Please eliminate the crypto-aes dependency (probably by moving to cryptonite) #37
Comments
|
I just found this while working on hledger-web GHC 9.6 compatibility. FWIW it looks as if clientsession's dependencies cprng-aes and crypto-random both fail to build with GHC 9.6, and both were last updated 8/9 years ago. So, +1 for moving off these. |
|
Ping |
|
Ping @snoyberg @meteficha : Looks like there is action required now to keep this package alive. What are your maintainer intentions with this package? |
|
I'm sorry I missed #36, but that PR is no longer a good option. cryptonite is no longer maintained either. Moving to crypton would in theory be acceptable. Keeping compat with existing encryption formats would be nice, but not strictly necessary. |
|
@snoyberg to reliably move to |
|
Fair point. OK, let's move ahead with this. I'll look it over now. |
|
I've merged the PR. I'm out of the house right now, I'll release once I'm back home. |
|
Thank you! |
|
clientsession-0.9.2.0 is now on Hackage. |
|
@avanov crypton-conduit now exists, so I think it would make sense to do the move now, given What do you think? |
|
@ysangkok I support the move as long as the respective encoders and decoders are b/w compatible with the previous implementation at the level of serialized values. |
For whatever reason (GHC upgrade?), crypto-aes has become incompatible with my CPU. As the package has been self-advertising as deprecated for years, it's probably not reasonable to patch it.
There are at least two PRs (#32, #36) to address this. Could we please get back to the conversation and move forward?
(Disclaimer: I'm the author of #36. I hadn't noticed the other one. Which, FWIW, now has conflicts. I don't care which one is chosen, or if we have to write yet another one with SystemDRG instead. Let's please just get this fixed.)
FWIW I've come to patch this because it breaks hledger-web. Other yesod apps probably impacted as well.
The text was updated successfully, but these errors were encountered: