From 1194575b3c44969e4f68cd10a62e6ed8603e39b4 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 26 Dec 2016 19:49:27 -0500 Subject: [PATCH] gnu: python-pycrypto: Add TODO "removal" comment. * gnu/packages/python.scm (python-pycrypto, python2-pycrypto): Add comment. --- gnu/packages/python.scm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 2ddd1198e8..dd3ef8f9a8 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -907,7 +907,13 @@ Python 3 support.") (define-public python2-setuptools (package-with-python2 python-setuptools)) - +;;; Pycrypto is abandoned upstream [0] and contains at least one bug that can be +;;; exploited to achieve arbitrary code execution [1]. +;;; +;;; TODO Remove this package from GNU Guix. +;;; +;;; [0] https://github.com/dlitz/pycrypto/issues/173 +;;; [1] https://github.com/dlitz/pycrypto/issues/176 (define-public python-pycrypto (package (name "python-pycrypto")