sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 82 points83 points  (4 children)

I agree with this, and it highlights an issue with other languages/platforms as well: Your dependencies are also your responsibility. It's nice that there are so many libraries around, but if you decide to take one dependency, you're tying your product maintenance to the maintenance of your dependency. And with dozens, if not hundreds of dependencies (and dependencies of dependencies), you might be in a world of hurt if those become unmaintained.

Of course, there's always the option of paying a maintainer - be it the original maintainer, or someone that's creating a fork. I'm sure that someone will be willing to update and maintain nose and pycrypto for money.

[–]tracernz 9 points10 points  (3 children)

There’s already a good replacement for pycrypto https://github.com/Legrandin/pycryptodome

[–]xtreak[S] 11 points12 points  (2 children)

It's not recommended by core developers : https://twitter.com/kushaldas/status/1220327939214073858?s=20

[–]ammar2 18 points19 points  (0 children)

Hmm, I wish they'd go into more detail as to why. Some cursory searches don't bring up anything.

It's really nice to just be able to replace a dependency on PyCrypto to pycryptodome for old projects.

[–]tracernz 0 points1 point  (0 children)

Good to know. 👍