[Python-Dev] Deprecate crypt module and revert PR 3854
Christian Heimes
christian at python.org
Sat Feb 3 06:27:29 EST 2018
On 2018-02-02 21:21, Nathaniel Smith wrote:
> On Feb 2, 2018 7:24 AM, "Christian Heimes" <christian at python.org
> <mailto:christian at python.org>> wrote:
>
> Shortly after the PR has landed, I was made aware that glibc has
> deprecated crypt(3) API [2] and favor of an external library called
> libxcrypt [3] from OpenWall Linux. I have patched Python 3.7 [4] to
> support libxcrypt.
>
> In light of deprecation of crypt(3) glibc function and bad quality of
> hashing algorithms, I'd like to raise the motion to revert 3854 and
> deprecate the crypt module. The whole module should be rather moved into
> 3rd party library that wraps xcrypt.
>
>
> If the crypt module can just as well use libxcrypt, and that's how the
> distros are going to build it, then what's the advantage of deprecating
> it? Won't it just continue to work indefinitely?
libxcrypt is now an external library that must be installed separately.
It bloats CPython's dependency tree and the size of Python container
images for a legacy feature.
For Python 4.0 I'd like to drop some of the old, dead batteries and
include include useful batteries.
Christian
More information about the Python-Dev
mailing list