bbangert
Pycrypto made to be hard dependency
As it stands if you install beaker, but don't install pycrypto you'll run into InvalidCryptoBackendError errors when using CookieSession.
This is annoying from a system administration point of view, as you'll look at your codebase, not see any reference to pycrypto and then remove it thinking it's unused, only to be surprised when Beaker blows up.
Why not just make pycrypto a hard dependency?
@schlenk can you confirm that this is solved too by https://github.com/bbangert/beaker/pull/121 through the introduction of the beaker.crypto.noencryption backend?
@amol No, it does not, as beaker.crypto.noencryption sets have_aes=False and the check in session.py checks for self.encrypt_key and have_aes, so the exception will still be raised in the same situation.
And it is probably better that way, otherwise you suddenly have no encryption at all.
Pycrypto isn't a hard dependency. If you set self.encrypt_key = None, no crypto backend is needed. And you could also have pycryptopp or python-nss or cryptography instead to satisfiy the requirements.
But with #121 a sysadmin can explicitly configure the 'pycrypto' backend, to have a reference in his own codebase that is easier to grep.
By my understanding @pzelnip is pointing out that he is not the one who wrote the app and configured encrypt_key, he is just installing it and got nowhere mentioned that beaker needed pycrypto.
This should just get addressed by the app that should depend on a specific extra require version of beaker, not just "beaker".
But I thought that maybe noencryption backend was meant for that. Thanks for clarifying that.