Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use cryptography's sign/verify methods instead of signer/verifier #979

Merged
merged 2 commits into from Sep 6, 2017

Conversation

@reaperhulk
Copy link
Contributor

@reaperhulk reaperhulk commented Jun 3, 2017

cryptography is planning to deprecate signer/verifier. They will be on an extended deprecation cycle, but it'd be nice to switch paramiko away sooner rather than later.

Note that this will require the minimum version be bumped to 1.5.

refs pyca/cryptography#3659

@alex
alex approved these changes Jun 3, 2017
@reaperhulk reaperhulk force-pushed the reaperhulk:one-shot-methods branch from 58abc97 to fdc09c9 Jun 6, 2017
@bitprophet bitprophet added this to the 3.0 milestone Jun 6, 2017
@ploxiln
Copy link
Contributor

@ploxiln ploxiln commented Jun 13, 2017

pynacl and bcrypt dependencies were added in paramiko-2.2.0, so it may make sense to bump the cryptography dependency min-version in a minor release like paramiko-2.3.0

@bitprophet
Copy link
Member

@bitprophet bitprophet commented Jun 13, 2017

I'm always on the fence and very inconsistent about my feelings re: manipulating dependencies in minor versions. Most of the time the intent is to go "if someone was happy with version X of a dep, we shouldn't break that".

Adding new dependencies arguably doesn't break that promise (we're not forcing someone who is, say, somehow limited to that version X of the existing dep, to figure out how to upgrade) but of course, one can easily argue that it does (as there's no guarantee this mythical user's environment has ready access to whatever the new deps are).

Lately I suspect that dragging my feet on this sort of thing is just too conservative and I should err on the side of positive change; then at least wait for somebody to raise a major stink before I reconsider; and chances are good nobody will, because, c'mon now.

@drrlvn
Copy link

@drrlvn drrlvn commented Jul 19, 2017

Version 2.0 of cryptography was release on July 17th and signer and verifier are now deprecated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants