Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
python-paramiko: Add patch for ECDSA private keys.
This patch should be backwards-incompatible and is also submitted upstream as paramiko/paramiko#218. The main reason for this patch is that we need it for NixOS/nixops#124 in order to cope with NixOS/nixops@a2718b6, which makes ECDSA private key the default for new deployments. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
- Loading branch information
58fdf34
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm very much against such patches. We shouldn't allow ourselves to end up customizing NixOS for everyone on personal needs.
Major reason being that NixOS then can never expect how the package really works and we might introduce new security holes.
Nix allows anyone to customize each derivation quite easily and I think that's our major advantage.
58fdf34
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added it to the NixOps branch in the first place, but moved it to nixpkgs because I thought it was of a more generic use, especially if you're having NixOps deployments already. But you're right, this probably is only useful for people actually using ECDSA private keys, whereas in our case we currently use it for host keys by default, so going to move this back to NixOps.