Explain the story about cryptography version requirements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 7990a3296df24a1f7bb8875005d78495c7e0076c [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Tue Aug 22 17:27:00 2023 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu Aug 31 09:30:56 2023 +0200
tree: 49e055b88dd67b47811e25e8e5075153a93ad862
parent: dc23236f0a9c9ad4a0be35a4d03af92801839404 [diff] [blame]
diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt
index ac9c25a..7dbcfe8 100644
--- a/scripts/ci.requirements.txt
+++ b/scripts/ci.requirements.txt

@@ -11,7 +11,10 @@
 # See https://github.com/Mbed-TLS/mbedtls/pull/3953 .
 mypy >= 0.780
 
-# Install cryptography to avoid import-error reported by pylint.
-# What we really need is cryptography >= 35.0.0, which is only
-# available for Python >= 3.6.
+# At the time of writing, only needed for tests/scripts/audit-validity-dates.py.
+# It needs >=35.0.0 for correct operation, and that requires Python >=3.6,
+# but our CI has Python 3.5. So let pip install the newest version that's
+# compatible with the running Python: this way we get something good enough
+# for mypy and pylint under Python 3.5, and we also get something good enough
+# to run audit-validity-dates.py on Python >=3.6.
 cryptography # >= 35.0.0
commit	7990a3296df24a1f7bb8875005d78495c7e0076c	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Aug 22 17:27:00 2023 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Aug 31 09:30:56 2023 +0200
tree	49e055b88dd67b47811e25e8e5075153a93ad862
parent	dc23236f0a9c9ad4a0be35a4d03af92801839404 [diff] [blame]