Volker Braun wrote:
> IMHO we should just change flask-openid to not import these utility
> functions from pycrypto. I would have patched it myself if there were an
> easy way, but its a tarball inside the sagenb tarball...
Hmmm, so this should get fixed upstream sagenb?
While one could simply copy-paste those two functions and use them from
elsewhere (patching Flask-OpenID), it's unclear to me why pycrypto
issues the warning when importing /that/ module; the functions there
seem pretty unrelated, so patching pycrypto (and/or reporting it
upstream there) could still be an option.
(MPIR is not going to implement special functions safe w.r.t.
side-channel attacks.)
-leif
> On Sunday, June 8, 2014 5:16:47 PM UTC+1, leif wrote:
>
> Volker Braun wrote:
> > Neat, but the flask openid shouldn't and doesn't implement SSL using
> > pycrytpo. Looking at the source, what triggers the warning is
> >
> > from Crypto.Util.number import long_to_bytes, bytes_to_long
> >
> > which is used by flask-openid to serialize data to disk.
>
> Still, should we somehow silence the warning (probably by patching our
> pycrypto package further)?
>
> The easiest solution is of course to simply report this upstream... ;-)
>
> (MPIR 2.7.0.alpha4 still lacks mpz_powm_sec().)