Resolve the Component Governance issue in the dotnet-helix-machines repository
See original GitHub issue- This issue is blocking
- This issue is causing unreasonable pain
The issue is blocking: https://github.com/dotnet/arcade/issues/13166 and any PR to the dotnet-helix-machines repository.
Component Governance Component Detection: https://dev.azure.com/dnceng/internal/_build/results?buildId=2160248&view=logs&j=3dc8fd7e-4368-5a92-293e-d53cefc8c4b3&t=833edf1b-3669-5dbb-11e6-ee7d22230825&l=1967
Release Note Category
- Feature changes/additions
- Bug fixes
- Internal Infrastructure Improvements
Release Note Description
Increased the installed Python cryptography
and pyopenssl
versions on most build and test agents to 41.0.1
and 23.2.0
, respectively. Due to restrictions in our infrastructure, this change will be reflected on https://helix.dot.net as >=39.0.1
and >=23.0.0
rather than the exact versions installed.
The cryptography
and pyopensll
versions on all SLES 12 and Ubuntu 16.04 are significantly older due to platform issues we have not yet resolved. See dotnet/dnceng#293 and dotnet/dnceng#294 for details.
Issue Analytics
- State:
- Created 5 months ago
- Comments:29 (29 by maintainers)
After much experimentations and unblocking many problems (e.g., w/
FORCE_QUEUE
s), this is finally waiting for rollout. dotnet/dnceng#293 and dotnet/dnceng#294 track work on the couple of images that still have an oldcryptography
version.Initially we could:
cryptography
on the affected machine - as for reasons mentioned here I would argue that this option is too costly. From comments in this issue + internal comms it seems @dougbu is doing some additional work in this path and can verify / argue against this conclusioncryptography
and we might need to silence it as wellAs such from my perspective it looks like seeking an exception for the alert is the way to go.