Jeff ForcierME REMOVING EVERY MENTION OF SHA1 FROM AN OLD, SEMI COMPLEX CODEBASE: Haha fuck yeah!!! Yes!!
ME WATCHING LARGE SWATHES OF THE TEST SUITE FAIL, INCLUDING AREAS NOT DIRECTLY RELATED TO THE CHANGES: Well this fucking sucks. What the fuck.
Bad: paramiko's GSS support is all SHA1-based and there are no SHA256-based classes (though I haven't yet searched the issue tracker to see if anybody airdropped some)
Good: me not removing SHA1 from GSS won't cause any issues even if somebody were to scan our tests for SHA1 usage!
Bad: …that's because our GSS tests have been broken for a few years now, so they aren't run in CI 😞
Good: GSS has always been a minority feature (eg it's not part of the default pip install) so I don't feel TOO bad about letting it moulder as very few users rely/ied upon it. Just…kinda bad…
Remove old, busted, rarely used, now-insecure feature. Feelsgoodman.jpeg.
Once again, random unrelated tests fail.
Why? Classic "falsely passing test" reason: an "if not <now-nuked feature is in play>: <do things>" block had been silently skipped over due to unittest.mock.Mock objects being truthy by default.
So some additional mocking required for these tests to truly work got deferred until just now 🫠
One guess as to who the culprit (of writing the tests and apparently not doing enough 'make it fail first' due diligence) is…
Random Geek@bitprophet I'm gonna go with Eddie.
@randomgeek it’s always Eddie!
George Hickman@bitprophet mocks, not even once*!
@ghickman I did in fact end up simply removing the mocks! 🎉
Granted, I got lucky that they were not truly necessary, this codebase is not what you would call "designed to be tested"...