On 10/02/14 05:57, Thomas Goirand wrote: > On 02/10/2014 02:41 AM, Iain R. Learmonth wrote: > [...] > > python-oauth2 is indeed not maintained anymore upstream, and has > security problems. As a consequence, I worked out a patch for keystone > so that it uses oauthlib instead. I would recommend that you do the > same, and that you do not rely on oauth2. Note that the API of oauthlib > is different from oauth2, even though they are supposed to do the same > kind of thing. > Cool. Thanks everyone for your help. I'm going to ask upstream if they'll consider moving to oauthlib then instead of python-oauth2. Iain. -- urn:x-human:Iain R. Learmonth http://iain.learmonth.me/ mailto:irl@fsfe.org xmpp:irl@jabber.fsfe.org tel:+447875886930 GPG Fingerprint: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49 Please verify out-of-band before trusting with sensitive information. [[[ To any GCHQ or other security service agents reading my email: ]]] [[[ Please consider if any professional body code of conduct to ]]] [[[ which you subscribe requires you to follow Snowden's example. ]]] [[[ Your professional membership, chartered or incorporated status ]]] [[[ may be at risk. ]]]
Attachment:
signature.asc
Description: OpenPGP digital signature