:59 <prometheanfire> heh, np
10:33:06 <tonyb> #endmeeting