yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1224638] Re: Consider not using oauth2

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1224638@xxxxxxxxxxxxxxxxxx>
Date: Thu, 12 Sep 2013 19:19:18 -0000
Reply-to: Bug 1224638 <1224638@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: New => Opinion

** Changed in: keystone
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1224638

Title:
  Consider not using oauthlib rather than oauth2

Status in OpenStack Identity (Keystone):
  Opinion

Bug description:
  Hi

  Recently oauth2 was added as a dependency in the following commit:

  https://github.com/openstack/keystone/commit/bcaa3072f37d3af3f9d526f18f311411ceeae160

  However it seems there are some issues with the usage of oauth2:

  - It is more than 2 years old
  - There are security concerns with the usage of oauth2, these were brought up in:

  https://bugs.launchpad.net/ubuntu/+source/python-oauth2/+bug/1213934

  More details can be found at:

  http://www.openwall.com/lists/oss-security/2013/09/12/5

  Please consider using oauthlib instead of oauth2. If you have any
  questions please let me know.

  Regards
  chuck

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1224638/+subscriptions