Hi Lumir, On Wed, 29 Apr 2020 07:35:43 +0200 Lumir Balhar <lbalhar(a)redhat.com&gt; wrote: > Hello. > > I'd like to switch python-dns crypto backend from pycryptodomex and > ecdsa to python-cryptography. Upstream already did the same in master > branch: https://github.com/rthalley/dnspython/pull/449 > > But, because python2-cryptography is not available in Fedora anymore, > this change will disable DNSSEC functionality in python2-dns. There > are only two packages depending on python2-dns: mailman and > trac-spamfilter-plugin. I did a check and rebuild of both of them and > it seems that they both work with the new version and there is no > usage of DNSSEC in their codebases. COPR: > https://copr.fedorainfracloud.org/coprs/lbalhar/dns/ > > PR: https://src.fedoraproject.org/rpms/python-dns/pull-request/5 > > If you think we should not merge the PR, let us know rather sooner > than later. No objections from me (trac-spamfilter-plugin maintainer); it uses python-dns for IP blacklist lookups and I wouldn't be surprised if mailman did the same.

On the other hand, maybe the crypto backend could be changed for Python 3 and not for the Python 2 version? I would hope that the Python 2 version wouldn't need to be maintained for too much longer anyway.

Paul.

On ke, 29 huhti 2020, Lumir Balhar wrote: > On 4/29/20 10:31 AM, Paul Howarth wrote: >> Hi Lumir, >> >> On Wed, 29 Apr 2020 07:35:43 +0200 >> Lumir Balhar <lbalhar(a)redhat.com&gt; wrote: >> >>> Hello. >>> >>> I'd like to switch python-dns crypto backend from pycryptodomex and >>> ecdsa to python-cryptography. Upstream already did the same in master >>> branch: https://github.com/rthalley/dnspython/pull/449 >>> >>> But, because python2-cryptography is not available in Fedora anymore, >>> this change will disable DNSSEC functionality in python2-dns. There >>> are only two packages depending on python2-dns: mailman and >>> trac-spamfilter-plugin. I did a check and rebuild of both of them and >>> it seems that they both work with the new version and there is no >>> usage of DNSSEC in their codebases. COPR: >>> https://copr.fedorainfracloud.org/coprs/lbalhar/dns/ >>> >>> PR: https://src.fedoraproject.org/rpms/python-dns/pull-request/5 >>> >>> If you think we should not merge the PR, let us know rather sooner >>> than later. >> No objections from me (trac-spamfilter-plugin maintainer); it uses >> python-dns for IP blacklist lookups and I wouldn't be surprised if >> mailman did the same. > Great! >> On the other hand, maybe the crypto backend could be changed for Python >> 3 and not for the Python 2 version? I would hope that the Python 2 >> version wouldn't need to be maintained for too much longer anyway. > That would mean either ship two different codebases from one SRPM > (python-dns) or create a new SRPM just for python2-dns and use old > codebase there. The first one is (in my opinion) a bad idea and would > make the spec file ugly. Second solution is kinda lot of work for > nothing. So I hope nobody will be affected by missing DNSSEC in > python2-dns :) Could you please add a sentence like 'Note this library has no DNSSEC support' to python2-dns subpackage description?