New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use cryptography's sign/verify methods instead of signer/verifier #979

Merged
merged 2 commits into from Sep 6, 2017

Conversation

Projects
None yet
5 participants
@reaperhulk
Contributor

reaperhulk commented Jun 3, 2017

cryptography is planning to deprecate signer/verifier. They will be on an extended deprecation cycle, but it'd be nice to switch paramiko away sooner rather than later.

Note that this will require the minimum version be bumped to 1.5.

refs pyca/cryptography#3659

@alex

alex approved these changes Jun 3, 2017

@bitprophet bitprophet added this to the 3.0 milestone Jun 6, 2017

@ploxiln

This comment has been minimized.

Contributor

ploxiln commented Jun 13, 2017

pynacl and bcrypt dependencies were added in paramiko-2.2.0, so it may make sense to bump the cryptography dependency min-version in a minor release like paramiko-2.3.0

@bitprophet

This comment has been minimized.

Member

bitprophet commented Jun 13, 2017

I'm always on the fence and very inconsistent about my feelings re: manipulating dependencies in minor versions. Most of the time the intent is to go "if someone was happy with version X of a dep, we shouldn't break that".

Adding new dependencies arguably doesn't break that promise (we're not forcing someone who is, say, somehow limited to that version X of the existing dep, to figure out how to upgrade) but of course, one can easily argue that it does (as there's no guarantee this mythical user's environment has ready access to whatever the new deps are).

Lately I suspect that dragging my feet on this sort of thing is just too conservative and I should err on the side of positive change; then at least wait for somebody to raise a major stink before I reconsider; and chances are good nobody will, because, c'mon now.

@bitprophet bitprophet modified the milestones: 2.3.0, 3.0 Jun 13, 2017

@drrlvn

This comment has been minimized.

drrlvn commented Jul 19, 2017

Version 2.0 of cryptography was release on July 17th and signer and verifier are now deprecated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment