Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove safety ignore rule for pyca/cryptography #3682

Closed
emkll opened this issue Aug 1, 2018 · 1 comment
Closed

Remove safety ignore rule for pyca/cryptography #3682

emkll opened this issue Aug 1, 2018 · 1 comment
Labels
security
Milestone
0.13.0

Comments

@emkll
Copy link
Contributor

emkll commented Aug 1, 2018

Description

Initially suggested by @heartsucker in #3679 (comment):
6ba90da sets a rule to ignore CVE-2018-10903.

We should remove this ignore rule as soon as possible (e.g. as soon as we update the dependency in SecureDrop). This task and discussions surrounding the rationale behind ignoring this check is detailed/tracked in #3677

User Stories

As a human, disabling and/or ignoring security warning/alerts/notifications is a bad idea.
@emkll emkll mentioned this issue Aug 1, 2018
Merged
@redshiftzero redshiftzero added this to the 0.13.0 milestone Mar 7, 2019
@redshiftzero
Copy link
Contributor

Added to SecureDrop 0.13.0 milestone as the 0.13.x release series will be the first to support Xenial-only

@heartsucker heartsucker mentioned this issue Mar 25, 2019
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
0.13.0
Development

No branches or pull requests
2 participants
@redshiftzero @emkll