So, pycrypto upstream is dead and has been for a while, we should look
at moving off of it for both bugfix and security reasons.
Currently it's used by the following.
barbican, cinder, trove, glance, heat, keystoneauth, keystonemiddleware,
kolla, openstack-ansible, and a couple of other smaller places.
Development of it was forked into pycryptodome, which is supposed to be
a drop in replacement. The problem is that due to co-installability
requirements we can't have half of packages out there using pycrypto and
the other half using pycryptodome. We'd need to hard switch everyone as
both packages install into the same namespace.
Another alternative would be to use something like cryptography instead,
though it is not a drop in replacement, the migration would be able to
be done piecemeal.
I'd be interested in hearing about migration plans, especially from the
Matthew Thode (prometheanfire)
OpenStack Development Mailing List (not for usage questions)