On 05/09/2013 10:18 AM, Toshio Kuratomi wrote:
On Thu, May 09, 2013 at 07:22:13AM -0400, Stephen Gallagher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 05/08/2013 06:49 PM, Orion Poplawski wrote:
>> On 05/08/2013 03:54 PM, Pádraig Brady wrote:
>>>
>>> I added a workaround patch for that in openstack-glance:
>>>
http://pkgs.fedoraproject.org/cgit/openstack-glance.git/plain/crypto.rand...
>>>
>>>
>>>
>>>
> thanks,
>>> Pádraig.
>>
>> Thanks for that suggestion. Here is my proposed patch for
>> python-ssh then. Comments welcome.
>>
>> Silas -
>>
>> I can commit this to the el6 branch if you'd like. Or I could
>> commit to master and merge to el6 depending on how you track spec
>> files across the branches. Or perhaps you want to take care of
>> it?
>>
>
> /dev/urandom is not cryptographically sound. From the manpage:
>
[snip]
From pypi:
"""
This library originated as a fork of the Paramiko library, and has now been
merged back into it. All fixes and features that were released or developed
under the 'ssh' name have been incorporated into Paramiko! Please switch your
dependencies to Paramiko 1.8.0 or newer.
"""
* RHEL6 has paramiko-1.7.5 but perhaps the API is similar enough for the
package you're really after.
[snip]
Thanks Toshio for reminding me of this. I came across it before, but it
didn't sink in.
The latest git version of StarCluster has gone back to using paramiko, so I'm
using that version on EL6 as well. It passes basic tests, so hopefully it
will be compatible.
I'm trying to retire python-ssh as it is dead now.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion(a)nwra.com
Boulder, CO 80301
http://www.nwra.com