summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2016-12-26 19:49:27 -0500
committerLeo Famulari <leo@famulari.name>2016-12-26 19:51:54 -0500
commit1194575b3c44969e4f68cd10a62e6ed8603e39b4 (patch)
treeac06dbe97062fcca86ecebb3b4c4e2cf309027e3
parent4de2a710a6a309a1601f1cf6fc15b9b638d3a3cb (diff)
downloadguix-1194575b3c44969e4f68cd10a62e6ed8603e39b4.tar.gz
gnu: python-pycrypto: Add TODO "removal" comment.
* gnu/packages/python.scm (python-pycrypto, python2-pycrypto): Add
comment.
-rw-r--r--gnu/packages/python.scm8
1 files changed, 7 insertions, 1 deletions
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 2ddd1198e8..dd3ef8f9a8 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -907,7 +907,13 @@ Python 3 support.")
 (define-public python2-setuptools
   (package-with-python2 python-setuptools))
 
-
+;;; Pycrypto is abandoned upstream [0] and contains at least one bug that can be
+;;; exploited to achieve arbitrary code execution [1].
+;;;
+;;; TODO Remove this package from GNU Guix.
+;;;
+;;; [0] https://github.com/dlitz/pycrypto/issues/173
+;;; [1] https://github.com/dlitz/pycrypto/issues/176
 (define-public python-pycrypto
   (package
     (name "python-pycrypto")