Fix RandomPool Depreciation Warning from pycrypto
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bazaar |
Confirmed
|
Medium
|
Unassigned | ||
paramiko (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
See bug #249765 in PyCrypto
$ bzr pull
Using saved parent location: bzr+ssh:
/usr/lib/
RandomPool_
No revisions to pull.
$ bzr --version
Bazaar (bzr) 2.3b3
Python interpreter: /usr/bin/python 2.6.6
Python standard library: /usr/lib/python2.6
Platform: Linux-2.
bzrlib: /usr/lib/
Bazaar configuration: /home/tdlk/.bazaar
Bazaar log file: /home/tdlk/.bzr.log
$ dpkg-query -W bzr
bzr 2.3.0~beta3-
----
To summarize this for Ubuntu: maverick's paramiko always gives this warning because it uses an old api in pycrypto. (I presume the same is true in natty.) There is no actual bug as such, because Ubuntu has a newer pycrypto. There is no upstream paramiko fix for this and the upstream is unresponsive. We would like to apply in the package a fix that will update it to use the new api so there is no warning.
Related branches
visibility: | private → public |
description: | updated |
tags: | added: paramiko |
Changed in bzr: | |
importance: | High → Medium |
security vulnerability: | yes → no |
This is caused by having a new PyCrypto but not a new Paramiko. Paramiko was using an api in PyCrypto that they strongly deprecated in new code.
IIRC, this has already been documented, and somebody submitted a patch upstream, but paramiko hasn't responded yet (a month or two later).
Maybe we just need to push that into the ppa?