bzr-windows team mailing list archive

[Gordon Tyler <gordon@xxxxxxxxx>]

On 18/12/2009 2:06 PM, John Arbash Meinel wrote:
> Gordon Tyler wrote:
>> On 17/12/2009 8:49 PM, John Arbash Meinel wrote:
>>> #1) The new way of doing it in Pycrypto is still 'beta' and so there
>>> aren't even packages you can install using "easy_install pycrypto" (I
>>> would guess you could download the tarball and install from source.)
>>>
>>> But do you *really* want to ship the 'beta' version of a crypto library
>>> with the rest of your code?
> 
>> I bundled PyCrypto 2.1.0 in with the Mac installer for 2.1.0b4. The
>> 2.0.3 installer still uses PyCrypt 2.0.1. Should I not be using PyCrypto
>> 2.1.0?
> 
>> Ciao,
>> Gordon
> 
> 
> Well, we can find out. :)
> 
> I *believe* that the deprecation warnings won't be shown to people,
> because the 'bzr' script sets all deprecation warnings to 'ignore' if
> the bzr version is 'final'. (So an official release, versus an
> in-progress release, etc.)
> 
> Except... 2.1.0b4 is 'beta' not 'final', so they'll get a big 'warning
> don't do this' anytime they access a bzr+ssh / sftp location.
> 
> You may want to try it and confirm my guess.

>From my Mac using the 2.1.0b4 installer:

/Library/Python/2.6/site-packages/Crypto/Util/randpool.py:40:
RandomPool_DeprecationWarning: This application uses RandomPool, which
is BROKEN in older releases.  See http://www.pycrypto.org/randpool-broken
  RandomPool_DeprecationWarning)

I can't try 2.0.3 until later though.

I saw this on my Windows bzr.dev install where I'm using PyCrypto 2.1.0
installed into my Python 2.6 site-packages. I had been poking around to
see what was required to fix it but it may be a bit out of my league.
Besides, that would mean we'd have to use a patched version of Paramiko
in our installers and would have to provide the patch for people
building from source.