feat(security): add tink package to pypi#1473
Conversation
asottile-sentry
left a comment
There was a problem hiding this comment.
as before, I really don't want us to use tink it is a huge maintenance liability and is significantly different from how most of the python community does things. #1375 (comment)
for example it alone would have delayed our python 3.13 upgrade by six months
I agree with you, but The other option would be to use custom library/wrapper around Fernet (written by us), which is less secure than We can even delay GA of this, until we have a functioning version without |
|
I'd rather we never introduce it at all. once it's available it's going to be nearly impossible to prevent / rip out. |
|
Understandable, closing this then. We can start the work with other libraries, and switch to a newer version of |
Adds
tinkpackage that will be used in a first iteration of EncryptedField in SentryCloses TET-582: Add tink package to sentry pypi