On ke, 29 huhti 2020, Lumir Balhar wrote:
> On 4/29/20 10:31 AM, Paul Howarth wrote:
>> Hi Lumir,
>>
>> On Wed, 29 Apr 2020 07:35:43 +0200
>> Lumir Balhar <lbalhar(a)redhat.com> wrote:
>>
>>> Hello.
>>>
>>> I'd like to switch python-dns crypto backend from pycryptodomex and
>>> ecdsa to python-cryptography. Upstream already did the same in master
>>> branch:
https://github.com/rthalley/dnspython/pull/449
>>>
>>> But, because python2-cryptography is not available in Fedora anymore,
>>> this change will disable DNSSEC functionality in python2-dns. There
>>> are only two packages depending on python2-dns: mailman and
>>> trac-spamfilter-plugin. I did a check and rebuild of both of them and
>>> it seems that they both work with the new version and there is no
>>> usage of DNSSEC in their codebases. COPR:
>>>
https://copr.fedorainfracloud.org/coprs/lbalhar/dns/
>>>
>>> PR:
https://src.fedoraproject.org/rpms/python-dns/pull-request/5
>>>
>>> If you think we should not merge the PR, let us know rather sooner
>>> than later.
>> No objections from me (trac-spamfilter-plugin maintainer); it uses
>> python-dns for IP blacklist lookups and I wouldn't be surprised if
>> mailman did the same.
> Great!
>> On the other hand, maybe the crypto backend could be changed for Python
>> 3 and not for the Python 2 version? I would hope that the Python 2
>> version wouldn't need to be maintained for too much longer anyway.
> That would mean either ship two different codebases from one SRPM
> (python-dns) or create a new SRPM just for python2-dns and use old
> codebase there. The first one is (in my opinion) a bad idea and would
> make the spec file ugly. Second solution is kinda lot of work for
> nothing. So I hope nobody will be affected by missing DNSSEC in
> python2-dns :)
Could you please add a sentence like 'Note this library has no DNSSEC
support' to python2-dns subpackage description?
I will. Good catch. Thank you!