For some time now, plans to switch Paramiko’s crypto backend from PyCrypto to PyCA’s Cryptography have been in motion. (Sometimes, slow-motion. Sorry.) These efforts are drawing to a close, and because they represent a nontrivial change in install dependencies – even though there aren’t any public API changes – we’re going to call the result Paramiko 2.0.
Why the switch?
There’s a few great reasons for this move:
- For starters, everything listed by Alex Gaynor in the description of #394. Cleaner, better performance, no requirement for C toolchain on some platforms, PyPy, etc. These alone are reason enough.
- In addition, maintenance slowdown at PyCrypto is starting to introduce active, exploitable security issues and the situation doesn’t appear slated to improve.
No public API changes, really?
Yes, but. Chances are good we’ll put out a 3.x line in the near future with those in tow; see the 3.0 milestone for an idea of what this entails. Even in this case, most users aren’t likely to experience breakage – only those relying on fixed corner-case behaviors or rarely-used API calls.
General upgrade notes
Cryptography is available in static binary wheels if you’re on Windows or Mac and have pip 8+. Otherwise, you just need to add OpenSSL and libffi development headers to your existing C build toolchain and Python development headers.
Details can be found on Cryptography’s install docs and the Paramiko install docs will reflect this too, once 2.0 is released.
We released 1.10.3 and 1.11.x in the last few months, both of which changed
setup.py to depend on
paramiko<2, to avoid nasty surprises on
fresh installs or upgrades. Please upgrade to these if possible!
For those who want to get on Paramiko 2.0 with Fabric 1.x, we may revert that
version restriction in Fabric 1.12 or 1.13, or otherwise investigate
parameterized installation methods. (Unfortunately, setuptools’
functionality doesn’t appear to enable this sort of thing, so
fabric[newer-paramiko] seems out of the question.)
Fabric 2.x will almost definitely require Paramiko 2.x (or 3.x) and up. Stay tuned.