New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use cryptography's sign/verify methods instead of signer/verifier #979

merged 2 commits into from Sep 6, 2017


None yet
5 participants

reaperhulk commented Jun 3, 2017

cryptography is planning to deprecate signer/verifier. They will be on an extended deprecation cycle, but it'd be nice to switch paramiko away sooner rather than later.

Note that this will require the minimum version be bumped to 1.5.

refs pyca/cryptography#3659


alex approved these changes Jun 3, 2017

@bitprophet bitprophet added this to the 3.0 milestone Jun 6, 2017


This comment has been minimized.


ploxiln commented Jun 13, 2017

pynacl and bcrypt dependencies were added in paramiko-2.2.0, so it may make sense to bump the cryptography dependency min-version in a minor release like paramiko-2.3.0


This comment has been minimized.


bitprophet commented Jun 13, 2017

I'm always on the fence and very inconsistent about my feelings re: manipulating dependencies in minor versions. Most of the time the intent is to go "if someone was happy with version X of a dep, we shouldn't break that".

Adding new dependencies arguably doesn't break that promise (we're not forcing someone who is, say, somehow limited to that version X of the existing dep, to figure out how to upgrade) but of course, one can easily argue that it does (as there's no guarantee this mythical user's environment has ready access to whatever the new deps are).

Lately I suspect that dragging my feet on this sort of thing is just too conservative and I should err on the side of positive change; then at least wait for somebody to raise a major stink before I reconsider; and chances are good nobody will, because, c'mon now.

@bitprophet bitprophet modified the milestones: 2.3.0, 3.0 Jun 13, 2017


This comment has been minimized.

drrlvn commented Jul 19, 2017

Version 2.0 of cryptography was release on July 17th and signer and verifier are now deprecated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment