-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[TECH DEBT] Cryptography APIs #63066
Comments
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. |
The |
As the upstream maintainer of M2Crypto, I would highly encourage this package be moved from it and more towards |
Description of the tech debt to be addressed, include links and screenshots
Looking into the cryptographic APIs that are used throughout the code base I noticed
pycryptodomex
is a hard dependency andM2Crypto
is apparently not. The reason to bring this up is that, for example, in salt/crypt.pyM2Crytpo
is favoured overCryptodome
.Also in modules like TLS pyOpenSSL is used instead of
pyca/cryptography
, as recommended by the Python Cryptographic Authority.Would it make sense to use just one cryptography library to reduce maintenance cost?
pyca/cryptography
seems to have a more thriving community and more activity thanM2Crypto
.The text was updated successfully, but these errors were encountered: